[Samba] Migration samba 3 to 4
Rowland Penny
rpenny at samba.org
Wed Sep 5 16:32:52 UTC 2018
On Wed, 5 Sep 2018 16:53:50 +0200
Philippe Maladjian via samba <samba at lists.samba.org> wrote:
> Hello,
>
> Indeed when I copied the result for the mailing I made a mistake.
> MY.DOMAIN is a dummy name. The result of the migration command is
>
> Reading smb.conf
> WARNING: The "idmap backend" option is deprecated
> WARNING: The "idmap uid" option is deprecated
> WARNING: The "idmap gid" option is deprecated
> Provisioning
> Exporting account policy
> Exporting groups
> Severe DB error, sambaSamAccount can't miss the samba SIDattribute
> Ignoring group 'Backup Operators'
> S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not
> found: Unable to enumerate group members, (-1073741596,This error
> indicates that the requested operation cannot be completed due to a
> catastrophic media failure or an on-disk data structure corruption.)
> Severe DB error, sambaSamAccount can't miss the samba SIDattribute
> Ignoring group 'Domain Users'
> S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not
> found: Unable to enumerate group members, (-1073741596,This error
> indicates that the requested operation cannot be completed due to a
> catastrophic media failure or an on-disk data structure corruption.)
> Exporting users
> sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to
> our domain
> sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to
> our domain
> Fixing account svimp02$ which had both ACB_NORMAL (U) and
> ACB_WSTRUST (W) set. Account will be marked as ACB_WSTRUST (W), i.e.
> as a domain member Skipping wellknown rid=501 (for username=nobody)
> Next rid = 3867
> krb5_init_context failed (Invalid argument)
> smb_krb5_context_init_basic failed (Invalid argument)
> Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME
> Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap':
> LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> exception - ProvisioningError: Could not open ldb connection to
> ldap://ldap2.my.domain, the error message is: (1, 'LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME')
> Since my new samba server I tried to make a ldap request
>
> # ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D
> "cn=Manager,dc=domain,dc=fr" cn="Backup Operators"
If you are going to sanitise an object, please use it everywhere.
The upgrade is trying to use ldap2.my.domain
in the ldapsearch you use 'dc=domain,dc=fr' from which I would have
expected 'ldap2.domain.fr'
>
> # extended LDIF
> #
> # LDAPv3
> # base <ou=Groups,dc=domain,dc=fr> with scope subtree
> # filter: cn=Backup Operators
> # requesting: ALL
> #
>
> *************
> # Backup Operators, Groups, domain.fr
> dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
> cn: Backup Operators
> description: Domain Unix group
> displayName: Backup Operators
> gidNumber: 551
> memberUid: backupmanager
> memberUid: backuppc
> objectClass: top
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> sambaGroupType: 2
> sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551
>
There doesn't seem to be anything wrong there
>
> *******************
>
>
> I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the
> server is accessible with its ip or by its name dns (ldap2)
>
Yes, but is it accessible by 'ldap2.domain.fr'
Is a firewall running on the old PDC ?
I would also like to point out that I think I have worked out what
'domain' is and you really shouldn't use this for an AD domain.
Rowland
More information about the samba
mailing list