[Samba] classicupgrade migration issues

Sonic sonicsmith at gmail.com
Fri Mar 18 14:31:47 UTC 2016 

On Mon, Mar 7, 2016 at 4:38 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> Also just check you have the unix users and groups that you are trying
> to upgrade.

Do the mapped unix groups need to be added to the new host before
attempting the upgrade? There is nothing in the docs regarding that.
Am I mistaken in thinking that the AD does not rely on matching or
mapped unix groups and users?

Here's the first two "errors" on migration:
==========================================
Ignoring group 'Assistants'
S-1-5-21-1832519723-2688400599-3493754984-1891 listed but then not
found: Unable to enumerate group members, (-1073741722,No such group)
Ignoring group 'Projects'
S-1-5-21-1832519723-2688400599-3493754984-1092 listed but then not
found: Unable to enumerate group members, (-1073741722,No such group)
==========================================

However the groups do exist on the original PDC host and mapped to unix groups:
==========================================
# net groupmap list
Assistants (S-1-5-21-1832519723-2688400599-3493754984-1891) -> asst
Projects (S-1-5-21-1832519723-2688400599-3493754984-1092) -> projects
...
==========================================

I do not have those unix groups on the new host (but also didn't think
they were needed). And the migration did indeed create them in the AD
as samba-tool shows:
==========================================
# samba-tool group list
...
Assistants
...
Projects
...
==========================================

And then the user "errors":
==========================================
Exporting users
Ignoring group memberships of 'usernameone'
S-1-5-21-1832519723-2688400599-3493754984-1448: Unable to enumerate group
memberships, (-1073741724
,No such user)
...
==========================================
For 300 users and systems.

Out of approx 300 only 5 PDC users get listed after migration:
==========================================
# samba-tool user list
Administrator
dns-kwad
usernameone
usernametwo
usernamethree
krbtgt
usernamefour
Guest
usernamefive
root
==========================================

However the users and computers are listed as group members:
==========================================
# samba-tool group listmembers 'Domain Users' |wc -l
270
# samba-tool group listmembers 'Domain Computers' |wc -l
35
==========================================

It's important the I keep the same SIDs, secrets, etc. when moving to
the new AD structure from the old PDC structure.
But either I'm doing something wrong or Samba is not cooperating.

Thanks for your assistance.

Chris

More information about the samba mailing list