[Samba] ClassicUpgrade => EpicFail
Gémes Géza
geza at kzsdabas.hu
Sat Apr 6 11:24:01 MDT 2013
2013-04-05 21:47 keltezéssel, Jon Detert írta:
> ClassicUpgrade of my samba3 data to samba4 fails, with this error:
>
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid
>
> Full log of the classicupgrade is at the end of this email.
>
> Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' :
>
>> The big issue here is that passdb has never had a 'fsck', and Samba
>> operates quite well as a 'classic' DC with an almost totally invalid
>> database!
>>
>> As to what has happened in your particular instance, could you please
>> post me the output of ldbdump private/idmap.ldb?"
> I did post that, and will do so again, at the end of this email.
>
> Assuming that the problem is my samba3 passdb.tdb data, what can I do to get on with the upgrade?
>
> My passdb is small-ish: 927 keys, according to this command, using samba3 binaries:
> "tdbtool passdb.db keys | wc -l"
>
> Is it feasible for me to manually 'fsck' my passdb.db?
>
> Just looking at the output of tdbtool, it appears that there are 3 different kinds of keys:
> 1) RID_<8 character hex code>; e.g. RID_00000c54
> 2) USER_<machine name>; e.g. USER_mailserver$
> 3) USER_<username>; e.g. USER_jdoe
>
> There are 463 RID_ keys, and 463 USER_ keys.
>
> That makes me think that there's supposed to be a RID_ key for each USER_ key. On that assumption, I did this to compare:
>
> 1) get sorted list of names appearing to be associated to RID_ keys:
>
> tdbtool passdb.tdb dump | perl -ne 'if (/^(RID_\S+)/) { $rid=$1; $count =0;} else { $count++; if ($count == 2 && /^\[\w+\]\s+(\w\w\s\s*)+(\w{3,}.*)$/) { $name = $2; $name =~ s/\s//g; print "$name\n";}}' | sort > RID-names
>
> 2) get sorted list of names from USER_ keys:
>
> tdbtool passdb.tdb keys | grep USER | sed 's/USER_//' | sort > USER-names
>
> 3) compare the 2 lists:
>
> diff USER-names RID-names
> 6c6
> < a758b$
> ---
>> a758$
> 147d146
> < foo-0m1onzr8h2a$
> 175,176d173
> < is-conference$
> < is-contractor$
> 244a242
>> kstachowiak$
> 270d267
> < lwilcott$
> 421a419
>> termservbill$
> 424a423
>> termservdev$
> 450d448
> < tthomas
>
> There are diffs. I.e. There is a USER_ key for machine a758b, but no associated RID_ key.
> There are RID_ keys for 4 machine accounts (a758$, kstachowiak$, termservbill$, termservdev$) that have no USER_ keys. Etc.
>
> Are these diffs indicative of problems that would cause the Classic Upgrade to fail? If so, can I use pdbedit to remove these problems from my samba3 passdb.tdb?
>
> Thanks,
>
> Jon
>
>
> p.s. The full classic upgrade log, with log level set to 3:
>
> <classicUpgradeLog>
> Reading smb.conf
> Processing section "[netlogon]"
> Processing section "[homes]"
> Processing section "[hr]"
> Processing section "[is]"
> Processing section "[billing]"
> Processing section "[names]"
> Processing section "[changed]"
> Processing section "[to]"
> Processing section "[protect]"
> Processing section "[the]"
> Processing section "[innocent]"
> Processing section "[is_helpdesk]"
> Processing section "[ISContractsAndLicenses]"
> Processing section "[unsecure]"
> Processing section "[names]"
> Processing section "[changed]"
> Processing section "[spaceplan]"
> Processing section "[dr]"
> Processing section "[to]"
> Processing section "[hr_scan]"
> Processing section "[ar]"
> Processing section "[minutes]"
> Processing section "[meeting_08_05]"
> Processing section "[meeting_08_18]"
> Processing section "[hr_analyst]"
> Processing section "[hr_payroll]"
> Processing section "[protect]"
> Processing section "[financial_systems]"
> Processing section "[is_files]"
> Processing section "[valuation_model]"
> Processing section "[the]"
> Processing section "[innocent]"
> Processing section "[bla]"
> Processing section "[is_technical_services]"
> Processing section "[bla bla]"
> Processing section "[bla bla bla]"
> Processing section "[bla bla bla bla]"
> Processing section "[is_billing_files]"
> Processing section "[lawson_project]"
> Processing section "[jklsdfjklsdf]"
> Processing section "[sdfsdfa]"
> Processing section "[fax]"
> Processing section "[werwer]"
> Processing section "[anesth_coding]"
> Processing section "[is_crystal_reports]"
> Processing section "[7iiio]"
> Processing section "[uiui]"
> Processing section "[asdasdasd]"
> Provisioning
> Exporting account policy
> Exporting groups
> Exporting users
> <snip>
> I omitted a whole bunch of lines from this output like the following, in order to remove sensitive names.
