[Samba] Migration samba 3 to 4
Philippe Maladjian
pmaladjian at hilaire.fr
Tue Sep 18 09:30:04 UTC 2018
Hello,
I realize again test by resuming all 0 with the following configuration
and I arrive at the same result.
-------------------- smb.conf
[global]
netbios name = svdom
server string = Gestionnaire de domaine
workgroup = dom.domain
hosts allow = 192.168.15. 192.168.6. 10.0.7.
security = user
domain master = yes
domain logons = yes
prefered master = yes
local master = yes
os level = 252
log level = 1
encrypt passwords = yes
username map = /etc/samba/smbusers
passdb expand explicit = no
add machine script = /usr/sbin/smbldap-useradd -w '%u'
add user script = /usr/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/sbin/smbldap-userdel -r '%u'
add group script = /usr/sbin/smbldap-groupadd -g '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
ldap admin dn = cn=Manager,dc=dom,dc=domain
ldap suffix = dc=dom,dc=domain
ldap passwd sync = yes
ldap ssl = no
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
passdb backend = ldapsam:ldap://ldap2.dom.domain
idmap backend = ldapsam:ldap://ldap2.dom.domain
nt acl support = yes
map untrusted to domain = yes
wins support = yes
wins proxy = no
dns proxy = yes
name resolve order = wins lmhosts bcast
interfaces = eth* lo
bind interfaces only = yes
time server = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
lock directory = /var/lib/samba
log file = /var/log/samba/users/log-%U.log
veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/*.FIC/*.NDX/*.xlsx/
guest account = nobody
logon script = %G.bat
logon path = \\svdom\profiles\%U
load printers = no
printcap name = /dev/null
printcap cache time = 0
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[share...]
-------------------------------- samba-tool domain classicupgrade
--dbdir=/root/samba3/dbdir/ --realm=dom.domain
--dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf -d 10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
WARNING: The "syslog" option is deprecated
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
Reading smb.conf
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
doing parameter netbios name = svct02
doing parameter server string = Gestionnaire de domaine
doing parameter workgroup = dom.domain
doing parameter hosts allow = 192.168.15. 192.168.6. 10.0.7.
doing parameter security = user
doing parameter domain master = yes
doing parameter domain logons = yes
doing parameter prefered master = yes
doing parameter local master = yes
doing parameter os level = 252
doing parameter log level = 1
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators'
S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found:
Unable to enumerate group members, (-1073741596,This error indicates
that the requested operation cannot be completed due to a catastrophic
media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users'
S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found:
Unable to enumerate group members, (-1073741596,This error indicates
that the requested operation cannot be completed due to a catastrophic
media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our
domain
sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our
domain
Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST
(W) set. Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
Failed to connect to ldap URL 'ldap://ldap2.dom.domain' - LDAP client
internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldap2.dom.domain' with backend 'ldap': LDAP
client internal error: NT_STATUS_BAD_NETWORK_NAME
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: Could not open ldb connection to
ldap://ldap2.dom.domain, the error message is: (1, 'LDAP client internal
error: NT_STATUS_BAD_NETWORK_NAME')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
1566, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671,
in upgrade_from_samba3
raise ProvisioningError("Could not open ldb connection to %s, the
error message is: %s" % (url, e))
------------- ldapsearch -h ldap2.dom.domain -xb
"ou=Groups,dc=dom,dc=domain" -W -D "cn=Manager,dc=dom,dc=domain"
cn="Backup Operators"
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=dom,dc=domain> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#
# Backup Operators, Groups, dom.domain
dn: cn=Backup Operators,ou=Groups,dc=dom,dc=domain
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
---------------- ldapsearch -h ldap2.dom.domain -xb
"ou=Groups,dc=dom,dc=domain" -W -D "cn=Manager,dc=dom,dc=domain"
cn="Domain Users"
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=dom,dc=domain> with scope subtree
# filter: cn=Domain Users
# requesting: ALL
#
# Domain Users, Groups, dom.domain
dn: cn=Domain Users,ou=Groups,dc=dom,dc=domain
cn: Domain Users
description: Domain Unix group
displayName: Domain Users
gidNumber: 513
memberUid: [...]
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-513
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
ldap2 is a DNS alias of ns1.
------------------------------- ping ldap2.dom.domain
PING ns1.dom.domain (192.168.15.31) 56(84) bytes of data.
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=1 ttl=64
time=0.574 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=2 ttl=64
time=0.345 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=3 ttl=64
time=0.235 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=4 ttl=64
time=0.292 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=5 ttl=64
time=0.601 ms
------------------------------- ping ldap2
--- ns1.dom.domain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4056ms
rtt min/avg/max/mdev = 0.235/0.409/0.601/0.150 ms
PING ns1.dom.domain (192.168.15.31) 56(84) bytes of data.
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=1 ttl=64
time=0.451 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=2 ttl=64
time=0.677 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=3 ttl=64
time=0.356 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=4 ttl=64
time=0.296 ms
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=5 ttl=64
time=0.479 ms
--- ns1.dom.domain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4068ms
rtt min/avg/max/mdev = 0.296/0.451/0.677/0.133 ms
I have exhausted all my resources and on the internet the error message
is quite generic or an unmanaged error.
*Philippe MALADJIAN
Responsable informatique | administrateur système*
Le 06/09/2018 à 11:44, Rowland Penny via samba a écrit :
> On Thu, 6 Sep 2018 11:08:21 +0200
> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>> Before the classicupdate on my ldap I can change the rootdn to match
>> my.domain and not domain.fr?
> I suppose you could try it, dump the entire ldap to an ldif, manually
> change all 'dc=domain,dc=fr' to 'dc=my,dc=domain'. You would then have
> to move the old ldap out of the way and add your new ldif to ldap.
> Change your smb.conf to match. This could sort your ldap problem
> (don't know, never tried it), not sure what you may have to do to
> Samba, or how you would do it, again because I have never tried to do
> this.
>
> Rowland
>
>
>
More information about the samba
mailing list