[Samba] Classic upgrade fails

John Gardeniers jgardeniers at objectmastery.com
Tue Aug 18 03:57:27 UTC 2015


Never mind, I figured it out. Our samba 3 ldap sambaDomainName bears no 
relationship to the domain name (dn=...). By dumping ldap to file, 
editing the sambaDomainName entries and re-importing back into ldap (on 
the temporary ldap server created for the upgrade) I was able to 
correctly import the users and computers along with the rest. This 
incidentally also answers my previous question about renaming the domain 
during the classicupgrade.

regards,
John


On 18/08/15 09:38, John Gardeniers wrote:
> I'm attempting to test the classic upgrade method using the 
> instructions at 
> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_(NT4-style_domain_to_AD).
>
> Not wishing to risk any damage to our existing Samba 3 domain I 
> created a new ldap server and imported our domain ldap into it and am 
> using that machine as the source ldap server for the upgrade process. 
> The *.tdb files have been copied over from the original Samba 3 PDC.
>
> When I try to run the classicupgrade command I end up with no users or 
> computers being imported. Groups seem to import just fine, although 
> they have no members due to the lack of users. The output from the 
> command contains the following (very abbreviated):
>
> ==================================================
> Inconsistent SAM -- group member uid not in our domain
> Ignoring group 'Domain Admins' 
> S-1-5-21-186460106-519856540-763373030-512 listed but then not found: 
> Unable to enumerate group members, (-1073741596,This error indicates 
> that the requested operation cannot be completed due to a catastrophic 
> media failure or an on-disk data structure corruption.)
> Inconsistent SAM -- group member uid not in our domain
> Ignoring group 'Domain Users' 
> S-1-5-21-186460106-519856540-763373030-513 listed but then not found: 
> Unable to enumerate group members, (-1073741596,This error indicates 
> that the requested operation cannot be completed due to a catastrophic 
> media failure or an on-disk data structure corruption.)
> ....
>
> Exporting users
> sid S-1-5-21-186460106-519856540-763373030-500 does not belong to our 
> domain
> sid S-1-5-21-186460106-519856540-763373030-2998 does not belong to our 
> domain
> ....
>
> Exporting posix attributes
> sid S-1-5-21-186460106-519856540-763373030-500 does not belong to our 
> domain
> sid S-1-5-21-186460106-519856540-763373030-2998 does not belong to our 
> domain
> ==================================================
>
> Reading the instructions suggests this should be a simple and 
> straightforward process, yet I'm finding it to be anything but. What 
> have I done wrong, or missed?
>
> regards,
> John
>
>




More information about the samba mailing list