[Samba] classicupgrade migration issues

Rowland penny rpenny at samba.org
Fri Mar 18 16:01:03 UTC 2016


On 18/03/16 14:31, Sonic wrote:
> On Mon, Mar 7, 2016 at 4:38 PM, Andrew Bartlett <abartlet at samba.org> wrote:
>> Also just check you have the unix users and groups that you are trying
>> to upgrade.
> Do the mapped unix groups need to be added to the new host before
> attempting the upgrade? There is nothing in the docs regarding that.

No, I am sure you don't have to create any Unix groups, all your groups 
etc should end up in AD.

> Am I mistaken in thinking that the AD does not rely on matching or
> mapped unix groups and users?

There isn't really such a concept as mapped in AD. (Except of course for 
Administrator)


>
> Here's the first two "errors" on migration:
> ==========================================
> Ignoring group 'Assistants'
> S-1-5-21-1832519723-2688400599-3493754984-1891 listed but then not
> found: Unable to enumerate group members, (-1073741722,No such group)
> Ignoring group 'Projects'
> S-1-5-21-1832519723-2688400599-3493754984-1092 listed but then not
> found: Unable to enumerate group members, (-1073741722,No such group)
> ==========================================
>
> However the groups do exist on the original PDC host and mapped to unix groups:
> ==========================================
> # net groupmap list
> Assistants (S-1-5-21-1832519723-2688400599-3493754984-1891) -> asst
> Projects (S-1-5-21-1832519723-2688400599-3493754984-1092) -> projects
> ...
> ==========================================

I wonder if this is your problem?

The Domain group is found and checked for users and none are found, 
could this be because the users are actually members of the Unix group 
that is mapped to the Samba group i.e the Samba group has no members.

> I do not have those unix groups on the new host (but also didn't think
> they were needed). And the migration did indeed create them in the AD
> as samba-tool shows:
> ==========================================
> # samba-tool group list
> ...
> Assistants
> ...
> Projects
> ...
> ==========================================
>
> And then the user "errors":
> ==========================================
> Exporting users
> Ignoring group memberships of 'usernameone'
> S-1-5-21-1832519723-2688400599-3493754984-1448: Unable to enumerate group
> memberships, (-1073741724
> ,No such user)
> ...
> ==========================================
> For 300 users and systems.
>
> Out of approx 300 only 5 PDC users get listed after migration:
> ==========================================
> # samba-tool user list
> Administrator
> dns-kwad
> usernameone
> usernametwo
> usernamethree
> krbtgt
> usernamefour
> Guest
> usernamefive
> root
> ==========================================
>
> However the users and computers are listed as group members:
> ==========================================
> # samba-tool group listmembers 'Domain Users' |wc -l
> 270
> # samba-tool group listmembers 'Domain Computers' |wc -l
> 35
> ==========================================
>
> It's important the I keep the same SIDs, secrets, etc. when moving to
> the new AD structure from the old PDC structure.
> But either I'm doing something wrong or Samba is not cooperating.
>
> Thanks for your assistance.
>
> Chris

I wonder if it would work, if you add the users to the relevant Samba 
group not the mapped group ???

Rowland




More information about the samba mailing list