[Samba] samba-tool domain classicupgrade with LDAP backend

Mario Codeniera mario.codeniera at gmail.com
Thu Jan 3 18:24:12 MST 2013 

Can you connect to your ldap server locally?
*internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://XXXXXXX.XXXXXXX.XX' with backend 'ldap': (null)
Could not open ldb connection to ldap://XXXXXXX.XXXXXXX.XX, the erro*

If not check the ldap.conf, nslcd.conf and the PAM which is distro
specific.

Based on my experienced I used to check using the command below and if it
displays the user's passwords and the groups, you can successfully migrate
it
*$getent passwd *
*$getent group*



On Fri, Jan 4, 2013 at 12:52 AM, Juan Asensio Sánchez <okelet at gmail.com>wrote:

> Hi again
>
> Well, finally I got it, adding "ldap timeout" to smb.conf. Now I am getting
> another error when running the domain classicupgrade command of samba-tool:
>
> ...
> init_sam_from_ldap: Entry found for user: XXXXXXXX
> init_sam_from_ldap: Entry found for user: XXXXXXXX$
> Next rid = 12801001
> Failed to connect to ldap URL 'ldap://XXXXXXX.XXXXXXX.XX' - LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME
> Failed to connect to 'ldap://XXXXXXX.XXXXXXX.XX' with backend 'ldap':
> (null)
> Could not open ldb connection to ldap://XXXXXXX.XXXXXXX.XX, the error
> message is: (1, None)
> Exporting posix attributes
> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
> variable 'ldb_object' referenced before assignment
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line
> 1318, in run
>     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>   File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py",
> line 800, in upgrade_from_samba3
>     homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object,
> base_dn, username, "homeDirectory")
>
>
> I don't understand why the NT_STATUS_BAD_NETWORK_NAME error is thrown; I
> can ping and telnet the server XXXXXXX.XXXXXXX.XX in port 389 (previously
> it was on port 636 and ldaps, but changed to ldap and 389 to try to avoid
> the error); indeed, the script has obtained all groups and users
> previously...
>
> Any ideas?
>
>
>
>
> 2013/1/3 Juan Asensio Sánchez <okelet at gmail.com>
>
> > Hi
> >
> > I am testing the migration from our actual Samba domain, based on Samba
> > 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and
> > I have successfully compiled it. Now I am running the classicupgrade
> > command, but I am getting some errors.
> >
> > First of them is that the script is ignoring the "ldap group suffix"
> > parameter in smb.conf, and is always searching in the "ldap suffix".
> > Because our LDAP database is very big, the script is getting a timeout as
> > all groups are not received in time. I have changed the timeout and
> > timelimit values in ldap.conf to 300, but they are also being ignored.
> This
> > is the output of the script:
> >
> > [root at samba4 ~]# samba-tool domain classicupgrade ~/sambav3/smb.conf
> > --dbdir ~/sambav3/private --realm XXXXXXXXXX.TEST
> > Reading smb.conf
> > Processing section "[netlogon]"
> > Processing section "[unixscripts]"
> > Provisioning
> > smbldap_search_domain_info: Searching
> > for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXX.SACYL))]
> > smbldap_open_connection: connection opened
> > init_sam_from_ldap: Entry found for user: XXXXXXXXXX$
> > smbldap_search_domain_info: Searching
> > for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXX.SACYL))]
> > smbldap_open_connection: connection opened
> > Exporting account policy
> > Exporting groups
> > ldapsam_setsamgrent: LDAP search failed: Timed out
> > ldapsam_enum_group_mapping: Unable to open passdb
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to enumerate
> > group mappings, (-1073741790,Access denied)
> >   File
> > "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File
> > "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py",
> line
> > 1318, in run
> >     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> >   File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py",
> > line 635, in upgrade_from_samba3
> >     grouplist = s3db.enum_group_mapping()
> >
> >
> > And this is the LDAP access LOG:
> >
> > [03/Jan/2013:10:58:01 +0100] conn=24304 op=13 SRCH
> > base="dc=XXXXXXXXXX,dc=XX" scope=2
> filter="(objectClass=sambaGroupMapping)"
> > attrs="gidNumber sambaSID sambaGroupType sambaSIDList description
> > displayName cn objectClass"
> > [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 UNBIND
> > [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 fd=73 closed - U1
> >
> > dc=XXXXXXXXXX,dc=XX is our "ldap suffix", not our "ldap group suffix", as
> > it should. Any ideas how to fix these problems and continue with the
> tests?
> >
> > Regards and thanks in advance,
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list