Samba3 to Samba4 migration issues

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Tue Nov 6 02:11:06 MST 2012 

The machine account is with a trailling $ so the correct snippet is:

dn: uid=H9101200$,ou=Computers,dc=aviamotors,dc=ro
displayName: Machine
objectClass: sambaSamAccount
objectClass: account
sambaAcctFlags: [W ]
sambaSID: S-1-5-21-3911796660-3176143098-666610135-9999
uid: H9101200$
sambaNTPassword: ****************************
sambaPwdLastSet: 1257150878

On Tue, Nov 6, 2012 at 10:51 AM, Chirana Gheorghita Eugeniu Theodor <
office at adaptcom.ro> wrote:

> Hello guys,
> For some time the long waited release candidates are online and I just
> decided to migrate a samba3 ad to a fully functional samba4 RC4.
> The setup:
> Centos 6.3 64bit
> Intel server
> Ldap database of samba3 is on another machine.
>
> I copied the tdb files and the smb.conf as instructed in the HOWTO , setup
> nsswitch to get users from ldap and getent passwd works ok.
> I arrived at the step where I do the samba-tool classicupgrade and
> surprise:
> the all users seem to be read and validated ok but when it gets to reading
> the machine accounts it fails with:
>
> [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
> --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=aviamotor.ro/samba/s3/private/smb.conf
> Reading smb.conf
> doing parameter time server = Yes
> doing parameter load printers = yes
> doing parameter printing = cups
> WARNING: Ignoring invalid value 'cups' for parameter 'printing'
> doing parameter printcap name = cups
> doing parameter logon script = scripts\%U.bat
> doing parameter domain logons = Yes
> doing parameter os level = 98
> doing parameter preferred master = Yes
> doing parameter domain master = Yes
> doing parameter wins support = Yes
> doing parameter remote announce = 10.124.112.8
> doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
> doing parameter ldap group suffix = ou=Groups
> doing parameter ldap idmap suffix = ou=Users
> doing parameter ldap machine suffix = ou=Computers
> doing parameter ldap passwd sync = Yes
> doing parameter ldap suffix = dc=aviamotors,dc=ro
> doing parameter ldap user suffix = ou=Users
> doing parameter lanman auth = Yes
> doing parameter lm announce = no
> doing parameter min protocol = NT1
> doing parameter full_audit:prefix = %u|%I|%m|%S
> doing parameter full_audit:failure = connect
> doing parameter full_audit:success = connect disconnect mkdir rmdir open
> close read pread write pwrite sendfile rename unlink chmod fchmod chown
> fchown chdir ftruncate lock symlink readlink link mknod realpath
> doing parameter full_audit:facility = local7
> doing parameter full_audit:priority = notice
> doing parameter dos filemode = yes
> Processing section "[profile]"
> doing parameter path = /tmp
> Processing section "[netlogon]"
> doing parameter path = /var/lib/samba/netlogon
> doing parameter read only = No
> Processing section "[groups]"
> doing parameter comment = All groups
> doing parameter path = /home1/groups
> doing parameter invalid users = elsa
> doing parameter read only = No
> doing parameter dos filemode = Yes
> doing parameter create mask = 0770
> doing parameter directory mask = 0770
> doing parameter directory security mask = 0700
> Unknown parameter encountered: "directory security mask"
> Ignoring unknown parameter "directory security mask"
> Processing section "[conta]"
> doing parameter comment = Contabilitate
> doing parameter path = /home1/conta
> doing parameter read only = No
> doing parameter create mask = 0770
> doing parameter directory mask = 0770
> doing parameter directory security mask = 0700
> Unknown parameter encountered: "directory security mask"
> Ignoring unknown parameter "directory security mask"
> doing parameter veto files = /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
> doing parameter hide files = /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
> doing parameter vfs objects = full_audit
> Processing section "[marketing]"
> doing parameter path = /home1/marketing
> doing parameter read only = No
> doing parameter create mask = 0770
> doing parameter directory mask = 0770
> doing parameter directory security mask = 0700
> Unknown parameter encountered: "directory security mask"
> Ignoring unknown parameter "directory security mask"
> doing parameter vfs objects = full_audit
> Processing section "[ru]"
> doing parameter comment = ru
> doing parameter path = /home1/ru
> doing parameter read only = No
> doing parameter create mask = 0770
> doing parameter directory mask = 0770
> doing parameter directory security mask = 0770
> Unknown parameter encountered: "directory security mask"
> Ignoring unknown parameter "directory security mask"
> doing parameter vfs objects = full_audit
> Processing section "[p1]"
> doing parameter comment = Users Profile
> doing parameter writeable = yes
> doing parameter path = /home2
> doing parameter create mask = 0600
> doing parameter directory mask = 0700
> doing parameter profile acls = yes
> doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
> Processing section "[aaa]"
> doing parameter writeable = no
