Samba4: lots of issues with samba-tool domain classic upggrade

Ricky Nance ricky.nance at
Mon Nov 19 15:40:06 MST 2012

First thing, I run linux only and I cannot download your log file with -d3
(its trying to force me to use a download manager that is an exe, don't
want to setup wine just for that), if you use tar --xz -cf file.log.tar.xz
file.log it will shrink the file substantially (allowing you to attatch it
to the mail). Secondly when asking for help, telling someone their product
is 'really a pain in the ass' is very counter productive and in all honesty
is just rude. Next thing is if you want something in the wiki, request
permission to add it, instead of just complaining about it. If you want
openldap support check with them, samba is not here to support that, though
we do try (if asked nicely) to help with anything that affects your setup.
The issue is that everyone uses OpenLDAP slightly differently, so what
works in your case may not work in mine and vise-versa. I have done several
migrations, using this howto and they have went off fairly well. The
biggest issues I have seen thus far (aside from yours) is that the LDAP
directory the user is migrating from doesn't have all the attributes it
needs. Also if you would have followed the howto verbatim, the commands
there have you copy your entire existing /etc/ldap folder to the new
machine, by default (as far as I know) slapd will check for the type of
config it needs (whether slapd.conf or slapd.d), that /etc/ldap directory
also typically includes your schemas and where your current ldap db is

I fully understand your frustration, but please do understand that everyone
setup is slightly different and its very hard to predict what each and
every user needs. Please keep good notes on what needs touched up on the
wiki and relay them back to me or register and add them yourself, so other
users may be able to have more success.

Get that log file setup somewhere else (or email it) and I'd be glad to
offer any assistance I can.

Ricky (aka RiXtEr)

On Mon, Nov 19, 2012 at 11:22 AM, .:Renegade:. <Renegade at>wrote:

> Hi to @ll,
> I have pulled the latest git version (today: 19th Novembre 2012) and trying
> to do a classic domain upgrade as described on the HowTo. I am going
> through
> every step, but I have lot of issues and hope someone can assist.
> My old server (called HostA)  is running SLES9 with Samba3-3.4.13-42.suse91
> and OpenLDAP2-2.2.24-4.5.
> My new server (called HostB) is running Debian Squeeze 64bit and I used GIT
> as described in the how-to to pull the latest version. Afterwards I did
> compile with these options:
>  "./configure --enable-selftest --with-ads --enable-cups --with-quotas
> --with-acl-support --with-dnsupdate --with-syslog"
> On HostA I did "slapcat > mybackup.ldif" to save all my LDAP content.
> On HostB I installed slapd server in version 2.4.23-7.2 by "apt-get install
> slapd".
> Then I renamed on HostB the directories by "mv /etc/ldap /etc/ &&
> mv
> /var/lib/ldap /var/lib/"
> I copied from HostA to HostB following data:
> HostA:/etc/samba                      --> HostB:/etc/samba
> HostA:/etc/openldap                --> HostB:/etc/ldap
> HostA:/var/lib/ldap                    --> HostB:/var/lib/ldap
> Unfortunately the Samba4-HowTo regarding LDAP databases was not enough
> information in my case. I had to research a lot of OpenLDAP on my own. So I
> had to rename on HostB the directory "/etc/ldap/slapd.d" to
> "/etc/ldap/slapd.d.OFF" else the new config style of slapd 2.4.x would be
> in
> use. But I wanted to use the classic one with slapd.conf cause my old
> server
> used that, too. It would be much easier to confige.  An important point
> here
> is, that I have to use the directory "schema" of /etc/ si I
> had to copy it over 1st to  /etc/ldap/. It was also necessary in my case to
> adjust my /etc/ldap/slapd.conf on HostB, else I got errors when trying to
> start slapd on HostB. I had to add:
> modulepath      /usr/lib/ldap
> moduleload
> because on my old server HostA the slapd.conf uses bdb database and so I
> had
> to first load this backend on my new slapd.
> It was a fight of one day to get slapd running on HostB but now it works
> and
> I can use a LDAP tool and browse through my copied LDAP directory on HostB.
> It would be nice, if someone could add some hints on the WiKi/HowTo because
> there are maybe other users,too, who use an older samba release on their
> existing server, like I do.
> However, LDAP is working and I used the python script to check for
> duplicates as mentioned on the HowTo. I changed afterwards the python
> script
> to grep also for "uid" instead of "sambaSID" and when I found dups I
> removed
> them with my LDAP browser tool, then rechecked till no error message
> appeared. So fine so good, I thought LDAP is fine now.
> Well, I am trying the classic domain upgrade tool 1st time now by
> executing:
> " /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/etc/samba
> --use-xattrs=yes /etc/samba/smb.conf >
> /tmp/classicupgrade.log 2>&1
> This will result in following error. I pasted the tail of my generated
> /tmp/classicupgrade.log -->
> So I thought I try renaming the file "mv /etc/samba/winbindd_idmap.tdb
> /etc/samba/winbindd_idmap.tdb.bak".
> Before I retry the samba-tool command, I have to delete "rm
> /usr/local/samba/etc/smb.conf" and after I execute again the samba-tool I
> am
> getting this error message on the end -->
> Well, it seems that just deleting /usr/local/samba/etc/smb.conf was NOT
> ENOUGH as mentioned in the HowTo. I have to delete also
> /usr/local/samba/private/wins.ldb or better said => delete complete
> directory "/usr/local/samba/private" before each run ??? I tried, so I did:
> "mv /usr/local/samba/private /usr/local/samba/private.bak" or just "rm -rf
> /usr/local/samba/private" and also deleted "rm
> /usr/local/samba/etc/smb.conf". Then I executed again the samba-tool
> classic
> domain task and now I am getting following error at the end -->
> As you see, the logfile suddenly stops there, is that normal ? So as Rixter
> advised me, I wanted to retry that with -d3 option to get more infos. So I
> did:
> - rm -rf /usr/local/samba/private
> - rm /usr/local/samba/etc/smb.conf
> and executed the tool again with this command
> "/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/etc/samba
> --use-xattrs=yes -d3 /etc/samba/smb.conf >
> /tmp/classicupgrade.log 2>&1
> The logfile which was generated and edited with some comments of mine is
> downloadable here -->
> I also wonder what following message means which I found in my log:
> "init_sam_from_ldap: Entry found for user: samba$
> Demoting BDC account trust for samba, this DC must be elevated to an AD DC
> using 'samba-tool domain promote' "
> "samba" is the hostname of my old server HostA. What do I have to do for
> tasks here?
> So dear dev, it's really a pain in the ass and I am battling around for
> some
> days now and cannot get it work. Ist he problem beginning already at the
> step where I had to rename /etc/samba/winbindd_idmap.tdb to
> /etc/samba/winbindd_idmap.tdb.bak ?? I am really stuck at this point and
> hope someone can assist my dealing with these issues. Any help really
> appreciated.
> Thanks in advance.
> Ayarsii


More information about the samba-technical mailing list