errors/issues when trying to migrate

Andrew Bartlett abartlet at samba.org
Fri May 25 23:41:45 MDT 2012


On Fri, 2012-05-25 at 16:43 +0200, Marc Muehlfeld wrote:
> Hi,
> 
> I'm playing in my test environment with a migration from s3 to the latest git 
> version. My s3 is in LDAP and I followed the HowTo.
> 
> But I'm having the following issues/errors when running
> # /usr/local/samba/bin/samba-tool domain samba3upgrade 
> --dbdir=/usr/var/locks3/ --use-xattrs=yes --realm=MUC.medizinische-genetik.de 
> /etc/samba/smb3.conf
> 
> 
> 
> 
> 1.) tdb(/usr/var/locks3/gencache.tdb):Corrupt database: Record offset 696 has 
> incorrect hash
> gencache_init: tdb_check(/usr/var/locks3/gencache.tdb) failed - retry after 
> truncate
> 
> It's nothing serious. The script just continues.

Indeed, gencache is only a cache, and therefore not required for
migration. 

> 2.) Exporting groups
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Replicator' S-1-5-32-552 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable 
> to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring 'well known' group 'Guests' (should already be in AD, and have no 
> members)
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Server Operators' S-1-5-32-549 listed but then not found: 
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Power Users' S-1-5-32-547 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Ignoring group 'Users' S-1-5-32-545 listed but then not found: Unable to 
> enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> 
> The script continues, but this groups are all ignored. Any idea why?

A number of Samba3 databases appear to have aliases templates for these
well known groups, but if they are not mapped to system groups, then
this will happen.  That's why we ignore the error, because clearly there
are no users in these groups. 

> 3.) Importing WINS database
> ERROR(<type 'exceptions.ValueError'>): uncaught exception - invalid literal 
> for int() with base 16: ''
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 160, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 
> 926, in run
>      useeadb=eadb)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", 
> line 683, in upgrade_from_samba3
>      samba3_winsdb = samba3.get_wins_db()
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py", 
> line 399, in get_wins_db
>      return WinsDatabase(self.statedir_path("wins.dat"))
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py", 
> line 333, in __init__
>      nb_flags = int(entries[i][:-1], 16)
> 
> Here the script crashes and stops. The only way to continue, is to delete 
> wins.dat. Maybe the script can continue, if the WINS import failes.

I need a sample of the failed wins.dat, so we can fix the parsing
script. 

> 4.) Adding users to groups
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - 
> ProvisioningError: Could not add member 
> 'S-1-5-21-1362721961-1801182073-732966438-2996' to group 
> 'S-1-5-21-1362721961-1801182073-732966438-512' as either group or user record 
> doesn't exist: Unable to find GUID for DN
> 
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 160, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 
> 926, in run
>      useeadb=eadb)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", 
> line 728, in upgrade_from_samba3
>      add_users_to_group(result.samdb, g, groupmembers[str(g.sid)], logger)
>    File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", 
> line 242, in add_users_to_group
>      raise ProvisioningError("Could not add member '%s' to group '%s' as 
> either group or user record doesn't exist: %s" % (member_sid, group.sid, emsg))
> 
> Here the script crash and stop again.
> S-1-5-21-1362721961-1801182073-732966438-2996 in LDAP = Administrator
> S-1-5-21-1362721961-1801182073-732966438-512 in LDAP = Group "Domain Admins"
> 
> If I delete the user Administator from LDAP, the script run up to the end.

The issue would be that Administrator should have a SID ending in -500.
We already skip accounts "root" and "administrator" and map the password
on to the Administrator account we build at provision time.  This does
however mean that we break when trying to import the incorrect
administrator as a group member.

In this case, I think we need to both more clearly detect this, and ask
you to fix your database prior to importation. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba-technical mailing list