[Samba] Classic Upgrade changes domain SID
Peter Koch
sambamailinglist at gmail.com
Sun Aug 27 14:08:14 UTC 2023
Hi Rowland,
Seems like skipping step5 has no influence on the problem
> Also the 'netbios name' in smb.conf on your new DC must match the DCs
> short hostname.
It does. Either I change the netbios name in /var/samba/NT4-DC/smb.conf
to the
shortname of the new server in uppercase. Or I'm using
serv00.nav.naev.de as the
FDQN of the new AD-DC.
> Have you read this:
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
> I suggest you try again.
I'm sure I know this guide by heart :-)
I was under the impression that Samba4 does NOT need all those
user- and machine$-accounts in /etc/passwd, but the classic
upgrade script does in order to migrate groups, users and computers.
I just repeated the classic upgrade without step 5 and then
I get lots of complains about users and groups, but the domain
SID is still different from the old value:
I noticed that the SIDs of all groups that the upgrade script
complains about, start with S-1-5-21-1415314133-2460755331-2761616138
(that is the domain SID of the old server) while the SIDs of those user
and machine accounts that do not have groupmemberships all start
with S-1-5-352321536-3589954388-2200284306-183212708(that is the
domain SID of the new server).
The SID of user babo in the old server is
S-1-5-21-1415314133-2460755331-2761616138-1158 and the
primary group of user babo has SID
S-1-5-21-1415314133-2460755331-2761616138-21013 (from
pdbedit -vL babo output). So the upgrade script changed babo's
SID from S-1-5-21-1415314133-2460755331-2761616138-1158
to S-1-5-352321536-3589954388-2200284306-183212708-1158.
Here's the new output from classic upgrade script:
INFO 2023-08-27 15:21:22,994 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/netcmd/domain.py #1666:
Reading smb.conf
INFO 2023-08-27 15:21:22,996 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/netcmd/domain.py #1670:
Provisioning
INFO 2023-08-27 15:21:23,003 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #507:
Exporting account policy
INFO 2023-08-27 15:21:23,003 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #511:
Exporting groups
WARNING 2023-08-27 15:21:23,011 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #534: Ignoring
group 'immo' S-1-5-21-1415314133-2460755331-2761616138-21039 listed but
then not found: Unable to enumerate group members, (-1073741722,The
specified group does not exist.)
WARNING 2023-08-27 15:21:23,012 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #534: Ignoring
group 'azubi' S-1-5-21-1415314133-2460755331-2761616138-21033 listed but
then not found: Unable to enumerate group members, (-1073741722,The
specified group does not exist.)
... last line repeated for 25 other groups
INFO 2023-08-27 15:21:23,020 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #557:
Exporting users
WARNING 2023-08-27 15:21:23,145 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #635: Ignoring
group memberships of 'babo'
S-1-5-352321536-3589954388-2200284306-183212708-1158: Unable to
enumerate group memberships, (-1073741724,The specified account does not
exist.)
WARNING 2023-08-27 15:21:23,146 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #635: Ignoring
group memberships of 'elzec'
S-1-5-352321536-3589954388-2200284306-183212708-1036: Unable to
enumerate group memberships, (-1073741724,The specified account does not
exist.)
... last line repeated for 758 other user and machine$ accounts
INFO 2023-08-27 15:21:23,784 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #638: Next rid
= 31031
INFO 2023-08-27 15:21:23,789 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #681:
Exporting posix attributes
INFO 2023-08-27 15:21:23,914 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #716: Reading
WINS database
WARNING 2023-08-27 15:21:23,915 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #721: Cannot
open wins database, Ignoring: [Errno 2] No such file or directory:
'/var/samba/NT4-DC/wins.dat'
INFO 2023-08-27 15:21:23,918 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2108: Looking up IPv4 addresses
INFO 2023-08-27 15:21:23,918 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2125: Looking up IPv6 addresses
WARNING 2023-08-27 15:21:23,919 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2132: No IPv6 address will be assigned
INFO 2023-08-27 15:21:24,618 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2274: Setting up share.ldb
INFO 2023-08-27 15:21:25,217 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2278: Setting up secrets.ldb
INFO 2023-08-27 15:21:25,580 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2283: Setting up the registry
INFO 2023-08-27 15:21:26,198 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2286: Setting up the privileges database
INFO 2023-08-27 15:21:26,582 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2289: Setting up idmap db
INFO 2023-08-27 15:21:26,865 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2296: Setting up SAM db
INFO 2023-08-27 15:21:26,921 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#880: Setting up sam.ldb partitions and settings
INFO 2023-08-27 15:21:26,922 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#892: Setting up sam.ldb rootDSE
INFO 2023-08-27 15:21:26,955 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1305: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint
on local domainSIDs
INFO 2023-08-27 15:21:27,144 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1383: Adding DomainDN: DC=nav,DC=naev,DC=de
INFO 2023-08-27 15:21:27,211 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1415: Adding configuration container
INFO 2023-08-27 15:21:27,271 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1430: Setting up sam.ldb schema
INFO 2023-08-27 15:21:36,498 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1448: Setting up sam.ldb configuration data
INFO 2023-08-27 15:21:36,874 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1489: Setting up display specifiers
INFO 2023-08-27 15:21:43,082 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1497: Modifying display specifiers and extended rights
INFO 2023-08-27 15:21:43,174 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1504: Adding users container
INFO 2023-08-27 15:21:43,178 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1510: Modifying users container
INFO 2023-08-27 15:21:43,179 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1513: Adding computers container
INFO 2023-08-27 15:21:43,183 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1519: Modifying computers container
INFO 2023-08-27 15:21:43,184 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1523: Setting up sam.ldb data
INFO 2023-08-27 15:21:43,520 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1553: Setting up well known security principals
INFO 2023-08-27 15:21:43,660 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1567: Setting up sam.ldb users and groups
INFO 2023-08-27 15:21:44,322 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1575: Setting up self join
Repacking database from v1 to v2 format (first record
CN=rpc-Ns-Group,CN=Schema,CN=Configuration,DC=nav,DC=naev,DC=de)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=mSMQConfiguration-Display,CN=405,CN=DisplaySpecifiers,CN=Configuration,DC=nav,DC=naev,DC=de)
Repacking database from v1 to v2 format (first record
CN=98de1d3e-6611-443b-8b4e-f4337f1ded0b,CN=Operations,CN=DomainUpdates,CN=System,DC=nav,DC=naev,DC=de)
INFO 2023-08-27 15:21:46,655 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#1969: Setting acl on sysvol skipped
INFO 2023-08-27 15:21:46,721 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1198: Adding DNS accounts
INFO 2023-08-27 15:21:46,865 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1232: Creating CN=MicrosoftDNS,CN=System,DC=nav,DC=naev,DC=de
INFO 2023-08-27 15:21:46,903 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1245: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2023-08-27 15:21:47,043 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/sambadns.py
#1250: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record
DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=nav,DC=naev,DC=de)
Repacking database from v1 to v2 format (first record
DC=_kerberos._tcp.dc,DC=_msdcs.nav.naev.de,CN=MicrosoftDNS,DC=ForestDnsZones,DC=nav,DC=naev,DC=de)
INFO 2023-08-27 15:21:47,713 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2012: Setting up sam.ldb rootDSE marking as synchronized
INFO 2023-08-27 15:21:47,744 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2017: Fixing provision GUIDs
INFO 2023-08-27 15:21:49,801 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2348: A Kerberos configuration suitable for Samba AD has been generated
at /var/samba/private/krb5.conf
INFO 2023-08-27 15:21:49,801 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2350: Merge the contents of this file with your system krb5.conf or
replace it with this one. Do not create a symlink!
INFO 2023-08-27 15:21:50,549 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#2082: Setting up fake yp server settings
INFO 2023-08-27 15:21:51,078 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#487: Once the above files are installed, your Samba AD server will be
ready to use
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#492: Server Role: active directory domain controller
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#493: Hostname: serv00
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#494: NetBIOS Domain: NAV
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#495: DNS Domain: nav.naev.de
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/provision/__init__.py
#496: DOMAIN SID: S-1-5-352321536-3589954388-2200284306-183212708
Domain SID ist still different from the old one
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #747:
Importing WINS database
INFO 2023-08-27 15:21:51,079 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #753:
Importing Account policy
INFO 2023-08-27 15:21:51,305 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #757:
Importing idmap database
WARNING 2023-08-27 15:21:51,305 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #218: Cannot
open idmap database, Ignoring: [Errno 2] No such file or directory
INFO 2023-08-27 15:21:51,722 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #773: Adding
groups
INFO 2023-08-27 15:21:51,722 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #776:
Importing groups
WARNING 2023-08-27 15:21:51,861 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #267: Group
already exists sid=S-1-5-32-550, groupname=Print Operators
existing_groupname=Print Operators, Ignoring.
INFO 2023-08-27 15:21:51,996 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #789:
Committing 'add groups' transaction to disk
INFO 2023-08-27 15:21:52,092 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #792: Adding users
INFO 2023-08-27 15:21:52,093 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #795:
Importing users
WARNING 2023-08-27 15:22:04,384 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #805: User
root has been kept in the directory, it should be removed in favour of
the Administrator user
INFO 2023-08-27 15:23:04,761 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #815: Adding
users to groups
INFO 2023-08-27 15:23:04,763 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #829:
Committing 'add users to groups' transaction to disk
INFO 2023-08-27 15:23:04,763 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #834: Setting
password for administrator
INFO 2023-08-27 15:23:04,830 pid:27386
/usr/samba/lib64/python3.9/site-packages/samba/upgrade.py #843:
Administrator password has been set to password of user 'root'
Peter
More information about the samba
mailing list