Samba3 to Samba4 migration issues

Ricky Nance ricky.nance at weaubleau.k12.mo.us
Sat Nov 10 13:46:42 MST 2012 

It looks like your ldap is missing both the displayName and description
fields. I am not sure why these are hard requirements though, anyone have
any ideas on why classicupgrade is trying to force these?

Ricky

On Thu, Nov 8, 2012 at 3:13 PM, Chirana Gheorghita Eugeniu Theodor <
office at adaptcom.ro> wrote:

> Hello,
> A new error occured.
>
> See attached <migration_error_32.txt.zip>
>
> Thanks
>
> On Wed, Nov 7, 2012 at 11:06 PM, Chirana Gheorghita Eugeniu Theodor <
> office at adaptcom.ro> wrote:
>
>> It worked.
>> I added the posicAccount property and for CN iI completed the uses name
>> (eg H910...$) for guig i completed the group number taken fro =m the
>> ou-Computers uid and for uid I selected 999 for first and decremented by 1
>> for the others.
>>
>> Tommorow all machine accounts will get these new properties.
>>
>> Thanks for support
>>
>>
>> On Wed, Nov 7, 2012 at 8:18 PM, Ricky Nance <
>> ricky.nance at weaubleau.k12.mo.us> wrote:
>>
>>> ---------- Forwarded message ----------
>>> From: "Gémes Géza" <geza at kzsdabas.hu>
>>> Date: Nov 6, 2012 1:29 PM
>>> Subject: Re: Samba3 to Samba4 migration issues
>>> To: <samba-technical at lists.samba.org>
>>> Cc:
>>>
>>> Hi,
>>>
>>> See below
>>>
>>>> The machine account is with a trailling $ so the correct snippet is:
>>>>
>>>> dn: uid=H9101200$,ou=Computers,dc=**aviamotors,dc=ro
>>>> displayName: Machine
>>>> objectClass: sambaSamAccount
>>>> objectClass: account
>>>> sambaAcctFlags: [W ]
>>>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>>>> uid: H9101200$
>>>> sambaNTPassword: ****************************
>>>> sambaPwdLastSet: 1257150878
>>>>
>>>> On Tue, Nov 6, 2012 at 10:51 AM, Chirana Gheorghita Eugeniu Theodor <
>>>> office at adaptcom.ro> wrote:
>>>>
>>>>  Hello guys,
>>>>> For some time the long waited release candidates are online and I just
>>>>> decided to migrate a samba3 ad to a fully functional samba4 RC4.
>>>>> The setup:
>>>>> Centos 6.3 64bit
>>>>> Intel server
>>>>> Ldap database of samba3 is on another machine.
>>>>>
>>>>> I copied the tdb files and the smb.conf as instructed in the HOWTO ,
>>>>> setup
>>>>> nsswitch to get users from ldap and getent passwd works ok.
>>>>> I arrived at the step where I do the samba-tool classicupgrade and
>>>>> surprise:
>>>>> the all users seem to be read and validated ok but when it gets to
>>>>> reading
>>>>> the machine accounts it fails with:
>>>>>
>>>>> [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
>>>>> --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=
>>>>> aviamotor.ro/samba/s3/**private/smb.conf<http://aviamotor.ro/samba/s3/private/smb.conf>
>>>>> Reading smb.conf
>>>>> doing parameter time server = Yes
>>>>> doing parameter load printers = yes
>>>>> doing parameter printing = cups
>>>>> WARNING: Ignoring invalid value 'cups' for parameter 'printing'
>>>>> doing parameter printcap name = cups
>>>>> doing parameter logon script = scripts\%U.bat
>>>>> doing parameter domain logons = Yes
>>>>> doing parameter os level = 98
>>>>> doing parameter preferred master = Yes
>>>>> doing parameter domain master = Yes
>>>>> doing parameter wins support = Yes
>>>>> doing parameter remote announce = 10.124.112.8
>>>>> doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
>>>>> doing parameter ldap group suffix = ou=Groups
>>>>> doing parameter ldap idmap suffix = ou=Users
>>>>> doing parameter ldap machine suffix = ou=Computers
>>>>> doing parameter ldap passwd sync = Yes
