[Samba] Import idmap database error on classicupgrade process
Elias Pereira
empbilly at gmail.com
Fri May 22 06:35:22 MDT 2015
Hey, man, the error:
Provisioning
smbldap_search_domain_info: Searching for:[(&(objectClass=
sambaDomain)(sambaDomainName=EMPRESA))]
smbldap_open_connection: connection opened
failed to bind to server ldap://127.0.0.1 with
dn="cn=Manager,dc=empresa,dc=com"
Error: Invalid credentials
(unknown)
has been fixed. :D
I modified the master password of ldap (vm) for the same that was stored in
secrets.tdb (real server) and access the ldap vm.
Now, is a long layoff in the following message:
*Demoting BDC account trust for samba, this DC must be elevated to an AD DC
using 'samba-tool domain dcpromo'*
Provisioning
Exporting account policy
Exporting groups
Ignoring group 'Domain Users' S-1-5-21-187220369-3628530160-3539241734-513
listed but then not found: Unable to enumerate group members,
(-1073741823,Undetermined error)
Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
Unable to enumerate members for alias, (-1073741487,The specified local
group does not exist.)
Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found:
Unable to enumerate members for alias, (-1073741487,The specified local
group does not exist.)
Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
Unable to enumerate members for alias, (-1073741487,The specified local
group does not exist.)
Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found:
Unable to enumerate members for alias, (-1073741487,The specified local
group does not exist.)
Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable
to enumerate members for alias, (-1073741487,The specified local group does
not exist.)
Ignoring group 'Alunos' S-1-5-21-187220369-3628530160-3539241734-10080
listed but then not found: Unable to enumerate group members,
(-1073741823,Undetermined error)
Exporting users
Skipping wellknown rid=500 (for username=root)
Demoting BDC account trust for samba, this DC must be elevated to an AD
DC using 'samba-tool domain dcpromo'
Samba is working or he stopped and I need to perform the requested command
(samba-tool domain dcpromo)?
On Fri, May 22, 2015 at 8:52 AM, Elias Pereira <empbilly at gmail.com> wrote:
> Rowland,
>
> Debbugging information:
> In my virtual environment for migration samba3 for Samba4 I have the
> following settings for my server:
>
> /etc/hosts
>
> 127.0.0.1 localhost
> 192.168.77.220 SOL.poa.ifrs.edu.br SOL
>
>
>
> /etc/network/interfaces
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> #auto eth0
> #iface eth0 inet dhcp
>
> auto eth1
> iface eth1 inet static
> address 192.168.77.220
> netmask 255.255.255.0
> gateway 192.168.77.1
>
>
> /etc/resolv.conf
>
> domain poa.ifrs.edu.br
> nameserver 192.168.77.220
>
>
> They are correct? These settings can somehow influence in not be
> connecting with the ldap at the time of provision?
>
> On Thu, May 21, 2015 at 5:57 PM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>> On 21/05/15 21:49, Elias Pereira wrote:
>>
>> Rowland,
>>
>> Perhaps this question is too stupid, but I have to ask. :)
>>
>> This new server that will be the Samba4 AD/DC need to have installed
>> samba3 - working with ldap - just as I have in the real server?
>>
>>
>> No, you only need ldap running and the listed *.tdb files
>>
>>
>> Why the question. Because has hinted when I read again this section of
>> the wiki:
>> *Before you start, shutdown your Samba PDC services (smbd, nmbd,
>> winbind), but leave your LDAP server running...*
>> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29#The_classicupgrade_process
>>
>> I'm wrong?
>>
>>
>> Not wrong really, just a slight misunderstanding and if you wait a short
>> while it will be a lot clearer.
>>
>>
>> Rowland
>>
>> On Thu, May 21, 2015 at 4:33 PM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>> On 21/05/15 19:24, Elias Pereira wrote:
>>>
>>>> Then why can the upgrade not contact the ldap server ?
>>>>>
>>>> I dont know! :(
>>>>
>>>> Was ldap running on another computer before ?
>>>>
>>>> I installed a temporary openLDAP backend on the new host.
>>>>
>>>
>>> After examining upgrade.py, it would seem that you don't need much of
>>> your original smb.conf, I am sending you a cut down smb.conf to try.
>>>
>>> Have another read of the samba wiki page:
>>>
>>>
>>> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
>>>
>>> Double check that you have done everything that pages suggests and then
>>> try again with the smb.conf I will send you.
>>>
>>> If, as I hope, you are testing this in a VM (or similar) do the testing
>>> in a terminal where you have logged into the VM as root via ssh. You will
>>> then be able to cut & paste the output into an email. If you are still
>>> having problems, send the output direct to me.
