[Samba] Migration samba 3 to 4

Philippe Maladjian pmaladjian at hilaire.fr
Wed Sep 5 14:53:50 UTC 2018 

Hello,

Indeed when I copied the result for the mailing I made a mistake. 
MY.DOMAIN is a dummy name. The result of the migration command is

Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators' 
S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found: 
Unable to enumerate group members, (-1073741596,This error indicates 
that the requested operation cannot be completed due to a catastrophic 
media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users' 
S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found: 
Unable to enumerate group members, (-1073741596,This error indicates 
that the requested operation cannot be completed due to a catastrophic 
media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our 
domain
sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our 
domain
   Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST 
(W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
   Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client 
internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap': LDAP 
client internal error: NT_STATUS_BAD_NETWORK_NAME
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - 
ProvisioningError: Could not open ldb connection to 
ldap://ldap2.my.domain, the error message is: (1, 'LDAP client internal 
error: NT_STATUS_BAD_NETWORK_NAME')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
1566, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671, 
in upgrade_from_samba3
     raise ProvisioningError("Could not open ldb connection to %s, the 
error message is: %s" % (url, e))


Since my new samba server I tried to make a ldap request

# ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D 
"cn=Manager,dc=domain,dc=fr" cn="Backup Operators"

# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=domain,dc=fr> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#

*************
# Backup Operators, Groups, domain.fr
dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

*******************


I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the 
server is accessible with its ip or by its name dns (ldap2)

*Philippe MALADJIAN
Responsable informatique | administrateur système*
Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr 
<mailto:pmaladjian at hilaire.fr>

Hilaire s.a.s. <http://www.hilaire.fr> 	*HILAIRE s.a.s.*
203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
http://www.hilaire.fr

Le 05/09/2018 à 13:02, Rowland Penny via samba a écrit :
> On Wed, 5 Sep 2018 11:42:04 +0200
> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I'm testing with this link but i'have the same error.
>>
>> # samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/
>> --realm=dom.hilaire
>> --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf
>>
> Okay, you have these in your smb.conf:
>
>           workgroup = MY.DOMAIN
>           passdb backend = ldapsam:ldap://ldap2.my.domain
>
> You have this error message:
>
> Failed to connect to ldap URL 'ldap://ldap2.MYDOMAIN' - LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME
>
> Is this bad sanitisation ?
>
> Does the workgroup 'MY.DOMAIN' actually have a dot in it ?
> Why is the upgrade reading 'ldap2.my.domain' as 'ldap2.MYDOMAIN' ?
> Is the old ldap server still running and accessible ?
> Can you post the ldap object for 'Domain Users'
> What is the DNS domain name of the computer you are running the upgrade
> on.
>
> Rowland
>

More information about the samba mailing list