domain samba3upgrade fails

Greg Dickie greg at justaguy.ca
Sat Mar 24 20:53:29 MDT 2012


Hi Andrew,

   I actually commented out the line that sets that flag just to see how
far it gets without it (I don't think I really care about that field).
It gets further but then starts complaining about duplicate users which
do not seem to be duplicate in LDAP as far as I can tell (already
checked for duplicate SIDS). I think there are certain assumptions about
the LDAP that we aren't meeting. I'll trace through it and see if I can
massage it through.

Thanks alot,
Greg


On Sun, 2012-03-25 at 13:36 +1100, Andrew Bartlett wrote:
> On Sat, 2012-03-24 at 17:30 -0400, Greg Dickie wrote:
> > Hi,
> > 
> >   I'm trying to upgrade an LDAP backed samba3 domain to samba4 using the
> > samba-tool domain samba3upgrade procedure. It seems to go quite well
> > until it starts to import users. At that point I get this:
> > 
> > Group already exists sid=S-1-5-21-743015788-4153008934-1122164905-514,
> > groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> > Importing users
> > Failed to modify account record CN=auser,CN=Users,DC=domain,DC=local to
> > set user attributes: Unsupported critical extension
> > 1.3.6.1.4.1.7165.4.3.20
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam
> > account 'auser', (-1073741637,NT_STATUS_NOT_SUPPORTED)
> >   File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 160, in _run
> >     return self.run(*args, **kwargs)
> >   File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> > line 923, in run
> >     useeadb=eadb)
> >   File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", line
> > 691, in upgrade_from_samba3
> >     s4_passdb.add_sam_account(userdata[username])
> > 
> > 
> > 
> > This seems to be an error returned from the builtin LDAP server? Any
> > idea what the problem could be?
> 
> The OID DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID
> "1.3.6.1.4.1.7165.4.3.20" in this case is to indicate to the lower
> layers that the pwdLastSet value should be migrated (rather than reset
> to now).  Clearly that isn't being handled properly in the password_hash
> module, I'll dig into this and fix it up in the next few days. 
> 
> Andrew Bartlett
> 

-- 
Greg Dickie
just a guy
514-983-5400



More information about the samba-technical mailing list