[Samba] Migration samba 3 to 4

Rowland Penny rpenny at samba.org
Wed Sep 5 16:32:52 UTC 2018 

On Wed, 5 Sep 2018 16:53:50 +0200
Philippe Maladjian via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> Indeed when I copied the result for the mailing I made a mistake. 
> MY.DOMAIN is a dummy name. The result of the migration command is
> 
> Reading smb.conf
> WARNING: The "idmap backend" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated
> Provisioning
> Exporting account policy
> Exporting groups
> Severe DB error, sambaSamAccount can't miss the samba SIDattribute
> Ignoring group 'Backup Operators' 
> S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not
> found: Unable to enumerate group members, (-1073741596,This error
> indicates that the requested operation cannot be completed due to a
> catastrophic media failure or an on-disk data structure corruption.)
> Severe DB error, sambaSamAccount can't miss the samba SIDattribute
> Ignoring group 'Domain Users' 
> S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not
> found: Unable to enumerate group members, (-1073741596,This error
> indicates that the requested operation cannot be completed due to a
> catastrophic media failure or an on-disk data structure corruption.)
> Exporting users
> sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to
> our domain
> sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to
> our domain
>    Fixing account svimp02$ which had both ACB_NORMAL (U) and
> ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e.
> as a domain member Skipping wellknown rid=501 (for username=nobody)
> Next rid = 3867
> krb5_init_context failed (Invalid argument)
> smb_krb5_context_init_basic failed (Invalid argument)
> Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client 
> internal error: NT_STATUS_BAD_NETWORK_NAME
> Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap':
> LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> exception - ProvisioningError: Could not open ldb connection to 
> ldap://ldap2.my.domain, the error message is: (1, 'LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME')

> Since my new samba server I tried to make a ldap request
> 
> # ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D 
> "cn=Manager,dc=domain,dc=fr" cn="Backup Operators"

If you are going to sanitise an object, please use it everywhere.

The upgrade is trying to use ldap2.my.domain
in the ldapsearch you use 'dc=domain,dc=fr' from which I would have
expected 'ldap2.domain.fr' 

> 
> # extended LDIF
> #
> # LDAPv3
> # base <ou=Groups,dc=domain,dc=fr> with scope subtree
> # filter: cn=Backup Operators
> # requesting: ALL
> #
> 
> *************
> # Backup Operators, Groups, domain.fr
> dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
> cn: Backup Operators
> description: Domain Unix group
> displayName: Backup Operators
> gidNumber: 551
> memberUid: backupmanager
> memberUid: backuppc
> objectClass: top
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> sambaGroupType: 2
> sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551
> 

There doesn't seem to be anything wrong there
> 
> *******************
> 
> 
> I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the 
> server is accessible with its ip or by its name dns (ldap2)
>

Yes, but is it accessible by 'ldap2.domain.fr'

Is a firewall running on the old PDC ?

I would also like to point out that I think I have worked out what
'domain' is and you really shouldn't use this for an AD domain.
  
Rowland

More information about the samba mailing list