Samba3 to Samba4 migration issues

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Tue Nov 6 05:59:22 MST 2012 

> [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
> --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=
aviamotor.ro/samba/s3/private/smb.conf

Is there really not a space between --realm=aviamotor.ro and
/samba/s3/private/smb.conf (or is that just a bad paste)? Did you check for
duplicate sid's? Can you post (or email me) your smb.conf? When (assuming
you did) you tried a second time did you make sure to remove
/path/to/samba/private and /path/to/samba/etc?

Ricky

On Tue, Nov 6, 2012 at 3:11 AM, Chirana Gheorghita Eugeniu Theodor <
office at adaptcom.ro> wrote:

> The machine account is with a trailling $ so the correct snippet is:
>
> dn: uid=H9101200$,ou=Computers,dc=aviamotors,dc=ro
> displayName: Machine
> objectClass: sambaSamAccount
> objectClass: account
> sambaAcctFlags: [W ]
> sambaSID: S-1-5-21-3911796660-3176143098-666610135-9999
> uid: H9101200$
> sambaNTPassword: ****************************
> sambaPwdLastSet: 1257150878
>
> On Tue, Nov 6, 2012 at 10:51 AM, Chirana Gheorghita Eugeniu Theodor <
> office at adaptcom.ro> wrote:
>
> > Hello guys,
> > For some time the long waited release candidates are online and I just
> > decided to migrate a samba3 ad to a fully functional samba4 RC4.
> > The setup:
> > Centos 6.3 64bit
> > Intel server
> > Ldap database of samba3 is on another machine.
> >
> > I copied the tdb files and the smb.conf as instructed in the HOWTO ,
> setup
> > nsswitch to get users from ldap and getent passwd works ok.
> > I arrived at the step where I do the samba-tool classicupgrade and
> > surprise:
> > the all users seem to be read and validated ok but when it gets to
> reading
> > the machine accounts it fails with:
> >
> > [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
> > --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=
> aviamotor.ro/samba/s3/private/smb.conf
> > Reading smb.conf
> > doing parameter time server = Yes
> > doing parameter load printers = yes
> > doing parameter printing = cups
> > WARNING: Ignoring invalid value 'cups' for parameter 'printing'
> > doing parameter printcap name = cups
> > doing parameter logon script = scripts\%U.bat
> > doing parameter domain logons = Yes
> > doing parameter os level = 98
> > doing parameter preferred master = Yes
> > doing parameter domain master = Yes
> > doing parameter wins support = Yes
> > doing parameter remote announce = 10.124.112.8
> > doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
> > doing parameter ldap group suffix = ou=Groups
> > doing parameter ldap idmap suffix = ou=Users
> > doing parameter ldap machine suffix = ou=Computers
> > doing parameter ldap passwd sync = Yes
> > doing parameter ldap suffix = dc=aviamotors,dc=ro
> > doing parameter ldap user suffix = ou=Users
> > doing parameter lanman auth = Yes
> > doing parameter lm announce = no
> > doing parameter min protocol = NT1
> > doing parameter full_audit:prefix = %u|%I|%m|%S
> > doing parameter full_audit:failure = connect
> > doing parameter full_audit:success = connect disconnect mkdir rmdir open
> > close read pread write pwrite sendfile rename unlink chmod fchmod chown
> > fchown chdir ftruncate lock symlink readlink link mknod realpath
> > doing parameter full_audit:facility = local7
> > doing parameter full_audit:priority = notice
> > doing parameter dos filemode = yes
> > Processing section "[profile]"
> > doing parameter path = /tmp
> > Processing section "[netlogon]"
> > doing parameter path = /var/lib/samba/netlogon
> > doing parameter read only = No
> > Processing section "[groups]"
> > doing parameter comment = All groups
> > doing parameter path = /home1/groups
> > doing parameter invalid users = elsa
> > doing parameter read only = No
> > doing parameter dos filemode = Yes
> > doing parameter create mask = 0770
> > doing parameter directory mask = 0770
> > doing parameter directory security mask = 0700
