Samba3 to Samba4 migration issues

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Thu Nov 8 14:13:19 MST 2012 

Hello,
A new error occured.

See attached <migration_error_32.txt.zip>

Thanks

On Wed, Nov 7, 2012 at 11:06 PM, Chirana Gheorghita Eugeniu Theodor <
office at adaptcom.ro> wrote:

> It worked.
> I added the posicAccount property and for CN iI completed the uses name
> (eg H910...$) for guig i completed the group number taken fro =m the
> ou-Computers uid and for uid I selected 999 for first and decremented by 1
> for the others.
>
> Tommorow all machine accounts will get these new properties.
>
> Thanks for support
>
>
> On Wed, Nov 7, 2012 at 8:18 PM, Ricky Nance <
> ricky.nance at weaubleau.k12.mo.us> wrote:
>
>> ---------- Forwarded message ----------
>> From: "Gémes Géza" <geza at kzsdabas.hu>
>> Date: Nov 6, 2012 1:29 PM
>> Subject: Re: Samba3 to Samba4 migration issues
>> To: <samba-technical at lists.samba.org>
>> Cc:
>>
>> Hi,
>>
>> See below
>>
>>> The machine account is with a trailling $ so the correct snippet is:
>>>
>>> dn: uid=H9101200$,ou=Computers,dc=**aviamotors,dc=ro
>>> displayName: Machine
>>> objectClass: sambaSamAccount
>>> objectClass: account
>>> sambaAcctFlags: [W ]
>>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>>> uid: H9101200$
>>> sambaNTPassword: ****************************
>>> sambaPwdLastSet: 1257150878
>>>
>>> On Tue, Nov 6, 2012 at 10:51 AM, Chirana Gheorghita Eugeniu Theodor <
>>> office at adaptcom.ro> wrote:
>>>
>>>  Hello guys,
>>>> For some time the long waited release candidates are online and I just
>>>> decided to migrate a samba3 ad to a fully functional samba4 RC4.
>>>> The setup:
>>>> Centos 6.3 64bit
>>>> Intel server
>>>> Ldap database of samba3 is on another machine.
>>>>
>>>> I copied the tdb files and the smb.conf as instructed in the HOWTO ,
>>>> setup
>>>> nsswitch to get users from ldap and getent passwd works ok.
>>>> I arrived at the step where I do the samba-tool classicupgrade and
>>>> surprise:
>>>> the all users seem to be read and validated ok but when it gets to
>>>> reading
>>>> the machine accounts it fails with:
>>>>
>>>> [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
>>>> --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=
>>>> aviamotor.ro/samba/s3/**private/smb.conf<http://aviamotor.ro/samba/s3/private/smb.conf>
>>>> Reading smb.conf
>>>> doing parameter time server = Yes
>>>> doing parameter load printers = yes
>>>> doing parameter printing = cups
>>>> WARNING: Ignoring invalid value 'cups' for parameter 'printing'
>>>> doing parameter printcap name = cups
>>>> doing parameter logon script = scripts\%U.bat
>>>> doing parameter domain logons = Yes
>>>> doing parameter os level = 98
>>>> doing parameter preferred master = Yes
>>>> doing parameter domain master = Yes
>>>> doing parameter wins support = Yes
>>>> doing parameter remote announce = 10.124.112.8
>>>> doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
>>>> doing parameter ldap group suffix = ou=Groups
>>>> doing parameter ldap idmap suffix = ou=Users
>>>> doing parameter ldap machine suffix = ou=Computers
>>>> doing parameter ldap passwd sync = Yes
>>>> doing parameter ldap suffix = dc=aviamotors,dc=ro
>>>> doing parameter ldap user suffix = ou=Users
>>>> doing parameter lanman auth = Yes
>>>> doing parameter lm announce = no
>>>> doing parameter min protocol = NT1
>>>> doing parameter full_audit:prefix = %u|%I|%m|%S
>>>> doing parameter full_audit:failure = connect
>>>> doing parameter full_audit:success = connect disconnect mkdir rmdir open
>>>> close read pread write pwrite sendfile rename unlink chmod fchmod chown
>>>> fchown chdir ftruncate lock symlink readlink link mknod realpath
>>>> doing parameter full_audit:facility = local7
>>>> doing parameter full_audit:priority = notice
>>>> doing parameter dos filemode = yes
>>>> Processing section "[profile]"
>>>> doing parameter path = /tmp
>>>> Processing section "[netlogon]"
>>>> doing parameter path = /var/lib/samba/netlogon
>>>> doing parameter read only = No
>>>> Processing section "[groups]"
>>>> doing parameter comment = All groups
>>>> doing parameter path = /home1/groups
>>>> doing parameter invalid users = elsa
>>>> doing parameter read only = No
>>>> doing parameter dos filemode = Yes
>>>> doing parameter create mask = 0770
>>>> doing parameter directory mask = 0770
>>>> doing parameter directory security mask = 0700
>>>> Unknown parameter encountered: "directory security mask"
>>>> Ignoring unknown parameter "directory security mask"
