[PATCH] Allow posixUser LDAP attributes to be optional on classicupgrade

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Sun Nov 11 07:22:54 MST 2012 

DONE:

[root at cerberus samba-master]# /samba/bin/samba-tool domain provision
--dns-backend=BIND9_DLZ --realm=ALTAVIA.AVIAMOTORS.RO --domain=ALTAVIA
--adminpass='***************' --server-role=dc
Looking up IPv4 addresses
More than one IPv4 address found. Using 10.124.112.3
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=altavia,DC=aviamotors,DC=ro
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=altavia,DC=aviamotors,DC=ro
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Unable to find group id for BIND,
                set permissions to sam.ldb* files manually
See /samba/private/named.conf for an example configuration include file for
BIND
and /samba/private/named.txt for further documentation required for secure
DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/samba/private/krb5.conf
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              cerberus
NetBIOS Domain:        ALTAVIA
DNS Domain:            altavia.aviamotors.ro
DOMAIN SID:            S-1-5-21-706781771-3322338155-2372433716


On Sun, Nov 11, 2012 at 2:59 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Sun, 2012-11-11 at 13:58 +0200, Chirana Gheorghita Eugeniu Theodor
> wrote:
> > Hello,
> > The patch seemed to work but now:
> >
> > Reading WINS database
> > Cannot open wins database, Ignoring: [Errno 2] No such file or directory:
> > '/samba/s3/private/wins.dat'
> > lpcfg_load: refreshing parameters from /samba/etc/smb.conf
> > params.c:pm_process() - Processing configuration file
> "/samba/etc/smb.conf"
> > Processing section "[globals]"
> > Processing section "[netlogon]"
> > Processing section "[sysvol]"
> > pm_process() returned Yes
> > lpcfg_load: refreshing parameters from /samba/etc/smb.conf
> > params.c:pm_process() - Processing configuration file
> "/samba/etc/smb.conf"
> > Processing section "[global]"
> > Processing section "[netlogon]"
> > Processing section "[sysvol]"
> > pm_process() returned Yes
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> > ProvisioningError: guess_names: Realm 'AVIAMOTORS.RO' must not be equal
> to
> > short domain name 'AVIAMOTORS.RO'!
> >   File "/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File "/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line
> > 1318, in run
> >     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> >   File "/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 841,
> > in upgrade_from_samba3
> >     use_ntvfs=use_ntvfs, skip_sysvolacl=True)
> >   File
> "/samba/lib64/python2.6/site-packages/samba/provision/__init__.py",
> > line 1868, in provision
> >     sitename=sitename, rootdn=rootdn)
> >   File
> "/samba/lib64/python2.6/site-packages/samba/provision/__init__.py",
> > line 560, in guess_names
> >     raise ProvisioningError("guess_names: Realm '%s' must not be equal to
> > short domain name '%s'!" % (realm, domain))
> > The connection to the LDAP server was closed
> >
> >
> > Is there anything related to my smb.conf?
>
> So, it seems your old 'workgroup' was 'AVIAMOTORS.RO'?
>
> We have this assertion in our provision code, not because it strictly is
> prohibited by the AD structure, but because it usually is administrator
> error or misunderstanding.
>
> Very few DNS domains also work as netbios workgroups, so this doesn't
> come up often.
>
> If this is genuinely how your existing domain is configured, then I
> guess we will have to allow it to work somehow, probably by bypassing
> the check in some cases.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
>
>
>


-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675

More information about the samba-technical mailing list