>>>
>>> Rowland
>>>
>>>
>>>
>>>> Can you post the smb.conf from the old PDC ? the one you are trying to
>>>>
>>>>> upgrade from.
>>>>>
>>>> I sent my smb.conf to your private e-mail.
>>>>
>>>> On Thu, May 21, 2015 at 3:08 PM, Rowland Penny <
>>>> rowlandpenny at googlemail.com>
>>>> wrote:
>>>>
>>>> On 21/05/15 18:46, Elias Pereira wrote:
>>>>>
>>>>> Is ldap running on the computer you are trying to run the
>>>>>> classicupgrade
>>>>>>
>>>>>>> on?
>>>>>>>
>>>>>>> Yes.
>>>>>>
>>>>>> Then why can the upgrade not contact the ldap server ?
>>>>>
>>>>> Was ldap running on another computer before ?
>>>>>
>>>>> Can you post the smb.conf from the old PDC ? the one you are trying to
>>>>> upgrade from.
>>>>>
>>>>> Rowland
>>>>>
>>>>> I need to modify other files too?
>>>>>
>>>>>> On Thu, May 21, 2015 at 2:39 PM, Rowland Penny <
>>>>>> rowlandpenny at googlemail.com>
>>>>>> wrote:
>>>>>>
>>>>>> On 21/05/15 18:22, Elias Pereira wrote:
>>>>>>
>>>>>>> Ok. I uncomment that line and put:
>>>>>>>
>>>>>>>> passdb backend = ldapsam:ldap://127.0.0.1
>>>>>>>>
>>>>>>>> Is ldap running on the computer you are trying to run the
>>>>>>>>
>>>>>>> classicupgrade
>>>>>>> on ?
>>>>>>>
>>>>>>> It needs to connect to the ldap server, so if the ldap server is
>>>>>>> running
>>>>>>> on another computer, you need to use either the FQDN of that
>>>>>>> computer or
>>>>>>> its ipaddress.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Error message:
>>>>>>>
>>>>>>>>
>>>>>>>> Provisioning
>>>>>>>>
>>>>>>>> smbldap_search_domain_info: Searching
>>>>>>>>
>>>>>>>>> for:[(&(objectClass=sambaDomain)(sambaDomainName=EMPRESA))]
>>>>>>>>> smbldap_open_connection: connection opened
>>>>>>>>> failed to bind to server ldap://127.0.0.1 with
>>>>>>>>> dn="cn=Manager,dc=empresa,dc=com" Error: Invalid credentials
>>>>>>>>> (unknown)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 21, 2015 at 1:53 PM, Rowland Penny <
>>>>>>>> rowlandpenny at googlemail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> On 21/05/15 17:28, Elias Pereira wrote:
>>>>>>>>
>>>>>>>> You're right, man! Sorry! My mistake!
>>>>>>>>>
>>>>>>>>> I put that file because I read in somewhere about the persistent
>>>>>>>>>> and
>>>>>>>>>> temporary files regarding .tdb files. The winbindd_idamp.tbm was
>>>>>>>>>> on
>>>>>>>>>> that
>>>>>>>>>> list, and I think that's why I left it in the folder. :D
>>>>>>>>>>
>>>>>>>>>> Another doubt. For the provisioning starts, I had to comment out
>>>>>>>>>> the
>>>>>>>>>> line
>>>>>>>>>> referring to the ldap backend in the smb.conf of samba3.
>>>>>>>>>>
>>>>>>>>>> # passdb backend = ldapsam:ldap://empresa.com
>>>>>>>>>>
>>>>>>>>>> This can affect the provisioning?
>>>>>>>>>>
>>>>>>>>>> Possibly, without that line I don't think it will contact the
>>>>>>>>>> ldap
>>>>>>>>>>
>>>>>>>>>> server,
>>>>>>>>> but 'ldap://empresa.com' doesn't look right, I would expect
>>>>>>>>> something
>>>>>>>>> like 'ldap://ldapdc.empresa.com' or 'ldap://127.0.0.1' i.e a
>>>>>>>>> resolvable
>>>>>>>>> dns address.
