[Samba] Issues with classicupgrade LDAP

Benjamin Arntzen barntzen at digipen.edu
Wed Jun 11 17:52:51 MDT 2014 

Hi there,

I'm attempting a classicupgrade from Samba3 to Samba4 with an LDAP 
backend and encountering this error:
dpadmin at samba4-dev0:~$ samba-tool domain classicupgrade 
--dbdir=/var/lib/samba --use-xattrs=yes  --realm=ad.digipen.edu 
/home/dpadmin/smb.conf 2>&1 | tee SambaMigration10.log

<snip>
init_sam_from_ldap: Entry found for user: steven.redacted
init_sam_from_ldap: Entry found for user: lauro.redacted
init_sam_from_ldap: Entry found for user: michael.redacted
init_sam_from_ldap: Entry found for user: s.redacted
Next rid = 132072
Failed to bind - LDAP error 13 LDAP_CONFIDENTIALITY_REQUIRED - <TLS 
confidentiality required> <>
Failed to connect to 'ldap://204.174.42.81' with backend 'ldap': (null)
ERROR(<type 'exceptions.NameError'>): uncaught exception - global name 
'ProvisiongError' is not defined
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
1318, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 801, 
in upgrade_from_samba3
     raise ProvisiongError("Could not open ldb connection to %s, the 
error message is: %s" % (url, e))

I have this in my config files:
# Password Database
#---------------------
# passdb backend = ldapsam:ldap://localhost
# passdb backend = ldapsam:ldap://ldap.digipen.edu 
ldap://ldap-primary.digipen.edu
passdb backend = ldapsam:ldap://204.174.42.81
ldap admin dn = uid=redacted,ou=system,dc=digipen,dc=edu
ldap ssl = start tls
ldap passwd sync = yes
ldap delete dn = no
ldap suffix = dc=digipen,dc=edu
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldapsam:trusted = yes

The rest of the migration (including a lot of init_sam_from_ldap) works 
fine, and back on 4.0-beta it did *not* produce this issue. 
Unfortunately I can't go back to that version.

Help wanted :(

~ Benjamin
CSSA/Ops, DigiPen Redmond

More information about the samba mailing list