[Samba] classicupgrade questions

Wed Jul 4 06:55:19 UTC 2018

I am trying to do a classicupgrade.  (This is not 1st try, I went through it
once time already; then I deleted all data and trying it again, with 
questions now.)

Command 

samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/ --realm=ad.nemuh.cz
--dns-backend=BIND9_DLZ /etc/samba.PDC/smb.PDC.conf

Problem a)
...
init_sam_from_ldap: Entry found for user: pc0027$
init_sam_from_ldap: Failed to find Unix account for pc0027$
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'pc0027$'!
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user 
information for 'pc0027$', (-1073741724,The specified account does not 
exist.)
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/__
init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/
domain.py", line 1636, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/upgrade.py",
line 568, in upgrade_from_samba3
    user = s3db.getsampwnam(username)

The machine LDAP data:
# pc0027$, machines, nspuh.cz
dn: uid=pc0027$,ou=machines,dc=nspuh,dc=cz
uid: pc0027$
objectClass: account
objectClass: sambaSamAccount
sambaPwdMustChange: 2147483647
sambaAcctFlags: [W          ]
sambaPwdCanChange: 1158129830
sambaPwdLastSet: 1158129830
displayName: PC0027$
sambaSID: S-1-5-21-..numbers here...-45023

When I delete this machine from LDAP, the problem occurs with another 
computer.. and with another.. I finally deleted all machine/computer 
accounts from LDAP to be able to process users.  What's wrong with the 
machine accounts?

b) After upgrade, a lot of imported users in AD have "account disabled". One
of them, as far as I can remember, was user "anger":
dn: uid=anger,ou=People,dc=nspuh,dc=cz
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: OXUserObject
objectClass: posixAccount
objectClass: top
objectClass: sambaSamAccount
uid: anger
shadowMin: 0
shadowMax: 9999
shadowWarning: 7
shadowExpire: 0
cn: anger
preferredLanguage: EN
userCountry: Czech Republic
mailEnabled: OK
lnetMailAccess: TRUE
OXAppointmentDays: 5
OXGroupID: 500
OXTaskDays: 5
OXTimeZone:: RXVyb3BlL3ByYWd1ZSA=
loginShell: /usr/bin/ksh
uidNumber: 270
gidNumber: 20
homeDirectory: /home/anger
sambaSID: S-1-5-21-......-1540
employeeNumber: 114
sambaPwdLastSet: 1344931739
mail: anger at nemuh.cz
mailDomain: nemuh.cz
o: UHN a.s.
description:: WmRlbsSbayBBbmdlcg==
givenName:: WmRlbsSbaw==
sn: ANGER
gecos: MUDr. Zdenek Anger
ou: -

  Why is imported/upgraded account locked? 

c) After upgrade, national characters in (probably) user description and 
givenName are not correctly displayed - there a question marks in the names 
(in AD administration), every user (with national characters in their names)
has the problem. 
  Why?   

Thanks, Michal