[Samba] Fwd: classicupgrade questions

Mon Jul 9 05:10:17 UTC 2018

 Does anybody know any answer in this topic, please?

 Michal

 ---------- Původní e-mail ----------
Od: Michal via samba <samba at lists.samba.org>
Komu: samba at lists.samba.org
Datum: 4. 7. 2018 8:58:45
Předmět: [Samba] classicupgrade questions 
"I am trying to do a classicupgrade.  (This is not 1st try, I went through 
it 
once time already; then I deleted all data and trying it again, with 
questions now.) 

Command 

samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/ --realm=ad.nemuh.cz

--dns-backend=BIND9_DLZ /etc/samba.PDC/smb.PDC.conf 

Problem a) 
... 
init_sam_from_ldap: Entry found for user: pc0027$ 
init_sam_from_ldap: Failed to find Unix account for pc0027$ 
ldapsam_getsampwnam: init_sam_from_ldap failed for user 'pc0027$'! 
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user 
information for 'pc0027$', (-1073741724,The specified account does not 
exist.) 
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/__ 
init__.py", line 176, in _run 
    return self.run(*args, **kwargs) 
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/ 
domain.py", line 1636, in run 
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) 
  File "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/upgrade.py",

line 568, in upgrade_from_samba3 
    user = s3db.getsampwnam(username) 

The machine LDAP data: 
# pc0027$, machines, nspuh.cz 
dn: uid=pc0027$,ou=machines,dc=nspuh,dc=cz 
uid: pc0027$ 
objectClass: account 
objectClass: sambaSamAccount 
sambaPwdMustChange: 2147483647 
sambaAcctFlags: [W          ] 
sambaPwdCanChange: 1158129830 
sambaPwdLastSet: 1158129830 
displayName: PC0027$ 
sambaSID: S-1-5-21-..numbers here...-45023 

When I delete this machine from LDAP, the problem occurs with another 
computer.. and with another.. I finally deleted all machine/computer 
accounts from LDAP to be able to process users.  What's wrong with the 
machine accounts? 

b) After upgrade, a lot of imported users in AD have "account disabled". One

of them, as far as I can remember, was user "anger": 
dn: uid=anger,ou=People,dc=nspuh,dc=cz 
objectClass: shadowAccount 
objectClass: person 
objectClass: inetOrgPerson 
objectClass: OXUserObject 
objectClass: posixAccount 
objectClass: top 
objectClass: sambaSamAccount 
uid: anger 
shadowMin: 0 
shadowMax: 9999 
shadowWarning: 7 
shadowExpire: 0 
cn: anger 
preferredLanguage: EN 
userCountry: Czech Republic 
mailEnabled: OK 
lnetMailAccess: TRUE 
OXAppointmentDays: 5 
OXGroupID: 500 
OXTaskDays: 5 
OXTimeZone:: RXVyb3BlL3ByYWd1ZSA= 
loginShell: /usr/bin/ksh 
uidNumber: 270 
gidNumber: 20 
homeDirectory: /home/anger 
sambaSID: S-1-5-21-......-1540 
employeeNumber: 114 
sambaPwdLastSet: 1344931739 
mail: anger at nemuh.cz 
mailDomain: nemuh.cz 
o: UHN a.s. 
description:: WmRlbsSbayBBbmdlcg== 
givenName:: WmRlbsSbaw== 
sn: ANGER 
gecos: MUDr. Zdenek Anger 
ou: - 

  Why is imported/upgraded account locked? 

c) After upgrade, national characters in (probably) user description and 
givenName are not correctly displayed - there a question marks in the names 

(in AD administration), every user (with national characters in their names)

has the problem. 
  Why?   

Thanks, Michal 
-- 
To unsubscribe from this list go to the following URL and read the 
instructions: https://lists.samba.org/mailman/options/samba 
"