[Samba] samba-tool classicupgrade throws uncaught exception

Scott Goodwin scott at mimicsimulation.com
Mon Aug 19 16:01:15 MDT 2013 

I have a new server running CentOS 6.4 x64, which will serve as our new
Samba4 server. It is set up in a test environment, and I've copied over the
tdb files and the smb.conf file from our samba3 server (Same OS and
version).
I'm trying to do an in-place upgrade on the copied files, but keep hitting
an assert / uncaught exception during the upgrade:

# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/root/smb3
--use-xattrs=yes --realm=MYDOMAIN.COM --verbose /root/smb3/smb.conf

Reading smb.conf
Provisioning
Exporting account policy
Exporting groups
Exporting users
Ignoring group memberships of 'testuser' S-1-5-21-XXXXXXXXXXXXXXXXXX-1065:
Unable to enumerate group memberships, (-1073741724,No such user)
  Skipping wellknown rid=501 (for username=nobody)
Ignoring group memberships of 'TEST-PC$' S-1-5-21-XXXXXXXXXXXXXXXXXX-1097:
Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'testuser2' S-1-5-21-XXXXXXXXXXXXXXXXXX-1075:
Unable to enumerate group memberships, (-1073741724,No such user)
Next rid = 9001
Exporting posix attributes
Reading WINS database
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=mydomain,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=mydomain,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              myserver
NetBIOS Domain:        MYDOMAIN
DNS Domain:            mydomain.com
DOMAIN SID:            S-1-5-21-XXXXXXXXXXXXXXXXXX
Importing WINS database
Importing Account policy
Importing idmap database
ERROR(assert): uncaught exception
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 868, in upgrade_from_samba3
    import_idmap(result.idmap, samba3, logger)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 214, in import_idmap
    samba3_idmap = samba3.get_idmap_db()
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
line 402, in get_idmap_db
    return IdmapDatabase(self.statedir_path("winbindd_idmap.tdb"))
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
line 59, in __init__
    self._check_version()
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
line 142, in _check_version
    assert fetch_int32(self.tdb, "IDMAP_VERSION\0") == IDMAP_VERSION_V2


The error indicates an idmap problem, so on advise of another poster, I
renamed my winbindd_idmap.tdb file, then tried again (after deleting the
generated tdb files and smb.conf).  This, however, caused another error:

...
...
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Importing groups
Could not add group name=Domain Admins ((68, "samldb: Account name
(sAMAccountName) 'Domain Admins' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057,
id=502, type=ID_TYPE_GID ((32, "Base-DN
'<SID=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057>' not found"))
Could not add posix attrs for AD entry for
sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057, ((32, "Base-DN
'<SID=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057>' not found"))
Could not add group name=Domain Users ((68, "samldb: Account name
(sAMAccountName) 'Domain Users' already in use!"))
Could not modify AD idmap entry for sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066,
id=100, type=ID_TYPE_GID ((32, "Base-DN
'<SID=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066>' not found"))
Could not add posix attrs for AD entry for
sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066, ((32, "Base-DN
'<SID=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066>' not found"))
Importing users
User root has been kept in the directory, it should be removed in favour of
the Administrator user
Adding users to groups
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: Could not add member 'S-1-5-21-XXXXXXXXXXXXXXXXXX-1002'
to group 'S-1-5-21-XXXXXXXXXXXXXXXXXX-1057' as either group or user record
doesn't exist: Base-DN '<SID=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057>' not found
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 1318, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 913, in upgrade_from_samba3
    add_users_to_group(result.samdb, g, groupmembers[str(g.sid)], logger)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 316, in add_users_to_group
    raise ProvisioningError("Could not add member '%s' to group '%s' as
either group or user record doesn't exist: %s" % (member_sid, group.sid,
emsg))


I'm wondering if my winbindd_idmap.tdb is invalid, as ldbdump
winbindd_idmap.tdb returns nothing, and the tdb file is only 696 bytes.  If
this is the issue, can I "rebuild it" on the samba3 server?

Here's the global section of my smb.conf:

          workgroup = MYDOMAIN
        netbios name = MYSERVER
        server string = "Samba4 AD"
        interfaces = 192.168.0.0/24
        bind interfaces only = Yes
        passdb backend = tdbsam
        username map = /etc/samba/smbusers
        admin users = scott
        wins support = Yes
        smb ports = 139
        time server = Yes
        client ntlmv2 auth = Yes
        log file = /var/log/samba/log.%m
        max log size = 1000
        debug uid = Yes
        deadtime = 15
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        show add printer wizard = No
        load printers = no
        printing = bsd
        disable spoolss = yes
        printcap name = /dev/null
        printcap cache time = 0
        add user script = /usr/sbin/useradd -m -g users %u
        logon script = logon.bat
        logon path =
        logon drive = H:
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        unix password sync = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        pam password change = Yes

Thanks ahead of time for any assistance, and if you need additional info,
let me know.
--scott

More information about the samba mailing list