>>>>> doing parameter ldap suffix = dc=aviamotors,dc=ro
>>>>> doing parameter ldap user suffix = ou=Users
>>>>> doing parameter lanman auth = Yes
>>>>> doing parameter lm announce = no
>>>>> doing parameter min protocol = NT1
>>>>> doing parameter full_audit:prefix = %u|%I|%m|%S
>>>>> doing parameter full_audit:failure = connect
>>>>> doing parameter full_audit:success = connect disconnect mkdir rmdir
>>>>> open
>>>>> close read pread write pwrite sendfile rename unlink chmod fchmod chown
>>>>> fchown chdir ftruncate lock symlink readlink link mknod realpath
>>>>> doing parameter full_audit:facility = local7
>>>>> doing parameter full_audit:priority = notice
>>>>> doing parameter dos filemode = yes
>>>>> Processing section "[profile]"
>>>>> doing parameter path = /tmp
>>>>> Processing section "[netlogon]"
>>>>> doing parameter path = /var/lib/samba/netlogon
>>>>> doing parameter read only = No
>>>>> Processing section "[groups]"
>>>>> doing parameter comment = All groups
>>>>> doing parameter path = /home1/groups
>>>>> doing parameter invalid users = elsa
>>>>> doing parameter read only = No
>>>>> doing parameter dos filemode = Yes
>>>>> doing parameter create mask = 0770
>>>>> doing parameter directory mask = 0770
>>>>> doing parameter directory security mask = 0700
>>>>> Unknown parameter encountered: "directory security mask"
>>>>> Ignoring unknown parameter "directory security mask"
>>>>> Processing section "[conta]"
>>>>> doing parameter comment = Contabilitate
>>>>> doing parameter path = /home1/conta
>>>>> doing parameter read only = No
>>>>> doing parameter create mask = 0770
>>>>> doing parameter directory mask = 0770
>>>>> doing parameter directory security mask = 0700
>>>>> Unknown parameter encountered: "directory security mask"
>>>>> Ignoring unknown parameter "directory security mask"
>>>>> doing parameter veto files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>>>> jpg/*.jpeg/*.wma/
>>>>> doing parameter hide files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>>>> jpg/*.jpeg/*.wma/
>>>>> doing parameter vfs objects = full_audit
>>>>> Processing section "[marketing]"
>>>>> doing parameter path = /home1/marketing
>>>>> doing parameter read only = No
>>>>> doing parameter create mask = 0770
>>>>> doing parameter directory mask = 0770
>>>>> doing parameter directory security mask = 0700
>>>>> Unknown parameter encountered: "directory security mask"
>>>>> Ignoring unknown parameter "directory security mask"
>>>>> doing parameter vfs objects = full_audit
>>>>> Processing section "[ru]"
>>>>> doing parameter comment = ru
>>>>> doing parameter path = /home1/ru
>>>>> doing parameter read only = No
>>>>> doing parameter create mask = 0770
>>>>> doing parameter directory mask = 0770
>>>>> doing parameter directory security mask = 0770
>>>>> Unknown parameter encountered: "directory security mask"
>>>>> Ignoring unknown parameter "directory security mask"
>>>>> doing parameter vfs objects = full_audit
>>>>> Processing section "[p1]"
>>>>> doing parameter comment = Users Profile
>>>>> doing parameter writeable = yes
>>>>> doing parameter path = /home2
>>>>> doing parameter create mask = 0600
>>>>> doing parameter directory mask = 0700
>>>>> doing parameter profile acls = yes
>>>>> doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
>>>>> Processing section "[aaa]"
>>>>> doing parameter writeable = no
>>>>> doing parameter path = /home2/aaa
>>>>> doing parameter create mask = 0600
>>>>> doing parameter comment = sql
>>>>> doing parameter directory mask = 0700
>>>>> Processing section "[printers]"
>>>>> doing parameter comment = All Printers
