[Samba] Samba 3 classicupgrade to Samba AD

Andrew Bartlett abartlet at samba.org
Fri Jan 4 15:37:55 MST 2013 

On Fri, 2013-01-04 at 15:24 -0500, Adam Tauno Williams wrote:
> On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote:
> > Hey All,
> >  
> > I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD.  To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools.  I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
> > Importing groups
> > Importing users
> > Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
> > Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake.  Thanks in advance for any help!
> 
> I'd wager the error message is exact and meaningful - you have a
> duplicate sambaSID in your LDAPSAM.  Also the machine account "watersan
> $" contains a space.  That seems odd.
> 
> I had several of these inconsistencies in my old LDAPSAM that I needed
> to correct before the upgrade completed.

Adam, 

I agree.  As we have never had an internal passdb consistency checker
before, the checks being done as part of the import are often the first
time a Samba 3.x site will discover a number of internal
inconsistancies.

For example, we already check for usernames and group names that
overlap, and duplicate SIDs.  The detection of duplicate usernames is
left to this stage because we can give a clearer error message at this
point.  The script is just python however, and so it isn't hard to
improve if someone wants to provide a patch to improve it. 

Max,

Your issue might be that what we fill in as CN is a duplicate, rather
than the username.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list