[Samba] samba-tool classic upgrade - Next rid problem
abartlet at samba.org
Fri Jul 5 06:01:16 MDT 2013
On Thu, 2013-07-04 at 15:09 +0100, Chris Alavoine wrote:
> Hi there,
> I am trying to upgrade my old Samba3 (with LDAP backend) to Samba 4.
> I am doing this on a test VM for now as a proof of concept.
> When running this command:
> /usr/local/samba/bin/samba-tool domain classicupgrade
> --dbdir=/home/administrator/samba3/ --use-xattrs=yes
> --realm=internal.com /home/administrator/samba3/smb.conf
> I get this:
> Reading smb.conf
> Exporting account policy
> Exporting groups
> Exporting users
> Next rid = 2012040402
> Exporting posix attributes
> Reading WINS database
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> ProvisioningError: You want to run SAMBA 4 with a next_rid of 2012040402,
> the valid range is 1000-1000000000. The default is 1000.
> line 175, in _run
> return self.run(*args, **kwargs)
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
> 1318, in run
> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
> line 866, in upgrade_from_samba3
> use_ntvfs=use_ntvfs, skip_sysvolacl=True)
> line 2155, in provision
> line 1757, in provision_fill
> next_rid=next_rid, dc_rid=dc_rid)
> line 1227, in fill_samdb
> raise ProvisioningError(error)
> So, it appears that my Next rid parameter is too high (namely: 2012040402).
> I have run this multiple times and next rid is always the same number.
> Before I start decimating my LDAP directory has anyone seen this behaviour
> I have done a quick LDAP search and not been able to find any RID's that
> would cause such an inflated number so am a bit stumped.
Is that by chance the final component of any SID, even if not what you
would think to be the RID? eg the domain SID?
It could be that some entry is malformed such that there is 'no RID',
whereas that actually just means the last bit of what you would think of
as the 'domain SID' is actually the RID.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba