[Samba] classicupgrade questions
Rowland Penny
rpenny at samba.org
Tue Jul 10 09:27:47 UTC 2018
See inline comments:
On Tue, 10 Jul 2018 11:01:32 +0200
Harry Jede via samba <samba at lists.samba.org> wrote:
> Am Mittwoch, 4. Juli 2018, 08:55:19 CEST schrieb Michal via samba:
> > I am trying to do a classicupgrade. (This is not 1st try, I went
> > through it once time already; then I deleted all data and trying it
> > again, with questions now.)
> Long Story. I will try to describe your problem as short as possible
>
>
> > Command
> >
> > samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/
> > --realm=ad.nemuh.cz --dns-backend=BIND9_DLZ
> > /etc/samba.PDC/smb.PDC.conf
> >
> > Problem a)
> > ...
> > init_sam_from_ldap: Entry found for user: pc0027$
> > init_sam_from_ldap: Failed to find Unix account for pc0027$
> 1. Error
>
> > ldapsam_getsampwnam: init_sam_from_ldap failed for user 'pc0027$'!
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to get
> > user information for 'pc0027$', (-1073741724,The specified account
> > does not exist.)
> "init_sam_from_ldap" is not able to find expected information for the
> object 'pc0027$'.
>
> > File
> > "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/__
> > init__.py", line 176, in _run
> > return self.run(*args, **kwargs)
> > File
> > "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/
> > domain.py", line 1636, in run
> > useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> > File
> > "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/upgrade.py",
> > line 568, in upgrade_from_samba3
> > user = s3db.getsampwnam(username)
> >
> > The machine LDAP data:
> > # pc0027$, machines, nspuh.cz
> > dn: uid=pc0027$,ou=machines,dc=nspuh,dc=cz
> > uid: pc0027$
> > objectClass: account
> > objectClass: sambaSamAccount
> > sambaPwdMustChange: 2147483647
> > sambaAcctFlags: [W ]
> > sambaPwdCanChange: 1158129830
> > sambaPwdLastSet: 1158129830
> > displayName: PC0027$
> > sambaSID: S-1-5-21-..numbers here...-45023
> Objectclass is wrong!
>
> "init_sam_from_ldap" searches for "objectClass: posixAcount"
>
> Your problem is, that you are *not* using "objectClass: posixAcount".
> So your machine objects have no posix attributes. I assume you store
> the posix stuff in /etc/passwd shadow and group. This works until
> today, but is depreciated since decades.
Good point, as you say, he will need the 'posixaccount' objectclass and
a 'uidNumber' attribute.
>
> i.e.
> # ldapsearch -xLLL -D cn=admin,dc=europa,dc=xx -W -b
> ou=machines,ou=accounts,dc=europa,dc=xx -s onelevel 'uid=ainf17$'
> Enter LDAP Password:
> dn: uid=ainf17$,ou=machines,ou=accounts,dc=europa,dc=xx
> cn: ainf17$
> uid: ainf17$
> uidNumber: 10020
> gidNumber: 515
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> gecos: Computer
> objectClass: posixAccount
> objectClass: account
> objectClass: sambaSamAccount
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> sambaPwdCanChange: 0
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W ]
> sambaSID: S-1-5-21-3958726613-3318811842-4132420312-21040
> sambaPrimaryGroupSID:
> S-1-5-21-3958726613-3318811842-4132420312-515
> displayName: ainf17$
> sambaDomainName: EUROPA
> sambaNTPassword: 91883F44E044F4F12A683E4683B2CE9D
> sambaPwdLastSet: 1387993516
>
> These attributes must exist:
> cn uid uidNumber gidNumber homeDirectory sambaSID
Problem is, that is from LDAP, it would be helpful to see what he gets
after the upgrade, if anything.
>
>
> After you have modified your machine objects, you should clean
> up /etc/ passwd. You should also reload all caching daemons.
> net cache flush
Agreed
> nscd -i passwd
> nscd -i group
Not if 'winbind' is running.
Rowland
More information about the samba
mailing list