[Samba] samba-tool domain classicupgrade fails to import users or groups from NT domain

Sebastian Arcus s.arcus at open-t.co.uk
Tue Jun 2 11:16:09 UTC 2020


On 31/05/20 23:16, Sebastian Arcus via samba wrote:
> I am attempting to migrate a Slackware server with Samba 4.12.3 from an 
> NT style domain to AD. I have done this about 7-8 times on other servers 
> in the past following the instructions on Samba's wiki. This time 
> however, the upgrade process is failing completely to import any users 
> or groups from the NT domain.

Does anybody have any idea what might be happening here? I've just 
copied the configs and databases and Linux users to another machine with 
Samba 4.6.7 - and classicupgrade does the same thing - it doesn't import 
any users. I am guessing that maybe Samba doesn't recognise the users as 
belonging to the NT domain somehow?


> 
> I have enclosed below the output of the classicupgrade command - I can't 
> see anything wrong with it.
> 
> On the NT domain I can list all users with pdbedit -L - and they are all 
> there. I have checked the users' RID's and they are all above 1000.
> 
> I'm not quite sure what else to check - any hints would be greatly 
> appreciated. The NT domain was working without any complaints until I 
> attempted the upgrade to AD today.
> 
> 
> 
> # samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir/ 
> --realm=sinclair-accounting.lan --dns-backend=BIND9_DLZ 
> --option="interfaces=lo br0" --option="bind interfaces only=yes" 
> /etc/samba/smb.conf.PDC
> 
> 
> INFO 2020-05-31 23:07:50,466 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/netcmd/domain.py #1647: Reading 
> smb.conf
> INFO 2020-05-31 23:07:50,467 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/netcmd/domain.py #1651: 
> Provisioning
> INFO 2020-05-31 23:07:50,469 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #507: Exporting 
> account policy
> INFO 2020-05-31 23:07:50,469 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #511: Exporting groups
> INFO 2020-05-31 23:07:50,472 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #557: Exporting users
> INFO 2020-05-31 23:07:50,472 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #638: Next rid = 1000
> INFO 2020-05-31 23:07:50,472 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #681: Exporting 
> posix attributes
> INFO 2020-05-31 23:07:50,472 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #716: Reading WINS 
> database
> WARNING 2020-05-31 23:07:50,473 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #721: Cannot open 
> wins database, Ignoring: [Errno 2] No such file or directory: 
> '/var/lib/samba.PDC/dbdir/wins.dat'
> INFO 2020-05-31 23:07:50,561 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2133: 
> Looking up IPv4 addresses
> INFO 2020-05-31 23:07:50,561 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2150: 
> Looking up IPv6 addresses
> WARNING 2020-05-31 23:07:50,562 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2157: No 
> IPv6 address will be assigned
> INFO 2020-05-31 23:07:50,803 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2301: 
> Setting up share.ldb
> INFO 2020-05-31 23:07:52,001 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2305: 
> Setting up secrets.ldb
> INFO 2020-05-31 23:07:52,682 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2311: 
> Setting up the registry
> INFO 2020-05-31 23:07:55,400 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2314: 
> Setting up the privileges database
> INFO 2020-05-31 23:07:56,958 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2317: 
> Setting up idmap db
> INFO 2020-05-31 23:07:58,044 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2324: 
> Setting up SAM db
> INFO 2020-05-31 23:07:58,255 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #897: 
> Setting up sam.ldb partitions and settings
> INFO 2020-05-31 23:07:58,255 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #909: 
> Setting up sam.ldb rootDSE
> INFO 2020-05-31 23:07:58,489 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1338: 
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness constraint 
> on local domainSIDs
> 
> INFO 2020-05-31 23:07:58,927 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1416: 
> Adding DomainDN: DC=sinclair-accounting,DC=lan
> INFO 2020-05-31 23:07:59,200 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1448: 
> Adding configuration container
> INFO 2020-05-31 23:07:59,409 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1463: 
> Setting up sam.ldb schema
> INFO 2020-05-31 23:08:01,300 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1481: 
> Setting up sam.ldb configuration data
> INFO 2020-05-31 23:08:01,391 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1522: 
> Setting up display specifiers
> INFO 2020-05-31 23:08:02,562 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1530: 
> Modifying display specifiers and extended rights
> INFO 2020-05-31 23:08:02,585 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1537: 
> Adding users container
> INFO 2020-05-31 23:08:02,586 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1543: 
> Modifying users container
> INFO 2020-05-31 23:08:02,587 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1546: 
> Adding computers container
> INFO 2020-05-31 23:08:02,587 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1552: 
> Modifying computers container
> INFO 2020-05-31 23:08:02,588 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1556: 
> Setting up sam.ldb data
> INFO 2020-05-31 23:08:02,675 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1586: 
> Setting up well known security principals
> INFO 2020-05-31 23:08:02,701 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1600: 
> Setting up sam.ldb users and groups
> INFO 2020-05-31 23:08:02,753 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1608: 
> Setting up self join
> Repacking database from v1 to v2 format (first record 