>>>>> doing parameter path = /var/spool/samba/
>>>>> doing parameter guest ok = Yes
>>>>> doing parameter printable = Yes
>>>>> doing parameter browseable = No
>>>>> doing parameter public = yes
>>>>> Processing section "[print$]"
>>>>> doing parameter path = /var/lib/samba/printing
>>>>> doing parameter write list = "@Domain Admins", root
>>>>> doing parameter read only = yes
>>>>> doing parameter browseable = yes
>>>>> doing parameter guest ok = Yes
>>>>> Processing section "[kituri]"
>>>>> doing parameter path = /home/kituri
>>>>> doing parameter write list = "@Domain Admins"
>>>>> Processing section "[update]"
>>>>> doing parameter path = /home/update
>>>>> doing parameter write list = "@Domain Admins"
>>>>> Processing section "[toatalumea]"
>>>>> doing parameter path = /home1/groups/toatalumea
>>>>> doing parameter read only = No
>>>>> doing parameter write list = "Users"
>>>>> doing parameter create mask = 0777
>>>>> doing parameter directory mask = 0777
>>>>> doing parameter vfs objects = full_audit
>>>>> pm_process() returned Yes
>>>>> Provisioning
>>>>> smbldap_search_domain_info: Searching
>>>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>>>> ))]
>>>>> smbldap_open_connection: connection opened
>>>>> ldap_connect_system: successful connection to the LDAP server
>>>>> The LDAP server is successfully connected
>>>>> ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
>>>>> Exporting account policy
>>>>> Exporting groups
>>>>> ldapsam_setsamgrent: 21 entries in the base!
>>>>> init_group_from_ldap: Entry found for group: 548
>>>>> init_group_from_ldap: Entry found for group: 544
>>>>> init_group_from_ldap: Entry found for group: 551
>>>>> init_group_from_ldap: Entry found for group: 503
>>>>> init_group_from_ldap: Entry found for group: 509
>>>>> init_group_from_ldap: Entry found for group: 512
>>>>> init_group_from_ldap: Entry found for group: 515
>>>>> init_group_from_ldap: Entry found for group: 514
>>>>> init_group_from_ldap: Entry found for group: 513
>>>>> init_group_from_ldap: Entry found for group: 1001
>>>>> init_group_from_ldap: Entry found for group: 517
>>>>> init_group_from_ldap: Entry found for group: 507
>>>>> init_group_from_ldap: Entry found for group: 508
>>>>> init_group_from_ldap: Entry found for group: 550
>>>>> init_group_from_ldap: Entry found for group: 552
>>>>> init_group_from_ldap: Entry found for group: 1011
>>>>> init_group_from_ldap: Entry found for group: 504
>>>>> init_group_from_ldap: Entry found for group: 524
>>>>> init_group_from_ldap: Entry found for group: 500
>>>>> init_group_from_ldap: Entry found for group: 510
>>>>> init_group_from_ldap: Entry found for group: 580
>>>>> ldapsam_enum_aliasmem: Did not find alias
>>>>> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not
>>>>> found:
>>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>>> SUCH_ALIAS)
>>>>> ldapsam_enum_aliasmem: Did not find alias
>>>>> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
>>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>>> SUCH_ALIAS)
>>>>> ldapsam_enum_aliasmem: Did not find alias
>>>>> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not
>>>>> found:
>>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>>> SUCH_ALIAS)
>>>>> ldapsam_enum_aliasmem: Did not find alias
>>>>> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not
>>>>> found:
>>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>>> SUCH_ALIAS)
>>>>> ldapsam_enum_aliasmem: Did not find alias
>>>>> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found:
