[Samba] error when samba-tool domain classicupgrade

Gavrilov Aleksey gavrilov at info74.ru
Thu Jun 4 01:24:15 MDT 2015 

When you try to upgrade on a test stand, an error occurs.
I do not understand that you need to add ldap, or improve migration script?


Before that I tried to version 4.1.7, but the error was the sam

root at dc1:~/smb_old# samba --version
Version 4.2.2-SerNet-Ubuntu-7.trusty

I also modified the file
--- ./upgrade.py        2014-10-01 00:00:00.000000000 +0600
+++ /usr/lib/python2.7/dist-packages/samba/upgrade.py   2015-06-04 11:28:13.533990924 +0500
@@ -467,6 +467,9 @@
          ldapuser = samba3.lp.get("ldap admin dn")
          ldappass = secrets_db.get_ldap_bind_pw(ldapuser)
          if ldappass is None:
+           ldappass = "pass"  #1. Why is not defined in the file but it is available
+
+        if ldappass is None:
              raise ProvisioningError("ldapsam passdb backend detected but no LDAP Bind PW found in secrets.tdb for user %s.  Please point this tool at the secrets.tdb that was used by the previous installation.")
          ldappass = ldappass.strip('\x00')
          ldap = True
@@ -562,7 +565,8 @@
              continue
          if entry['rid'] >= next_rid:
              next_rid = entry['rid'] + 1
-
+       if username in "badretdinova":
+           continue
+        #2. The user has no in the ldap directory. I understand where he takes it. On it there is an error that no such user unix.

          user = s3db.getsampwnam(username)
          acct_type = (user.acct_ctrl & (samr.ACB_NORMAL|samr.ACB_WSTRUST|samr.ACB_SVRTRUST|samr.ACB_DOMTRUST))
          if acct_type == samr.ACB_SVRTRUST:

smb.conf from the old server
[global]
    workgroup = 74ru
    netbios name = dc1
    server string = Chelyabinsk PDC
    security = user
    enable privileges = yes
    admin users = @nt_admins
    hosts allow = 192.168. 127. 10.8.
    load printers = no
    log file = /var/log/samba.log
    max log size = 500
    encrypt passwords = yes
    passdb backend = ldapsam:"ldap://192.168.0.7/"
    #passdb backend = ldapsam:"ldap://127.0.0.1/"
    ldap suffix = ou=chelyabinsk,dc=rugion,dc=ru
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap admin dn = "cn=admin,dc=rugion,dc=ru"
    ldap delete dn = no
    ldap ssl = off
    ldap passwd sync = yes
    socket options = TCP_NODELAY
    smb ports = 139
    idmap gid = 10000-30000
    idmap uid = 10000-30000
    local master = yes
    os level = 200
    domain master = yes
    preferred master = yes
    domain logons = yes
    logon script = logon.bat
     logon path =
     logon home =
     logon drive =
     wins support = yes
     dns proxy = no
     unix charset = UTF-8
     time server = yes
     add machine script = /usr/local/sbin/ldapaddmachine '%u' nt_computers
     add user script = /usr/local/sbin/ldapadduser '%u' nt_users
     add group script = /usr/local/sbin/ldapaddgroup '%g'
     add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g'
     delete user script = /usr/local/sbin/ldapdeleteuser '%u'
     delete group script = /usr/local/sbin/ldapdeletegroup '%g'
     delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
     set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
     rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'

[netlogon]
     comment = Network Logon Service
     path = /usr/samba/netlogon/
     guest ok = yes
     writable = no
     share modes = no
     browseable = no
     write list = @nt_admins
     create mode = 666
     directory mode = 777

[IPC$]
     path = /tmp

also used the following structure ldap
Each unit is self-ldap samba3 nt domain
dc=rugion,dc=ru
ou=arkhangelsk,dc=rugion,dc=ru
ou=chelyabinsk,dc=rugion,dc=ru
ou=kazan,dc=rugion,dc=ru
ou=mcrugion,dc=rugion,dc=ru
ou=perm,dc=rugion,dc=ru
ou=rostov,dc=rugion,dc=ru
ou=samara,dc=rugion,dc=ru
ou=tumen,dc=rugion,dc=ru
ou=ufa,dc=rugion,dc=ru
ou=volgograd,dc=rugion,dc=ru
ou=yaroslavl,dc=rugion,dc=ru




root at dc1:~/smb_old# samba-tool domain classicupgrade --dbdir=/root/smb_old/ --use-xattrs=yes --realm=74ru.mpautina.ru --dns-backend=BIND9_DLZ /root/smb_old/smb.conf
Reading smb.conf
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
   Demoting BDC account trust for pdc, this DC must be elevated to an AD DC using 'samba-tool domain dcpromo'
Next rid = 132070
Failed to bind - LDAP error 34 LDAP_INVALID_DN_SYNTAX -  <invalid DN> <>
Failed to connect to 'ldap://192.168.0.7/' with backend 'ldap': (null)
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Could not open ldb connection to ldap://192.168.0.7/, the error message is: (34, None)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1452, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   
     raise ProvisioningError("Could not open ldb connection to %s, the error message is: %s" % (url, e))
root at dc1:~/smb_old#





-- 

Sincerely, Alexei Gavrilov
System Administrator
74.RU
tel .: 8 (351) 729-94-90, ext. 345
mob. 8904804 79 34
jabber: gavrilov at info74.ru
mailto: gavrilov at info74.ru
sip: 345 at info74.ru
Chelyabinsk, st. Melkombinat February 1st Precinct, 18, office 208
for TRC `Rodnik`

More information about the samba mailing list