domain samba3upgrade fails

Andrew Bartlett abartlet at
Sat Mar 24 20:36:14 MDT 2012

On Sat, 2012-03-24 at 17:30 -0400, Greg Dickie wrote:
> Hi,
>   I'm trying to upgrade an LDAP backed samba3 domain to samba4 using the
> samba-tool domain samba3upgrade procedure. It seems to go quite well
> until it starts to import users. At that point I get this:
> Group already exists sid=S-1-5-21-743015788-4153008934-1122164905-514,
> groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> Importing users
> Failed to modify account record CN=auser,CN=Users,DC=domain,DC=local to
> set user attributes: Unsupported critical extension
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam
> account 'auser', (-1073741637,NT_STATUS_NOT_SUPPORTED)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/", line 160, in _run
>     return*args, **kwargs)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/",
> line 923, in run
>     useeadb=eadb)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/", line
> 691, in upgrade_from_samba3
>     s4_passdb.add_sam_account(userdata[username])
> This seems to be an error returned from the builtin LDAP server? Any
> idea what the problem could be?

"" in this case is to indicate to the lower
layers that the pwdLastSet value should be migrated (rather than reset
to now).  Clearly that isn't being handled properly in the password_hash
module, I'll dig into this and fix it up in the next few days. 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list