>>>> Processing section "[conta]"
>>>> doing parameter comment = Contabilitate
>>>> doing parameter path = /home1/conta
>>>> doing parameter read only = No
>>>> doing parameter create mask = 0770
>>>> doing parameter directory mask = 0770
>>>> doing parameter directory security mask = 0700
>>>> Unknown parameter encountered: "directory security mask"
>>>> Ignoring unknown parameter "directory security mask"
>>>> doing parameter veto files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>>> jpg/*.jpeg/*.wma/
>>>> doing parameter hide files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>>> jpg/*.jpeg/*.wma/
>>>> doing parameter vfs objects = full_audit
>>>> Processing section "[marketing]"
>>>> doing parameter path = /home1/marketing
>>>> doing parameter read only = No
>>>> doing parameter create mask = 0770
>>>> doing parameter directory mask = 0770
>>>> doing parameter directory security mask = 0700
>>>> Unknown parameter encountered: "directory security mask"
>>>> Ignoring unknown parameter "directory security mask"
>>>> doing parameter vfs objects = full_audit
>>>> Processing section "[ru]"
>>>> doing parameter comment = ru
>>>> doing parameter path = /home1/ru
>>>> doing parameter read only = No
>>>> doing parameter create mask = 0770
>>>> doing parameter directory mask = 0770
>>>> doing parameter directory security mask = 0770
>>>> Unknown parameter encountered: "directory security mask"
>>>> Ignoring unknown parameter "directory security mask"
>>>> doing parameter vfs objects = full_audit
>>>> Processing section "[p1]"
>>>> doing parameter comment = Users Profile
>>>> doing parameter writeable = yes
>>>> doing parameter path = /home2
>>>> doing parameter create mask = 0600
>>>> doing parameter directory mask = 0700
>>>> doing parameter profile acls = yes
>>>> doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
>>>> Processing section "[aaa]"
>>>> doing parameter writeable = no
>>>> doing parameter path = /home2/aaa
>>>> doing parameter create mask = 0600
>>>> doing parameter comment = sql
>>>> doing parameter directory mask = 0700
>>>> Processing section "[printers]"
>>>> doing parameter comment = All Printers
>>>> doing parameter path = /var/spool/samba/
>>>> doing parameter guest ok = Yes
>>>> doing parameter printable = Yes
>>>> doing parameter browseable = No
>>>> doing parameter public = yes
>>>> Processing section "[print$]"
>>>> doing parameter path = /var/lib/samba/printing
>>>> doing parameter write list = "@Domain Admins", root
>>>> doing parameter read only = yes
>>>> doing parameter browseable = yes
>>>> doing parameter guest ok = Yes
>>>> Processing section "[kituri]"
>>>> doing parameter path = /home/kituri
>>>> doing parameter write list = "@Domain Admins"
>>>> Processing section "[update]"
>>>> doing parameter path = /home/update
>>>> doing parameter write list = "@Domain Admins"
>>>> Processing section "[toatalumea]"
>>>> doing parameter path = /home1/groups/toatalumea
>>>> doing parameter read only = No
>>>> doing parameter write list = "Users"
>>>> doing parameter create mask = 0777
>>>> doing parameter directory mask = 0777
>>>> doing parameter vfs objects = full_audit
>>>> pm_process() returned Yes
>>>> Provisioning
>>>> smbldap_search_domain_info: Searching
>>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>>> ))]
>>>> smbldap_open_connection: connection opened
>>>> ldap_connect_system: successful connection to the LDAP server
>>>> The LDAP server is successfully connected
>>>> ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
>>>> Exporting account policy
>>>> Exporting groups
>>>> ldapsam_setsamgrent: 21 entries in the base!
>>>> init_group_from_ldap: Entry found for group: 548
>>>> init_group_from_ldap: Entry found for group: 544
>>>> init_group_from_ldap: Entry found for group: 551
>>>> init_group_from_ldap: Entry found for group: 503
>>>> init_group_from_ldap: Entry found for group: 509
>>>> init_group_from_ldap: Entry found for group: 512
>>>> init_group_from_ldap: Entry found for group: 515
>>>> init_group_from_ldap: Entry found for group: 514
>>>> init_group_from_ldap: Entry found for group: 513
>>>> init_group_from_ldap: Entry found for group: 1001
>>>> init_group_from_ldap: Entry found for group: 517
>>>> init_group_from_ldap: Entry found for group: 507
>>>> init_group_from_ldap: Entry found for group: 508
>>>> init_group_from_ldap: Entry found for group: 550
>>>> init_group_from_ldap: Entry found for group: 552
>>>> init_group_from_ldap: Entry found for group: 1011
