Samba3 to Samba4 migration issues

Tue Nov 6 01:51:21 MST 2012

Hello guys,
For some time the long waited release candidates are online and I just
decided to migrate a samba3 ad to a fully functional samba4 RC4.
The setup:
Centos 6.3 64bit
Intel server
Ldap database of samba3 is on another machine.

I copied the tdb files and the smb.conf as instructed in the HOWTO , setup
nsswitch to get users from ldap and getent passwd works ok.
I arrived at the step where I do the samba-tool classicupgrade and surprise:
the all users seem to be read and validated ok but when it gets to reading
the machine accounts it fails with:

[root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
--dbdir=/samba/s3/private/ --use-xattrs=yes
--realm=aviamotor.ro/samba/s3/private/smb.conf
Reading smb.conf
doing parameter time server = Yes
doing parameter load printers = yes
doing parameter printing = cups
WARNING: Ignoring invalid value 'cups' for parameter 'printing'
doing parameter printcap name = cups
doing parameter logon script = scripts\%U.bat
doing parameter domain logons = Yes
doing parameter os level = 98
doing parameter preferred master = Yes
doing parameter domain master = Yes
doing parameter wins support = Yes
doing parameter remote announce = 10.124.112.8
doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
doing parameter ldap group suffix = ou=Groups
doing parameter ldap idmap suffix = ou=Users
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap passwd sync = Yes
doing parameter ldap suffix = dc=aviamotors,dc=ro
doing parameter ldap user suffix = ou=Users
doing parameter lanman auth = Yes
doing parameter lm announce = no
doing parameter min protocol = NT1
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:failure = connect
doing parameter full_audit:success = connect disconnect mkdir rmdir open
close read pread write pwrite sendfile rename unlink chmod fchmod chown
fchown chdir ftruncate lock symlink readlink link mknod realpath
doing parameter full_audit:facility = local7
doing parameter full_audit:priority = notice
doing parameter dos filemode = yes
Processing section "[profile]"
doing parameter path = /tmp
Processing section "[netlogon]"
doing parameter path = /var/lib/samba/netlogon
doing parameter read only = No
Processing section "[groups]"
doing parameter comment = All groups
doing parameter path = /home1/groups
doing parameter invalid users = elsa
doing parameter read only = No
doing parameter dos filemode = Yes
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter directory security mask = 0700
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Processing section "[conta]"
doing parameter comment = Contabilitate
doing parameter path = /home1/conta
doing parameter read only = No
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter directory security mask = 0700
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
doing parameter veto files = /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
doing parameter hide files = /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
doing parameter vfs objects = full_audit
Processing section "[marketing]"
doing parameter path = /home1/marketing
doing parameter read only = No
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter directory security mask = 0700
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
doing parameter vfs objects = full_audit
Processing section "[ru]"
doing parameter comment = ru
doing parameter path = /home1/ru
doing parameter read only = No
doing parameter create mask = 0770
doing parameter directory mask = 0770
doing parameter directory security mask = 0770
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
doing parameter vfs objects = full_audit
Processing section "[p1]"
doing parameter comment = Users Profile
doing parameter writeable = yes
doing parameter path = /home2
doing parameter create mask = 0600
doing parameter directory mask = 0700
doing parameter profile acls = yes
doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
Processing section "[aaa]"
doing parameter writeable = no
doing parameter path = /home2/aaa
doing parameter create mask = 0600
doing parameter comment = sql
doing parameter directory mask = 0700
Processing section "[printers]"
doing parameter comment = All Printers
doing parameter path = /var/spool/samba/
doing parameter guest ok = Yes
doing parameter printable = Yes
doing parameter browseable = No
doing parameter public = yes
Processing section "[print$]"
doing parameter path = /var/lib/samba/printing
doing parameter write list = "@Domain Admins", root
doing parameter read only = yes
doing parameter browseable = yes
doing parameter guest ok = Yes
Processing section "[kituri]"
doing parameter path = /home/kituri
doing parameter write list = "@Domain Admins"
Processing section "[update]"
doing parameter path = /home/update
doing parameter write list = "@Domain Admins"
Processing section "[toatalumea]"
doing parameter path = /home1/groups/toatalumea
doing parameter read only = No
doing parameter write list = "Users"
doing parameter create mask = 0777
doing parameter directory mask = 0777
doing parameter vfs objects = full_audit
pm_process() returned Yes
Provisioning
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
Exporting account policy
Exporting groups
ldapsam_setsamgrent: 21 entries in the base!
init_group_from_ldap: Entry found for group: 548
init_group_from_ldap: Entry found for group: 544
init_group_from_ldap: Entry found for group: 551
init_group_from_ldap: Entry found for group: 503
init_group_from_ldap: Entry found for group: 509
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 515
init_group_from_ldap: Entry found for group: 514
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 1001
init_group_from_ldap: Entry found for group: 517
init_group_from_ldap: Entry found for group: 507
init_group_from_ldap: Entry found for group: 508
init_group_from_ldap: Entry found for group: 550
init_group_from_ldap: Entry found for group: 552
init_group_from_ldap: Entry found for group: 1011
init_group_from_ldap: Entry found for group: 504
init_group_from_ldap: Entry found for group: 524
init_group_from_ldap: Entry found for group: 500
init_group_from_ldap: Entry found for group: 510
init_group_from_ldap: Entry found for group: 580
ldapsam_enum_aliasmem: Did not find alias
Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found:
Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
ldapsam_enum_aliasmem: Did not find alias
Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
ldapsam_enum_aliasmem: Did not find alias
Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found:
Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
ldapsam_enum_aliasmem: Did not find alias
Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
ldapsam_enum_aliasmem: Did not find alias
Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable
to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Exporting users
smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024]
smbldap_search_paged: search was successful
init_sam_from_ldap: Entry found for user: nobody
Home server: LINUXRETEA
Home server: LINUXRETEA
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
The LDAP server is successfully connected
  Skipping wellknown rid=500 (for username=root)
init_sam_from_ldap: Entry found for user: catalin
Home server: LINUXRETEA
init_sam_from_ldap: Entry found for user: parlitu
init_sam_from_ldap: Entry found for user: valig
init_sam_from_ldap: Entry found for user: ion
init_sam_from_ldap: Entry found for user: pascu
init_sam_from_ldap: Entry found for user: paraschiv
init_sam_from_ldap: Entry found for user: ddaniel
init_sam_from_ldap: Entry found for user: H9101201$
Home server: LINUXRETEA
Home server: LINUXRETEA
init_sam_from_ldap: Failed to find Unix account for H9101201$
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
information for 'H9101201$', (-1073741724,No such user)
  File "/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File "/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 694,
in upgrade_from_samba3
    user = s3db.getsampwnam(username)

the ldif snipped for a machine account is:

dn: uid=H9101200,ou=Computers,dc=aviamotors,dc=ro
displayName: Machine
objectClass: sambaSamAccount
objectClass: account
sambaAcctFlags: [W ]
sambaSID: S-1-5-21-3911796660-3176143098-666610135-9999
uid: H9101200
sambaNTPassword: ****************************
sambaPwdLastSet: 1257150878

What am I missing here?

-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675