[Samba] error adding users to Domain Admins group during classicupgrade

Tue May 14 07:44:15 UTC 2019

Hi,

  I'm trying to migrate a NT4 domain under Samba3 to an AD DC under Samba4
on a separate server.  During the classicupgrade, there were a number
warnings while importing groups:

WARNING 2019-05-13 15:09:56,728 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #299: Could
not add group name=Domain Admins ((68, 'Entry CN=Domain
Admins,CN=Users,DC=ifa,DC=hawaii,DC=edu already exists'))

WARNING 2019-05-13 15:09:56,729 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #161: Could
not modify AD idmap entry for
sid=S-1-5-21-280721883-191778108-123917971-512, id=512, type=ID_TYPE_GID
((32, "Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>' not
found"))

WARNING 2019-05-13 15:09:56,730 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #130: Could
not add posix attrs for AD entry for
sid=S-1-5-21-280721883-191778108-123917971-512, ((32, "Base-DN
'<SID=S-1-5-21-280721883-191778108-123917971-512>' not found"))

WARNING 2019-05-13 15:09:56,733 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #299: Could
not add group name=Domain Users ((68, 'Entry CN=Domain
Users,CN=Users,DC=ifa,DC=hawaii,DC=edu already exists'))

WARNING 2019-05-13 15:09:56,734 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #161: Could
not modify AD idmap entry for
sid=S-1-5-21-280721883-191778108-123917971-513, id=513, type=ID_TYPE_GID
((32, "Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-513>' not
found"))

WARNING 2019-05-13 15:09:56,735 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #130: Could
not add posix attrs for AD entry for
sid=S-1-5-21-280721883-191778108-123917971-513, ((32, "Base-DN
'<SID=S-1-5-21-280721883-191778108-123917971-513>' not found"))

WARNING 2019-05-13 15:09:56,738 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #299: Could
not add group name=Domain Guests ((68, 'Entry CN=Domain
Guests,CN=Users,DC=ifa,DC=hawaii,DC=edu already exists'))

WARNING 2019-05-13 15:09:56,739 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #161: Could
not modify AD idmap entry for
sid=S-1-5-21-280721883-191778108-123917971-514, id=65534, type=ID_TYPE_GID
((32, "Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-514>' not
found"))

WARNING 2019-05-13 15:09:56,740 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #130: Could
not add posix attrs for AD entry for
sid=S-1-5-21-280721883-191778108-123917971-514, ((32, "Base-DN
'<SID=S-1-5-21-280721883-191778108-123917971-514>' not found"))

Soon after when adding users to groups, the process bombed out with
the following error:

ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: Could not add member
'S-1-5-21-2342696748-4272319941-312989834-1001' to group
'S-1-5-21-280721883-191778108-123917971-512' as either group or user record
doesn't exist: Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>'
not found

  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 185, in _run

    return self.run(*args, **kwargs)

  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 1663, in run

    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py",
line 822, in upgrade_from_samba3

    add_users_to_group(result.samdb, g, groupmembers[str(g.sid)], logger)

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py",
line 322, in add_users_to_group

    raise ProvisioningError("Could not add member '%s' to group '%s' as
either group or user record doesn't exist: %s" % (member_sid, group.sid,
emsg))

The user in question does exist and has been successfully imported.  It's
the group (Domain Admins) that didn't exist.  I'd appreciate your help in
getting over this.

  Thanks,

--Ruisheng Peng