>>>>>>>>>
>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, May 21, 2015 at 12:48 PM, Rowland Penny <
>>>>>>>>>
>>>>>>>>> rowlandpenny at googlemail.com
>>>>>>>>>>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> On 21/05/15 16:31, Elias Pereira wrote:
>>>>>>>>>>>
>>>>>>>>>>> I copied all the database files of samba3 as is mentioned in
>>>>>>>>>>> the
>>>>>>>>>>> wiki -
>>>>>>>>>>>
>>>>>>>>>>> The
>>>>>>>>>>>
>>>>>>>>>>>> classicupgrade process
>>>>>>>>>>>> <
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_(NT4-style_domain_to_AD)#The_classicupgrade_process
>>>>>>>>>>>>
>>>>>>>>>>>> But if the winbindd_idmap.tdb file is in the folder, the errors
>>>>>>>>>>>> occur.
>>>>>>>>>>>> See
>>>>>>>>>>>> below:
>>>>>>>>>>>>
>>>>>>>>>>>> Importing idmap database
>>>>>>>>>>>>
>>>>>>>>>>>> ERROR(assert): uncaught exception
>>>>>>>>>>>>
>>>>>>>>>>>> File
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>>>>>>>>>>>> line 175, in _run
>>>>>>>>>>>>> return self.run(*args, **kwargs)
>>>>>>>>>>>>> File
>>>>>>>>>>>>>
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>>>>>>>>>>>> line 1452, in run
>>>>>>>>>>>>> useeadb=eadb, dns_backend=dns_backend,
>>>>>>>>>>>>> use_ntvfs=use_ntvfs)
>>>>>>>>>>>>> File
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/upgrade.py",
>>>>>>>>>>>>> line
>>>>>>>>>>>>> 749, in upgrade_from_samba3
>>>>>>>>>>>>> import_idmap(result.idmap, samba3, logger)
>>>>>>>>>>>>> File
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/upgrade.py",
>>>>>>>>>>>>> line
>>>>>>>>>>>>> 215, in import_idmap
>>>>>>>>>>>>> samba3_idmap = samba3.get_idmap_db()
>>>>>>>>>>>>> File
>>>>>>>>>>>>>
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/samba3/__init__.py",
>>>>>>>>>>>>> line 406, in get_idmap_db
>>>>>>>>>>>>> return
>>>>>>>>>>>>> IdmapDatabase(self.statedir_path("winbindd_idmap"))
>>>>>>>>>>>>> File
>>>>>>>>>>>>>
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/samba3/__init__.py",
>>>>>>>>>>>>> line 63, in __init__
>>>>>>>>>>>>> self._check_version()
>>>>>>>>>>>>> File
>>>>>>>>>>>>>
>>>>>>>>>>>>> "/opt/samba/lib/python2.7/site-packages/samba/samba3/__init__.py",
>>>>>>>>>>>>> line 146, in _check_version
>>>>>>>>>>>>> assert fetch_int32(self.db, "IDMAP_VERSION\0") ==
>>>>>>>>>>>>> IDMAP_VERSION_V2
>>>>>>>>>>>>>
>>>>>>>>>>>>> If I remove/delete the file, the provisioning continues and
>>>>>>>>>>>>> tells
>>>>>>>>>>>>> me
>>>>>>>>>>>>>
>>>>>>>>>>>>> he
>>>>>>>>>>>>>
>>>>>>>>>>>> did
>>>>>>>>>>>> not find the file: *Can not open database idmap, Ignoring:
>>>>>>>>>>>> [Errno 2]
>>>>>>>>>>>> No
>>>>>>>>>>>> such file or directory*
>>>>>>>>>>>>
>>>>>>>>>>>> Can I still provisioning without the file? There is the
>>>>>>>>>>>> possibility
>>>>>>>>>>>> of
>>>>>>>>>>>> post-migration issues regarding lack of this file?
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Hi, on the wiki page, it tells you to copy:
>>>>>>>>>>>>
>>>>>>>>>>>> secrets.tdb
>>>>>>>>>>>>
>>>>>>>>>>> schannel_store.tdb
>>>>>>>>>>> passdb.tdb
>>>>>>>>>>> gencache_notrans.tdb
>>>>>>>>>>> group_mapping.tdb
>>>>>>>>>>> account_policy.tdb
>>>>>>>>>>>
>>>>>>>>>>> It does not mention 'winbindd_idmap.tdb'.
>>>>>>>>>>>
>>>>>>>>>>> So why are you including it ?
>>>>>>>>>>>
>>>>>>>>>>> Rowland
>>>>>>>>>>> --
>>>>>>>>>>> To unsubscribe from this list go to the following URL and read
>>>>>>>>>>> the
>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>> To unsubscribe from this list go to the following URL and read
>>>>>>>>> the
>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>
>> --
>> Elias Pereira
>>
>>
>>
>
>
> --
> Elias Pereira
>
--
Elias Pereira
More information about the samba
mailing list