[Samba] Error on classic upgrade - valid group

Andrew Bartlett abartlet at samba.org
Tue Jul 30 01:03:04 MDT 2013

On Tue, 2013-07-23 at 20:41 -0300, Jonis Maurin Ceará wrote:
> Hi.
> I'm trying to convert from s3 to s4 using classic upgrade. I have LDAP
> backend and i'm getting this error:
> Ignoring group 'pgrd' S-1-5-21-511255529-1355219746-1726288727-3007 listed
> but then not found: Unable to enumerate group members,
> The problem is that this group is valid and almost all our users are in
> this group, so i can't just ignore. Brownsing my ldap i can find and see
> this group and this SID. What could be wrong?

How are they members of this group?  

The thing that Samba's classicupgrade code does that the operational
Samba 3.x DC didn't do by default is set 'ldapsam:trusted = yes'.  This
means that if you were using groupOfNames based groups, we might not
read that correctly in our internal handler, but nss_ldap would have, if

It's just a guess, but somewhere to start.  Otherwise, perhaps look at
this group and see if there is anything different about it?  Can you
show me the LDIF?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba mailing list