> </snip>
> Ignoring group memberships of 'helpstar-phone$' S-1-5-21-4219228698-1431711829-1578001372-2776: Unable to enumerate group memberships, (-1073741724,No such user)
> Demoting BDC account trust for mobius, this DC must be elevated to an AD DC using 'samba-tool domain promote'
> Ignoring group memberships of 'mrad$' S-1-5-21-4219228698-1431711829-1578001372-2952: Unable to enumerate group memberships, (-1073741724,No such user)
> Next rid = 3689
> Exporting posix attributes
> Reading WINS database
> Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/usr/local/mobius/var/wins.dat'
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> lp_load_ex: refreshing parameters
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Module 'acl_xattr' loaded
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1)
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata
> Adding DomainDN: DC=infinityhealthcare,DC=com
> DN: DC=infinityhealthcare,DC=com is a NC
> Adding configuration container
> DN: CN=Configuration,DC=infinityhealthcare,DC=com is a NC
> Setting up sam.ldb schema
> DN: CN=Schema,CN=Configuration,DC=infinityhealthcare,DC=com is a NC
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> Setting up self join
> Setting acl on sysvol skipped
> Adding DNS accounts
> Creating CN=MicrosoftDNS,CN=System,DC=infinityhealthcare,DC=com
> Creating DomainDnsZones and ForestDnsZones partitions
> DN: DC=DomainDnsZones,DC=infinityhealthcare,DC=com is a NC
> DN: DC=ForestDnsZones,DC=infinityhealthcare,DC=com is a NC
> Populating DomainDnsZones and ForestDnsZones partitions
> Setting up sam.ldb rootDSE marking as synchronized
> Fixing provision GUIDs
> A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
> Setting up fake yp server settings
> Once the above files are installed, your Samba4 server will be ready to use
> Server Role: active directory domain controller
> Hostname: samba4
> NetBIOS Domain: IHC
> DNS Domain: infinityhealthcare.com
> DOMAIN SID: S-1-5-21-4219228698-1431711829-1578001372
> Importing WINS database
> Importing Account policy
> Importing idmap database
> lp_load_ex: refreshing parameters
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> ldb_wrap open of idmap.ldb
> Importing groups
> Importing users
> User root has been kept in the directory, it should be removed in favour of the Administrator user
> Adding users to groups
> Setting password for administrator
> Administrator password has been set to password of user 'root'
> lp_load_ex: refreshing parameters
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> ldb_wrap open of idmap.ldb
> ldb_wrap open of idmap.ldb
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> Initialising default vfs hooks
> Initialising custom vfs hooks from [/[Default VFS]/]
> Initialising custom vfs hooks from [acl_xattr]
> Initialising custom vfs hooks from [dfs_samba4]
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol
> unpack_nt_owners: owner sid mapped to uid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> unpack_nt_owners: group sid mapped to gid 0
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED
> idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-512: NT_STATUS_NONE_MAPPED
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid
> File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 938, in upgrade_from_samba3
> result.names.domaindn, result.lp, use_ntvfs)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1581, in setsysvolacl
> set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1511, in set_gpos_acl
> passdb=passdb)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1474, in set_dir_acl
> setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 104, in setntacl
> (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
> </ClassicUpgradeLog>
>
>
> p.p.s. The ldbdump requested by A.Bartlett:
> <RequestedOutput>
> # /home/jdetert/samba4-master/bin/ldbdump /usr/local/samba/private/idmap.ldb
> dn: CN=CONFIG
> cn: CONFIG
> upperBound: 4000000
> lowerBound: None
> xidNumber: None
>
> dn: CN=S-1-5-7
> cn: S-1-5-7
> objectClass: sidMap
> objectSid: S-1-5-7
> type: ID_TYPE_UID
> xidNumber: 65534
>
> dn: CN=S-1-5-21-4219228698-1431711829-1578001372-500
> cn: S-1-5-21-4219228698-1431711829-1578001372-500
> objectClass: sidMap
> objectSid: S-1-5-21-4219228698-1431711829-1578001372-500
> type: ID_TYPE_UID
> xidNumber: 0
>
> dn: CN=S-1-5-21-4219228698-1431711829-1578001372-513
> cn: S-1-5-21-4219228698-1431711829-1578001372-513
> objectClass: sidMap
> objectSid: S-1-5-21-4219228698-1431711829-1578001372-513
> type: ID_TYPE_GID
> xidNumber: 100
>
> dn: @INDEXLIST
> @IDXATTR: xidNumber
> @IDXATTR: objectSid
>
> #
> </RequestedOutput>
Hi,
In order to do a successful classicupgrade samba4 needs to be able to
resolve sids, uids and gids. The way it can be done depends on what kind
of passdb backend was used with the classic (aka samba3) domain. There
are two (supported) cases:
1. tdbsam: SIDs in tdb; uids and gids obtained from nss calls (as
configured in /etc/nsswitch.conf): In this case samba4 needs to be able
to lookup that information
2. ldapsam: SIDs, uids and gids are in LDAP and samba4 can obtain all
the informations needed doing ldap lookups
From what you have wrote I think you are using tdbsam and didn't
configured the box running samba4 to ba able to lookup the uids and
gids, how to do that depends on where were the user and groups defined
on the samba3 box.
Regards
Geza Gemes
More information about the samba
mailing list