>>>> init_group_from_ldap: Entry found for group: 504
>>>> init_group_from_ldap: Entry found for group: 524
>>>> init_group_from_ldap: Entry found for group: 500
>>>> init_group_from_ldap: Entry found for group: 510
>>>> init_group_from_ldap: Entry found for group: 580
>>>> ldapsam_enum_aliasmem: Did not find alias
>>>> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not
>>>> found:
>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>> SUCH_ALIAS)
>>>> ldapsam_enum_aliasmem: Did not find alias
>>>> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>> SUCH_ALIAS)
>>>> ldapsam_enum_aliasmem: Did not find alias
>>>> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not
>>>> found:
>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>> SUCH_ALIAS)
>>>> ldapsam_enum_aliasmem: Did not find alias
>>>> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>> SUCH_ALIAS)
>>>> ldapsam_enum_aliasmem: Did not find alias
>>>> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found:
>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>> SUCH_ALIAS)
>>>> Exporting users
>>>> smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
>>>> [(&(uid=*)(objectclass=**sambaSamAccount))],scope => [2], pagesize =>
>>>> [1024]
>>>> smbldap_search_paged: search was successful
>>>> init_sam_from_ldap: Entry found for user: nobody
>>>> Home server: LINUXRETEA
>>>> Home server: LINUXRETEA
>>>> smbldap_search_domain_info: Searching
>>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>>> ))]
>>>> smbldap_open_connection: connection opened
>>>> ldap_connect_system: successful connection to the LDAP server
>>>> The LDAP server is successfully connected
>>>>    Skipping wellknown rid=500 (for username=root)
>>>> init_sam_from_ldap: Entry found for user: catalin
>>>> Home server: LINUXRETEA
>>>> init_sam_from_ldap: Entry found for user: parlitu
>>>> init_sam_from_ldap: Entry found for user: valig
>>>> init_sam_from_ldap: Entry found for user: ion
>>>> init_sam_from_ldap: Entry found for user: pascu
>>>> init_sam_from_ldap: Entry found for user: paraschiv
>>>> init_sam_from_ldap: Entry found for user: ddaniel
>>>> init_sam_from_ldap: Entry found for user: H9101201$
>>>> Home server: LINUXRETEA
>>>> Home server: LINUXRETEA
>>>> init_sam_from_ldap: Failed to find Unix account for H9101201$
>>>> ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
>>>> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
>>>> information for 'H9101201$', (-1073741724,No such user)
>>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/__init__**
>>>> .py",
>>>> line 175, in _run
>>>>      return self.run(*args, **kwargs)
>>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/domain.**py",
>>>> line
>>>> 1318, in run
>>>>      useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>>>>    File "/samba/lib64/python2.6/site-**packages/samba/upgrade.py",
>>>> line 694,
>>>> in upgrade_from_samba3
>>>>      user = s3db.getsampwnam(username)
>>>>
>>>> the ldif snipped for a machine account is:
>>>>
>>>> dn: uid=H9101200,ou=Computers,dc=**aviamotors,dc=ro
>>>> displayName: Machine
>>>> objectClass: sambaSamAccount
>>>> objectClass: account
>>>> sambaAcctFlags: [W ]
>>>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>>>> uid: H9101200
>>>> sambaNTPassword: ****************************
>>>> sambaPwdLastSet: 1257150878
>>>>
>>>> What am I missing here?
>>>>
>>>> --
>>>> ______________________________**_____________________
>>>> Cu stima/Best regards/Mit freundlichen Grüßen,
>>>>
>>>>
>>>> Chirana-Gheorghita Eugeniu-Theodor
>>>> Bucharest, Romania
>>>>
>>>> e-mail : office at adaptcom.ro
>>>> mobile: 0743 698721
>>>>              0747 447675
>>>>
>>>>
>>>
>>>  You need to posixify your accounts, including the machine accounts,
>> which translates into adding the posixAccount objectclass to them, together
>> with some "must" attributes of it (e.g. uidNumber)
>>
>> Regards
>>
>> Geza Gemes
>>
>
>
>
> --
> ___________________________________________________
> Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,
>
>
> Chirana-Gheorghita Eugeniu-Theodor
> Bucharest, Romania
>
> e-mail : office at adaptcom.ro
> mobile: 0743 698721
>             0747 447675
>



-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675
-------------- next part --------------
A non-text attachment was scrubbed...
Name: migration_error_32.zip
Type: application/zip
Size: 37182 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121108/681736fc/attachment.zip>

More information about the samba-technical mailing list