> CN=FRS-Partner-Auth-Level,CN=Schema,CN=Configuration,DC=sinclair-accounting,DC=lan) 
> 
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record 
> CN=localPolicy-Display,CN=410,CN=DisplaySpecifiers,CN=Configuration,DC=sinclair-accounting,DC=lan) 
> 
> Repacking database from v1 to v2 format (first record 
> CN=Replicator,CN=Builtin,DC=sinclair-accounting,DC=lan)
> INFO 2020-05-31 23:08:04,746 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #1994: 
> Setting acl on sysvol skipped
> INFO 2020-05-31 23:08:05,154 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1130: 
> Adding DNS accounts
> INFO 2020-05-31 23:08:05,885 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1164: 
> Creating CN=MicrosoftDNS,CN=System,DC=sinclair-accounting,DC=lan
> INFO 2020-05-31 23:08:05,895 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1177: 
> Creating DomainDnsZones and ForestDnsZones partitions
> INFO 2020-05-31 23:08:06,464 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1182: 
> Populating DomainDnsZones and ForestDnsZones partitions
> Repacking database from v1 to v2 format (first record 
> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=sinclair-accounting,DC=lan) 
> 
> Repacking database from v1 to v2 format (first record 
> CN=Infrastructure,DC=ForestDnsZones,DC=sinclair-accounting,DC=lan)
> WARNING 2020-05-31 23:08:09,995 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #911: 
> Unable to find group id for BIND,
>                  set permissions to sam.ldb* files manually
> WARNING 2020-05-31 23:08:10,001 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #978: 
> BIND version unknown, please modify /var/lib/samba/bind-dns/named.conf 
> manually.
> INFO 2020-05-31 23:08:10,001 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1263: 
> See /var/lib/samba/bind-dns/named.conf for an example configuration 
> include file for BIND
> INFO 2020-05-31 23:08:10,001 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/sambadns.py #1265: 
> and /var/lib/samba/bind-dns/named.txt for further documentation required 
> for secure DNS updates
> INFO 2020-05-31 23:08:10,153 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2037: 
> Setting up sam.ldb rootDSE marking as synchronized
> INFO 2020-05-31 23:08:10,295 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2042: 
> Fixing provision GUIDs
> INFO 2020-05-31 23:08:11,681 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2370: 
> The Kerberos KDC configuration for Samba AD is located at 
> /var/lib/samba/private/kdc.conf
> INFO 2020-05-31 23:08:11,681 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2376: A 
> Kerberos configuration suitable for Samba AD has been generated at 
> /var/lib/samba/private/krb5.conf
> INFO 2020-05-31 23:08:11,681 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2378: 
> Merge the contents of this file with your system krb5.conf or replace it 
> with this one. Do not create a symlink!
> INFO 2020-05-31 23:08:14,760 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #2107: 
> Setting up fake yp server settings
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #489: 
> Once the above files are installed, your Samba AD server will be ready 
> to use
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #493: 
> Admin password:        RVB:E)9K6LhQ8KMDocgaIRK$r]##98
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #494: 
> Server Role:           active directory domain controller
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #495: 
> Hostname:              sa-server
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #496: 
> NetBIOS Domain:        SINCLAIR
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #497: DNS 
> Domain:            sinclair-accounting.lan
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/provision/__init__.py #498: 
> DOMAIN SID:            S-1-5-21-1153527195-3427183792-2240923990
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #747: Importing WINS 
> database
> INFO 2020-05-31 23:08:15,439 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #753: Importing 
> Account policy
> INFO 2020-05-31 23:08:15,818 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #757: Importing 
> idmap database
> WARNING 2020-05-31 23:08:15,818 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #218: Cannot open 
> idmap database, Ignoring: [Errno 2] No such file or directory
> INFO 2020-05-31 23:08:16,235 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #773: Adding groups
> INFO 2020-05-31 23:08:16,235 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #776: Importing groups
> WARNING 2020-05-31 23:08:16,236 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #267: Group already 
> exists sid=S-1-5-21-1153527195-3427183792-2240923990-513, 
> groupname=Domain Users existing_groupname=Domain Users, Ignoring.
> WARNING 2020-05-31 23:08:16,237 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #267: Group already 
> exists sid=S-1-5-21-1153527195-3427183792-2240923990-512, 
> groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
> WARNING 2020-05-31 23:08:16,239 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #267: Group already 
> exists sid=S-1-5-21-1153527195-3427183792-2240923990-514, 
> groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> INFO 2020-05-31 23:08:16,240 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #789: Committing 
> 'add groups' transaction to disk
> INFO 2020-05-31 23:08:16,552 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #792: Adding users
> INFO 2020-05-31 23:08:16,552 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #795: Importing users
> INFO 2020-05-31 23:08:16,552 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #815: Adding users 
> to groups
> INFO 2020-05-31 23:08:16,552 pid:2023 
> /usr/lib64/python3.8/site-packages/samba/upgrade.py #829: Committing 
> 'add users to groups' transaction to disk
> 
> 



More information about the samba mailing list