[Samba] samba-tool classicupgrade throws uncaught exception

Scott Goodwin scott at mimicsimulation.com
Wed Aug 21 18:39:07 MDT 2013 

Actually, what I ended up doing to fix this was the following, in case it
benefits the next person.

On my samba3 doamin, I did:
# net groupmap delete sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066
# net groupmap add rid=513 unixgroup=users type=domain ntgroup="Domain
Users"
# net groupmap delete sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057
# net groupmap add rid=512 unixgroup=smbadmins type=domain ntgroup="Domain
Admins"

Then on my Windows server (a separate member server of the domain, which
has a few shares on it), I redid the sharing and Security permissions,
since Windows had the old SID in there.  Simply re-adding the proper group
sufficed, and users were good to go.

I then was able to successfully complete the classicupgrade tool on my
resulting tdbs.

--scott


*Scott Goodwin*
IT Lead
Mimic Technologies, Inc
811 First Avenue, Suite 408  |  Seattle, WA 98104
phone: 1.800.918.1670  |  direct: 206.456.9180
fax: 206.623.3491  |  cell: 206.355.7767



On Tue, Aug 20, 2013 at 2:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:

> On Tue, 2013-08-20 at 11:33 -0700, Scott Goodwin wrote:
> > Update:
> > Upon further investigation, the group with SID ending in -1057 is my
> Domain
> > Admins group, which is mapped to unix group "smbadmins".  SID ending in
> > -1066 (see my original posting) is Domain Users, which I have mapped to
> > unix group "users".
> > I suspect that if I remove these two mappings, the classic upgrade may
> > succeed, at which point I can re-add them.
> >
> > Two things:
> > 1) Is it a problem that my Domain Admins and Domain Users groups do not
> > have the standard NT4 domain suffixes (I think Domain Admins typically
> ends
> > with -512. Can't remember what the suffix for Domain Users is, but it
> isn't
> > -1066).
>
> Yes.
>
> > 2) Is there a way to remove these mappings from the .tdb files I have
> > copied over to the new server?  I know I can remove the mapping from my
> old
> > server, then re-copy the tdb files over, then re-add the mapping on my
> > samba3 server, but the Domain Users mapping would impact users (I'm
> pretty
> > sure), and I want to avoid that if possible.  So, I'm hoping there is a
> way
> > to manually edit the tdb's in the test environment where my samba4 server
> > is, or some tool that can assist in such.
>
> The 'Samba3' tools still work in Samba 4.0, so if you put the files in
> the 'expected' locations on in the new server, then you should be able
> to just edit them there, as if it was the original server.  Then
> upgrade.
>
> I hope this helps,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Catalyst IT                   http://catalyst.net.nz
>
>
>

More information about the samba mailing list