> doing parameter path = /home2/aaa
> doing parameter create mask = 0600
> doing parameter comment = sql
> doing parameter directory mask = 0700
> Processing section "[printers]"
> doing parameter comment = All Printers
> doing parameter path = /var/spool/samba/
> doing parameter guest ok = Yes
> doing parameter printable = Yes
> doing parameter browseable = No
> doing parameter public = yes
> Processing section "[print$]"
> doing parameter path = /var/lib/samba/printing
> doing parameter write list = "@Domain Admins", root
> doing parameter read only = yes
> doing parameter browseable = yes
> doing parameter guest ok = Yes
> Processing section "[kituri]"
> doing parameter path = /home/kituri
> doing parameter write list = "@Domain Admins"
> Processing section "[update]"
> doing parameter path = /home/update
> doing parameter write list = "@Domain Admins"
> Processing section "[toatalumea]"
> doing parameter path = /home1/groups/toatalumea
> doing parameter read only = No
> doing parameter write list = "Users"
> doing parameter create mask = 0777
> doing parameter directory mask = 0777
> doing parameter vfs objects = full_audit
> pm_process() returned Yes
> Provisioning
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
> smbldap_open_connection: connection opened
> ldap_connect_system: successful connection to the LDAP server
> The LDAP server is successfully connected
> ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
> Exporting account policy
> Exporting groups
> ldapsam_setsamgrent: 21 entries in the base!
> init_group_from_ldap: Entry found for group: 548
> init_group_from_ldap: Entry found for group: 544
> init_group_from_ldap: Entry found for group: 551
> init_group_from_ldap: Entry found for group: 503
> init_group_from_ldap: Entry found for group: 509
> init_group_from_ldap: Entry found for group: 512
> init_group_from_ldap: Entry found for group: 515
> init_group_from_ldap: Entry found for group: 514
> init_group_from_ldap: Entry found for group: 513
> init_group_from_ldap: Entry found for group: 1001
> init_group_from_ldap: Entry found for group: 517
> init_group_from_ldap: Entry found for group: 507
> init_group_from_ldap: Entry found for group: 508
> init_group_from_ldap: Entry found for group: 550
> init_group_from_ldap: Entry found for group: 552
> init_group_from_ldap: Entry found for group: 1011
> init_group_from_ldap: Entry found for group: 504
> init_group_from_ldap: Entry found for group: 524
> init_group_from_ldap: Entry found for group: 500
> init_group_from_ldap: Entry found for group: 510
> init_group_from_ldap: Entry found for group: 580
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found:
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found:
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found:
> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> Exporting users
> smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
> [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024]
> smbldap_search_paged: search was successful
> init_sam_from_ldap: Entry found for user: nobody
> Home server: LINUXRETEA
> Home server: LINUXRETEA
> smbldap_search_domain_info: Searching
> for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
> smbldap_open_connection: connection opened
> ldap_connect_system: successful connection to the LDAP server
> The LDAP server is successfully connected
>   Skipping wellknown rid=500 (for username=root)
> init_sam_from_ldap: Entry found for user: catalin
> Home server: LINUXRETEA
> init_sam_from_ldap: Entry found for user: parlitu
> init_sam_from_ldap: Entry found for user: valig
> init_sam_from_ldap: Entry found for user: ion
> init_sam_from_ldap: Entry found for user: pascu
> init_sam_from_ldap: Entry found for user: paraschiv
> init_sam_from_ldap: Entry found for user: ddaniel
> init_sam_from_ldap: Entry found for user: H9101201$
> Home server: LINUXRETEA
> Home server: LINUXRETEA
> init_sam_from_ldap: Failed to find Unix account for H9101201$
> ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
> information for 'H9101201$', (-1073741724,No such user)
>   File "/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
> 1318, in run
>     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>   File "/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 694,
> in upgrade_from_samba3
>     user = s3db.getsampwnam(username)
>
> the ldif snipped for a machine account is:
>
> dn: uid=H9101200,ou=Computers,dc=aviamotors,dc=ro
> displayName: Machine
> objectClass: sambaSamAccount
> objectClass: account
> sambaAcctFlags: [W ]
> sambaSID: S-1-5-21-3911796660-3176143098-666610135-9999
> uid: H9101200
> sambaNTPassword: ****************************
> sambaPwdLastSet: 1257150878
>
> What am I missing here?
>
> --
> ___________________________________________________
> Cu stima/Best regards/Mit freundlichen Grüßen,
>
> Chirana-Gheorghita Eugeniu-Theodor
> Bucharest, Romania
>
> e-mail : office at adaptcom.ro
> mobile: 0743 698721
>             0747 447675
>



-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675

More information about the samba-technical mailing list