'samba-tool domain classicupgrade' fails while reading posix attributes

Torsten Kurbad samba-technical at tk-webart.de
Thu Sep 20 19:04:31 MDT 2012 

Hi Andrew,

>> today I upgraded my Samba 4 test install from beta3 to rc1.
>> [...]
>> Failed to connect to ldap URL 'ldap://ldapsrv.iwm-kmrc.de' - LDAP
>> client internal error: NT_STATUS_BAD_NETWORK_NAME
>> Failed to connect to 'ldap://ldapsrv.iwm-kmrc.de' with backend
>> 'ldap': (null) Could not open ldb connection to
>> ldap://ldapsrv.iwm-kmrc.de, the error message is: (1, None)
>
>As I've said before, this is your fundamental issue.  If we cannot, for
>some reason, resolve the name ldapsrv.iwm-kmrc.de in the ldap://
>handler in ldb (which is different to the ldap handler in passdb,
>which uses openldap directly) then we should, and will fail. 

I thought a second time about that statement of yours and found a very
trivial solution. (see below)

>You need to dig into the code with either a higher debug level, or
>under gdb and set breakpoints to find out why this happens.

I don't have to. Since this name resolution problem doesn't seem to be
of a general nature, but rather exists somewhere within _my_ setup,
including perhaps even the VLAN ACls which forbid my clients to take
over the new PDC, etc., I took on a simple fix:

Changing
  passdb backend = ldapsam:ldap://ldapsrv.iwm-kmrc.de
to
  passdb backend = ldapsam:ldap://192.168.1.10

in my classic smb.conf did the trick. :-)

Additionally, it revealed some rather odd warnings:

 [...]
 Exporting posix attributes
 LDAP entry for user root contains more than one homeDirectory
 LDAP entry for user root contains more than one loginShell
 LDAP entry for user root contains more than one gidNumber
 Reading WINS database
 [...]

Actually, I do NOT know, why classicupgrade "thinks", my root would
have more than one loginShells, etc. The OpenLDAP schema forbids
something like that as well as AD does.

Is the mapping root->Administrator done before this step? For me, this
would be the only explanation, since in my classic setup, I have both
users in LDAP, and both with a fullblown set of posixAttrs, although
with disjunct values...

If the mapping takes place before reading the posix attrs, then perhaps
this behaviour should be treated as the real bug, but it's just a
quick (and tired - it's 3 am here :-) guess.


Best,
Torsten
-- 
  The scene is dull. Tell him to put more life into his dying.
  -Samuel Goldwyn

More information about the samba-technical mailing list