>>>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>>>> SUCH_ALIAS)
>>>>> Exporting users
>>>>> smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
>>>>> [(&(uid=*)(objectclass=**sambaSamAccount))],scope => [2], pagesize =>
>>>>> [1024]
>>>>> smbldap_search_paged: search was successful
>>>>> init_sam_from_ldap: Entry found for user: nobody
>>>>> Home server: LINUXRETEA
>>>>> Home server: LINUXRETEA
>>>>> smbldap_search_domain_info: Searching
>>>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>>>> ))]
>>>>> smbldap_open_connection: connection opened
>>>>> ldap_connect_system: successful connection to the LDAP server
>>>>> The LDAP server is successfully connected
>>>>>    Skipping wellknown rid=500 (for username=root)
>>>>> init_sam_from_ldap: Entry found for user: catalin
>>>>> Home server: LINUXRETEA
>>>>> init_sam_from_ldap: Entry found for user: parlitu
>>>>> init_sam_from_ldap: Entry found for user: valig
>>>>> init_sam_from_ldap: Entry found for user: ion
>>>>> init_sam_from_ldap: Entry found for user: pascu
>>>>> init_sam_from_ldap: Entry found for user: paraschiv
>>>>> init_sam_from_ldap: Entry found for user: ddaniel
>>>>> init_sam_from_ldap: Entry found for user: H9101201$
>>>>> Home server: LINUXRETEA
>>>>> Home server: LINUXRETEA
>>>>> init_sam_from_ldap: Failed to find Unix account for H9101201$
>>>>> ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
>>>>> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
>>>>> information for 'H9101201$', (-1073741724,No such user)
>>>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/__init__*
>>>>> *.py",
>>>>> line 175, in _run
>>>>>      return self.run(*args, **kwargs)
>>>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/domain.**py",
>>>>> line
>>>>> 1318, in run
>>>>>      useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>>>>>    File "/samba/lib64/python2.6/site-**packages/samba/upgrade.py",
>>>>> line 694,
>>>>> in upgrade_from_samba3
>>>>>      user = s3db.getsampwnam(username)
>>>>>
>>>>> the ldif snipped for a machine account is:
>>>>>
>>>>> dn: uid=H9101200,ou=Computers,dc=**aviamotors,dc=ro
>>>>> displayName: Machine
>>>>> objectClass: sambaSamAccount
>>>>> objectClass: account
>>>>> sambaAcctFlags: [W ]
>>>>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>>>>> uid: H9101200
>>>>> sambaNTPassword: ****************************
>>>>> sambaPwdLastSet: 1257150878
>>>>>
>>>>> What am I missing here?
>>>>>
>>>>> --
>>>>> ______________________________**_____________________
>>>>> Cu stima/Best regards/Mit freundlichen Grüßen,
>>>>>
>>>>>
>>>>> Chirana-Gheorghita Eugeniu-Theodor
>>>>> Bucharest, Romania
>>>>>
>>>>> e-mail : office at adaptcom.ro
>>>>> mobile: 0743 698721
>>>>>              0747 447675
>>>>>
>>>>>
>>>>
>>>>  You need to posixify your accounts, including the machine accounts,
>>> which translates into adding the posixAccount objectclass to them, together
>>> with some "must" attributes of it (e.g. uidNumber)
>>>
>>> Regards
>>>
>>> Geza Gemes
>>>
>>
>>
>>
>> --
>> ___________________________________________________
>> Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,
>>
>>
>> Chirana-Gheorghita Eugeniu-Theodor
>> Bucharest, Romania
>>
>> e-mail : office at adaptcom.ro
>> mobile: 0743 698721
>>             0747 447675
>>
>
>
>
> --
> ___________________________________________________
> Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,
>
> Chirana-Gheorghita Eugeniu-Theodor
> Bucharest, Romania
>
> e-mail : office at adaptcom.ro
> mobile: 0743 698721
>             0747 447675
>



--

More information about the samba-technical mailing list