domain samba3upgrade fails

Andrew Bartlett abartlet at samba.org
Sat Mar 24 20:36:14 MDT 2012


On Sat, 2012-03-24 at 17:30 -0400, Greg Dickie wrote:
> Hi,
> 
>   I'm trying to upgrade an LDAP backed samba3 domain to samba4 using the
> samba-tool domain samba3upgrade procedure. It seems to go quite well
> until it starts to import users. At that point I get this:
> 
> Group already exists sid=S-1-5-21-743015788-4153008934-1122164905-514,
> groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> Importing users
> Failed to modify account record CN=auser,CN=Users,DC=domain,DC=local to
> set user attributes: Unsupported critical extension
> 1.3.6.1.4.1.7165.4.3.20
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam
> account 'auser', (-1073741637,NT_STATUS_NOT_SUPPORTED)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 160, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line 923, in run
>     useeadb=eadb)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", line
> 691, in upgrade_from_samba3
>     s4_passdb.add_sam_account(userdata[username])
> 
> 
> 
> This seems to be an error returned from the builtin LDAP server? Any
> idea what the problem could be?

The OID DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
"1.3.6.1.4.1.7165.4.3.20" in this case is to indicate to the lower
layers that the pwdLastSet value should be migrated (rather than reset
to now).  Clearly that isn't being handled properly in the password_hash
module, I'll dig into this and fix it up in the next few days. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list