[Samba] Access remote ldap for classicupgrade

[Robert Moskowitz]

OK.  So I added to /etc/samba/smb.conf in the [Global] section:

passdb backend = ldapsam:ldaps://192.168.128.2
ldap admin dn = cn=manager,ou=Internal,dc=home,dc=htt
ldap group suffix = ou=Groups,ou=Accounts
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers,ou=Accounts
ldap passwd sync = No
ldap suffix = dc=home,dc=htt
ldap user suffix = ou=Users,ou=Accounts
ldap connection timeout = 8
ldap ssl = Off

I ran:

# samba-tool domain classicupgrade --dbdir=/root/samba.PDC/dbdir/ 
--use-xattrs=yes --realm=HOME.HTT --dns-backend=BIND9_DLZ 
/root/samba.PDC/etc/smb.conf

And it failed as folllows:

Reading smb.conf
NOTE: Service printers is flagged unavailable.
NOTE: Service print$ is flagged unavailable.
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Provisioning
failed to bind to server ldaps://192.168.128.2 with 
dn="cn=manager,ou=Internal,dc=home,dc=htt" Error: Can't contact LDAP server
     TLS error -8172:Peer's certificate issuer has been marked as not 
trusted by the user.
Connection to LDAP server failed for the 1 try!
Connection to LDAP server failed for the 2 try!
Connection to LDAP server failed for the 3 try!
Connection to LDAP server failed for the 4 try!
Connection to LDAP server failed for the 5 try!
Connection to LDAP server failed for the 6 try!
Connection to LDAP server failed for the 7 try!
Connection to LDAP server failed for the 8 try!
Connection to LDAP server failed for the 9 try!
Connection to LDAP server failed for the 10 try!
Connection to LDAP server failed for the 11 try!
Connection to LDAP server failed for the 12 try!
Connection to LDAP server failed for the 13 try!
Connection to LDAP server failed for the 14 try!
Connection to LDAP server failed for the 15 try!
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain. We cannot work reliably without it.
pdb backend ldapsam:ldaps://192.168.128.2 did not correctly init (error 
was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
ERROR(<class 'passdb.error'>): uncaught exception - Cannot load backend 
methods for 'ldapsam:ldaps://192.168.128.2' backend 
(-1073741606,Configuration information could not be read from the domain 
controller, either because the machine is unavailable or access has been 
denied.)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 
1452, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/site-packages/samba/upgrade.py", line 483, 
in upgrade_from_samba3
     s3db = samba3.get_sam_db()
   File "/usr/lib/python2.7/site-packages/samba/samba3/__init__.py", 
line 394, in get_sam_db
     return passdb.PDB(self.lp.get('passdb backend'))