errors/issues when trying to migrate

Andrew Bartlett abartlet at samba.org
Tue May 29 18:06:46 MDT 2012 

On Tue, 2012-05-29 at 10:56 -0400, Charles Tryon wrote:
> 
> 
> On Sat, May 26, 2012 at 1:41 AM, Andrew Bartlett <abartlet at samba.org>
> wrote:
>         On Fri, 2012-05-25 at 16:43 +0200, Marc Muehlfeld wrote:
>         > Hi,
>         >
>         > I'm playing in my test environment with a migration from s3
>         to the latest git
>         > version. My s3 is in LDAP and I followed the HowTo.
>         >
>         > But I'm having the following issues/errors when running
>         > # /usr/local/samba/bin/samba-tool domain samba3upgrade
>         > --dbdir=/usr/var/locks3/ --use-xattrs=yes
>         --realm=MUC.medizinische-genetik.de
>         > /etc/samba/smb3.conf
>         >
>         >
>         >
>         >
>         > 1.) tdb(/usr/var/locks3/gencache.tdb):Corrupt database:
>         Record offset 696 has
>         > incorrect hash
>         > gencache_init: tdb_check(/usr/var/locks3/gencache.tdb)
>         failed - retry after
>         > truncate
>         >
>         > It's nothing serious. The script just continues.
>         
>         
>         Indeed, gencache is only a cache, and therefore not required
>         for
>         migration.
>         
>         > 2.) Exporting groups
>         > Ignoring group 'Print Operators' S-1-5-32-550 listed but
>         then not found:
>         > Unable to enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Backup Operators' S-1-5-32-551 listed but
>         then not found:
>         > Unable to enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Replicator' S-1-5-32-552 listed but then not
>         found: Unable to
>         > enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Administrators' S-1-5-32-544 listed but then
>         not found: Unable
>         > to enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring 'well known' group 'Guests' (should already be in
>         AD, and have no
>         > members)
>         > Ignoring group 'Account Operators' S-1-5-32-548 listed but
>         then not found:
>         > Unable to enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Server Operators' S-1-5-32-549 listed but
>         then not found:
>         > Unable to enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Power Users' S-1-5-32-547 listed but then
>         not found: Unable to
>         > enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         > Ignoring group 'Users' S-1-5-32-545 listed but then not
>         found: Unable to
>         > enumerate members for alias,
>         (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
>         >
>         > The script continues, but this groups are all ignored. Any
>         idea why?
>         
>         
>         A number of Samba3 databases appear to have aliases templates
>         for these
>         well known groups, but if they are not mapped to system
>         groups, then
>         this will happen.  That's why we ignore the error, because
>         clearly there
>         are no users in these groups.
>         
>         > 3.) Importing WINS database
>         > ERROR(<type 'exceptions.ValueError'>): uncaught exception -
>         invalid literal
>         > for int() with base 16: ''
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>         > line 160, in _run
>         >      return self.run(*args, **kwargs)
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
>         > 926, in run
>         >      useeadb=eadb)
>         >    File
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
>         > line 683, in upgrade_from_samba3
>         >      samba3_winsdb = samba3.get_wins_db()
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
>         > line 399, in get_wins_db
>         >      return WinsDatabase(self.statedir_path("wins.dat"))
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
>         > line 333, in __init__
>         >      nb_flags = int(entries[i][:-1], 16)
>         >
>         > Here the script crashes and stops. The only way to continue,
>         is to delete
>         > wins.dat. Maybe the script can continue, if the WINS import
>         failes.
>         
>         
>         I need a sample of the failed wins.dat, so we can fix the
>         parsing
>         script.
>         
>         > 4.) Adding users to groups
>         > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
>         exception -
>         > ProvisioningError: Could not add member
>         > 'S-1-5-21-1362721961-1801182073-732966438-2996' to group
>         > 'S-1-5-21-1362721961-1801182073-732966438-512' as either
>         group or user record
>         > doesn't exist: Unable to find GUID for DN
>         >
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>         > line 160, in _run
>         >      return self.run(*args, **kwargs)
>         >    File
>         >
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
>         > 926, in run
>         >      useeadb=eadb)
>         >    File
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
>         > line 728, in upgrade_from_samba3
>         >      add_users_to_group(result.samdb, g,
>         groupmembers[str(g.sid)], logger)
>         >    File
>         "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
>         > line 242, in add_users_to_group
>         >      raise ProvisioningError("Could not add member '%s' to
>         group '%s' as
>         > either group or user record doesn't exist: %s" %
>         (member_sid, group.sid, emsg))
>         >
>         > Here the script crash and stop again.
>         > S-1-5-21-1362721961-1801182073-732966438-2996 in LDAP =
>         Administrator
>         > S-1-5-21-1362721961-1801182073-732966438-512 in LDAP = Group
>         "Domain Admins"
>         >
>         > If I delete the user Administator from LDAP, the script run
>         up to the end.
>         
>         
>         The issue would be that Administrator should have a SID ending
>         in -500.
>         We already skip accounts "root" and "administrator" and map
>         the password
>         on to the Administrator account we build at provision time.
>          This does
>         however mean that we break when trying to import the incorrect
>         administrator as a group member.
> 
> 
> 
> 
> Urk...  This could explain some long term problems we've been having
> with our old S3 (3.0.9) system.  :-P  Another problem I'm seeing in
> our database is a "nobody" user with a SID ending in *-501.  Our
> database has had a long and tortuous journey over the years, and I'm
> not surprised to find various accumulated crud in there.  I'm hoping
> that our S4 migration manages to filter out some of that garbage...

Nobody being -501 is correct - it is the guest account, just as
root/administrator ideally should be -500.

Inspired by this thread, I'll see if I can improve the handling here, to
assert on a few more of these things.

Andrew Bartlett


-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list