> > Unknown parameter encountered: "directory security mask"
> > Ignoring unknown parameter "directory security mask"
> > Processing section "[conta]"
> > doing parameter comment = Contabilitate
> > doing parameter path = /home1/conta
> > doing parameter read only = No
> > doing parameter create mask = 0770
> > doing parameter directory mask = 0770
> > doing parameter directory security mask = 0700
> > Unknown parameter encountered: "directory security mask"
> > Ignoring unknown parameter "directory security mask"
> > doing parameter veto files =
> /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
> > doing parameter hide files =
> /*.mp3/*.avi/*.mpg/*.mpeg/*.jpg/*.jpeg/*.wma/
> > doing parameter vfs objects = full_audit
> > Processing section "[marketing]"
> > doing parameter path = /home1/marketing
> > doing parameter read only = No
> > doing parameter create mask = 0770
> > doing parameter directory mask = 0770
> > doing parameter directory security mask = 0700
> > Unknown parameter encountered: "directory security mask"
> > Ignoring unknown parameter "directory security mask"
> > doing parameter vfs objects = full_audit
> > Processing section "[ru]"
> > doing parameter comment = ru
> > doing parameter path = /home1/ru
> > doing parameter read only = No
> > doing parameter create mask = 0770
> > doing parameter directory mask = 0770
> > doing parameter directory security mask = 0770
> > Unknown parameter encountered: "directory security mask"
> > Ignoring unknown parameter "directory security mask"
> > doing parameter vfs objects = full_audit
> > Processing section "[p1]"
> > doing parameter comment = Users Profile
> > doing parameter writeable = yes
> > doing parameter path = /home2
> > doing parameter create mask = 0600
> > doing parameter directory mask = 0700
> > doing parameter profile acls = yes
> > doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
> > Processing section "[aaa]"
> > doing parameter writeable = no
> > doing parameter path = /home2/aaa
> > doing parameter create mask = 0600
> > doing parameter comment = sql
> > doing parameter directory mask = 0700
> > Processing section "[printers]"
> > doing parameter comment = All Printers
> > doing parameter path = /var/spool/samba/
> > doing parameter guest ok = Yes
> > doing parameter printable = Yes
> > doing parameter browseable = No
> > doing parameter public = yes
> > Processing section "[print$]"
> > doing parameter path = /var/lib/samba/printing
> > doing parameter write list = "@Domain Admins", root
> > doing parameter read only = yes
> > doing parameter browseable = yes
> > doing parameter guest ok = Yes
> > Processing section "[kituri]"
> > doing parameter path = /home/kituri
> > doing parameter write list = "@Domain Admins"
> > Processing section "[update]"
> > doing parameter path = /home/update
> > doing parameter write list = "@Domain Admins"
> > Processing section "[toatalumea]"
> > doing parameter path = /home1/groups/toatalumea
> > doing parameter read only = No
> > doing parameter write list = "Users"
> > doing parameter create mask = 0777
> > doing parameter directory mask = 0777
> > doing parameter vfs objects = full_audit
> > pm_process() returned Yes
> > Provisioning
> > smbldap_search_domain_info: Searching
> > for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
> > smbldap_open_connection: connection opened
> > ldap_connect_system: successful connection to the LDAP server
> > The LDAP server is successfully connected
> > ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
> > Exporting account policy
> > Exporting groups
> > ldapsam_setsamgrent: 21 entries in the base!
> > init_group_from_ldap: Entry found for group: 548
> > init_group_from_ldap: Entry found for group: 544
> > init_group_from_ldap: Entry found for group: 551
> > init_group_from_ldap: Entry found for group: 503
> > init_group_from_ldap: Entry found for group: 509
> > init_group_from_ldap: Entry found for group: 512
> > init_group_from_ldap: Entry found for group: 515
> > init_group_from_ldap: Entry found for group: 514
