[Samba] [samba4] How to use my ldap users in sam.ldb?

Ced T samba-inist at inist.fr
Tue Sep 4 06:16:51 MDT 2012 

Yes with this command line

//usr/local/samba/bin/samba-tool domain classicupgrade 
--dbdir=/home/user/samba3/ --use-xattrs=yes  --realm=LABO.FR 
/home/user/user/smb.conf/

(where smb.conf is a copy of my old samba3 server that use my openldap 
database and /home/user/samba3 contains a copy of samba3 databases)

I can see he connects successfully to my openldap database and he begins 
to export accounts

/Reading smb.conf//
//Processing section "[homes]"//
//Processing section "[printers]"//
//Processing section "[print$]"//
//Provisioning//
//smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABO))]//
//smbldap_open_connection: connection opened//
//ldap_connect_system: successful connection to the LDAP server//
//Exporting account policy//
//Exporting groups//
//ldapsam_setsamgrent: 0 entries in the base!//
//Exporting users//
//smbldap_search_paged: base => [dc=labo,dc=fr], filter => 
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024]//
//smbldap_search_paged: search was successful//
//init_sam_from_ldap: Entry found for user: balezo//
//smbldap_search_domain_info: Searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=LABO))]//
//smbldap_open_connection: connection opened//
//ldap_connect_system: successful connection to the LDAP server//
//ERROR: Got 0 entries for gid 100, expected one//
//Forcing Primary Group to 'Domain Users' for balezo//
//primary group of [balezo] not found//
//Ignoring group memberships of 'balezo' 
S-1-5-21-3929439064-1197820248-2386129086-6000: Unable to enumerate 
group memberships, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)//
//init_sam_from_ldap: Entry found for user: calvigna//
//ERROR: Got 0 entries for gid 100, expected one//
//Forcing Primary Group to 'Domain Users' for calvigna//
//primary group of [calvigna] not found//
//Ignoring group memberships of 'calvigna' 
S-1-5-21-3929439064-1197820248-2386129086-6002: Unable to enumerate 
group memberships, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)//
//init_sam_from_ldap: Entry found for user: currie//
//ERROR: Got 0 entries for gid 100, expected one//
/...
But suddenly he crashes with these errors:

/Failed to connect to ldap URL 'ldaps://ldap.intra.labo.fr/' - LDAP 
client internal error: NT_STATUS_BAD_NETWORK_NAME//
//Failed to connect to 'ldaps://ldap.intra.labo.fr/' with backend 
'ldaps': (null)//
//Could not open ldb connection to ldaps://ldap.intra.labo.fr/, the 
error message is: (1, None)//
//Exporting posix attributes//
//smbldap_search_paged: base => [dc=labo,dc=fr], filter => 
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024]//
//smbldap_search_paged: search was successful//
//ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - 
local variable 'ldb_object' referenced before assignment//
//  File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 160, in _run//
//    return self.run(*args, **kwargs)//
//  File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", 
line 1013, in run//
//    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)//
//  File 
"/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 
795, in upgrade_from_samba3//
//    homes[username] = get_posix_attr_from_ldap_backend(logger, 
ldb_object, base_dn, username, "homeDirectory")/

Any Ideas ?

Ced T


Le 04/09/2012 11:10, Andrew Bartlett a écrit :
> On Tue, 2012-09-04 at 10:17 +0200, Ced T wrote:
>> Hi
>> I successfully compiled samba4 on my ubuntu.
>> Actually, most our Linux servers are using en openldap base to authenticate.
>> All the samba 3 servers use this openldap base
>>
>> /passdb backend = ldapsam:ldaps://ldap.intra.labo.fr// (in the smb.conf)
>>
>> I tried to migrate the users account of my openldap database to internal
>> samba4 ldap database.
>> For this I used the myldap-pub.py script with this command line :
>>
>> /./myldap-pub.py --ldap_uri=ldap://ldap-server.labo.fr \//
>> //--ldap_binddn="cn=admin,ou=administrateur,dc=labo,dc=fr"  \//
>> //--ldap_bindpwd="password" \//
>> //--output_basedn="dc=labo,dc=fr" \//
>> //--input_domain_name="DOMAIN"  \//
>> //--input_basedn="dc=labo,dc=fr" \//
>> //--import_accounts=Users \//
>> //--output_users_ou="ou=People" \//
>> //--remove_input_attributes="a lot of useless attributes"//
> Use 'samba-tool domain classicupgrade' instead.
>
> Andrew Bartlett
>

More information about the samba mailing list