[Samba] Migrating from Samba 3: no groups/users are imported ("listed, but then not found", "does not belong to our domain")

Rowland Penny rpenny at samba.org
Mon Sep 3 10:12:38 UTC 2018


On Mon, 03 Sep 2018 04:27:07 +0000
"Konstantin Boyandin \(lists\) via samba" <samba at lists.samba.org> wrote:

> Hello,
> 
> Going further with migrating NT4 domain (Samba 3) to Samba 4. Thanks
> for the previous suggestions.
> 
> When doing
> 
> # samba-tool domain classicupgrade --dbdir=/usr/local/samba.LAN/ 
> --realm=ad-lan.com
> --dns-backend=BIND9_DLZ /usr/local/samba.LAN/smb.conf
> --option="interfaces=lo ens3" --option="bind interfaces only=yes"
> 
> I see in stderr the below:
> 
> Ignoring group 'ossi' S-1-5-21-1411277624-4092985889-3405756581-3001 
> listed but then not found: Unable to enumerate group members, 
> (-1073741722,The specified group does not exist.)
> 
> for every group from existing LDAP backend of Samba 3, and
> 
> sid S-1-5-21-1411277624-4092985889-3405756581-2062 does not belong to 
> our domain
> 

Okay, I take it your PDC was called pdclan and the domain was called
'LAN', I have no idea what the dns domain was.

You have now created a new AD DC using the dns domain 'ad-lan.com' and
the new AD DC is called 'dc'

So from my reading there are three Samba workgroup names in play:

PDCLAN
LAN
AD-LAN

I think this, (along with using '--realm=ad-lan.com' instead of 'realm
= ad-lan' in smb.conf) is your problem. You are trying to change the
domain from 'LAN' to 'AD-LAN', Samba is undoubtedly treating this as a
new domain and creating a new SID for it.

Rowland



More information about the samba mailing list