[Samba] ClassicUpgrade => EpicFail

[Andrew Bartlett]

On Fri, 2013-04-05 at 14:47 -0500, Jon Detert wrote:
> ClassicUpgrade of my samba3 data to samba4 fails, with this error:
> 
>        ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid
> 
> Full log of the classicupgrade is at the end of this email.
> 
> Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' :

I should have been clearer:  I make no statement as to that validity of
your database, but note that this tool has much stricter requirements
than we enforced on passdb databases in the past.  

We never clearly specified nor enforced those requirements in the past,
but our new AD DC is much stricter, following the rules Microsoft has
always enforced in both NT4 and AD.  Databases created purely with our
tools and with matching /etc/passwd or (for ldap backends) LDAP-based
posixAccount entires are normally not an issue, but for example, we have
seen:
 - Duplicate SIDs
 - Names of users and groups overlapping
 - Accounts flagged as both normal users and machine accounts

In any case, from here the next debugging step would be to run with git
master or v4-0-test, as I included some idmap patches there that didn't
make 4.0.4.

Eventually, we will either to improve the import of the DB for your
particular issue, either to accept it (possibly fixing it along the way)
or more clearly rejecting it with a proper explanation. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org