> > init_group_from_ldap: Entry found for group: 513
> > init_group_from_ldap: Entry found for group: 1001
> > init_group_from_ldap: Entry found for group: 517
> > init_group_from_ldap: Entry found for group: 507
> > init_group_from_ldap: Entry found for group: 508
> > init_group_from_ldap: Entry found for group: 550
> > init_group_from_ldap: Entry found for group: 552
> > init_group_from_ldap: Entry found for group: 1011
> > init_group_from_ldap: Entry found for group: 504
> > init_group_from_ldap: Entry found for group: 524
> > init_group_from_ldap: Entry found for group: 500
> > init_group_from_ldap: Entry found for group: 510
> > init_group_from_ldap: Entry found for group: 580
> > ldapsam_enum_aliasmem: Did not find alias
> > Ignoring group 'Account Operators' S-1-5-32-548 listed but then not
> found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > ldapsam_enum_aliasmem: Did not find alias
> > Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > ldapsam_enum_aliasmem: Did not find alias
> > Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > ldapsam_enum_aliasmem: Did not find alias
> > Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > ldapsam_enum_aliasmem: Did not find alias
> > Ignoring group 'Replicators' S-1-5-32-552 listed but then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Exporting users
> > smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
> > [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize =>
> [1024]
> > smbldap_search_paged: search was successful
> > init_sam_from_ldap: Entry found for user: nobody
> > Home server: LINUXRETEA
> > Home server: LINUXRETEA
> > smbldap_search_domain_info: Searching
> > for:[(&(objectClass=sambaDomain)(sambaDomainName=AVIAMOTORS.RO))]
> > smbldap_open_connection: connection opened
> > ldap_connect_system: successful connection to the LDAP server
> > The LDAP server is successfully connected
> >   Skipping wellknown rid=500 (for username=root)
> > init_sam_from_ldap: Entry found for user: catalin
> > Home server: LINUXRETEA
> > init_sam_from_ldap: Entry found for user: parlitu
> > init_sam_from_ldap: Entry found for user: valig
> > init_sam_from_ldap: Entry found for user: ion
> > init_sam_from_ldap: Entry found for user: pascu
> > init_sam_from_ldap: Entry found for user: paraschiv
> > init_sam_from_ldap: Entry found for user: ddaniel
> > init_sam_from_ldap: Entry found for user: H9101201$
> > Home server: LINUXRETEA
> > Home server: LINUXRETEA
> > init_sam_from_ldap: Failed to find Unix account for H9101201$
> > ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
> > information for 'H9101201$', (-1073741724,No such user)
> >   File "/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File "/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line
> > 1318, in run
> >     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> >   File "/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 694,
> > in upgrade_from_samba3
> >     user = s3db.getsampwnam(username)
> >
> > the ldif snipped for a machine account is:
> >
> > dn: uid=H9101200,ou=Computers,dc=aviamotors,dc=ro
> > displayName: Machine
> > objectClass: sambaSamAccount
> > objectClass: account
> > sambaAcctFlags: [W ]
> > sambaSID: S-1-5-21-3911796660-3176143098-666610135-9999
> > uid: H9101200
> > sambaNTPassword: ****************************
> > sambaPwdLastSet: 1257150878
> >
> > What am I missing here?
> >
> > --
> > ___________________________________________________
> > Cu stima/Best regards/Mit freundlichen Grüßen,
> >
> > Chirana-Gheorghita Eugeniu-Theodor
> > Bucharest, Romania
> >
> > e-mail : office at adaptcom.ro
> > mobile: 0743 698721
> >             0747 447675
> >
>
>
>
> --
> ___________________________________________________
> Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,
>
> Chirana-Gheorghita Eugeniu-Theodor
> Bucharest, Romania
>
> e-mail : office at adaptcom.ro
> mobile: 0743 698721
>             0747 447675
>



--

More information about the samba-technical mailing list