Samba3 to Samba4 migration issues

Chirana Gheorghita Eugeniu Theodor office at adaptcom.ro
Wed Nov 7 14:06:45 MST 2012 

It worked.
I added the posicAccount property and for CN iI completed the uses name (eg
H910...$) for guig i completed the group number taken fro =m the
ou-Computers uid and for uid I selected 999 for first and decremented by 1
for the others.

Tommorow all machine accounts will get these new properties.

Thanks for support

On Wed, Nov 7, 2012 at 8:18 PM, Ricky Nance <ricky.nance at weaubleau.k12.mo.us
> wrote:

> ---------- Forwarded message ----------
> From: "Gémes Géza" <geza at kzsdabas.hu>
> Date: Nov 6, 2012 1:29 PM
> Subject: Re: Samba3 to Samba4 migration issues
> To: <samba-technical at lists.samba.org>
> Cc:
>
> Hi,
>
> See below
>
>> The machine account is with a trailling $ so the correct snippet is:
>>
>> dn: uid=H9101200$,ou=Computers,dc=**aviamotors,dc=ro
>> displayName: Machine
>> objectClass: sambaSamAccount
>> objectClass: account
>> sambaAcctFlags: [W ]
>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>> uid: H9101200$
>> sambaNTPassword: ****************************
>> sambaPwdLastSet: 1257150878
>>
>> On Tue, Nov 6, 2012 at 10:51 AM, Chirana Gheorghita Eugeniu Theodor <
>> office at adaptcom.ro> wrote:
>>
>>  Hello guys,
>>> For some time the long waited release candidates are online and I just
>>> decided to migrate a samba3 ad to a fully functional samba4 RC4.
>>> The setup:
>>> Centos 6.3 64bit
>>> Intel server
>>> Ldap database of samba3 is on another machine.
>>>
>>> I copied the tdb files and the smb.conf as instructed in the HOWTO ,
>>> setup
>>> nsswitch to get users from ldap and getent passwd works ok.
>>> I arrived at the step where I do the samba-tool classicupgrade and
>>> surprise:
>>> the all users seem to be read and validated ok but when it gets to
>>> reading
>>> the machine accounts it fails with:
>>>
>>> [root at cerberus ~]# /samba/bin/samba-tool domain classicupgrade
>>> --dbdir=/samba/s3/private/ --use-xattrs=yes  --realm=
>>> aviamotor.ro/samba/s3/**private/smb.conf<http://aviamotor.ro/samba/s3/private/smb.conf>
>>> Reading smb.conf
>>> doing parameter time server = Yes
>>> doing parameter load printers = yes
>>> doing parameter printing = cups
>>> WARNING: Ignoring invalid value 'cups' for parameter 'printing'
>>> doing parameter printcap name = cups
>>> doing parameter logon script = scripts\%U.bat
>>> doing parameter domain logons = Yes
>>> doing parameter os level = 98
>>> doing parameter preferred master = Yes
>>> doing parameter domain master = Yes
>>> doing parameter wins support = Yes
>>> doing parameter remote announce = 10.124.112.8
>>> doing parameter ldap admin dn = cn=manager,dc=aviamotors,dc=ro
>>> doing parameter ldap group suffix = ou=Groups
>>> doing parameter ldap idmap suffix = ou=Users
>>> doing parameter ldap machine suffix = ou=Computers
>>> doing parameter ldap passwd sync = Yes
>>> doing parameter ldap suffix = dc=aviamotors,dc=ro
>>> doing parameter ldap user suffix = ou=Users
>>> doing parameter lanman auth = Yes
>>> doing parameter lm announce = no
>>> doing parameter min protocol = NT1
>>> doing parameter full_audit:prefix = %u|%I|%m|%S
>>> doing parameter full_audit:failure = connect
>>> doing parameter full_audit:success = connect disconnect mkdir rmdir open
>>> close read pread write pwrite sendfile rename unlink chmod fchmod chown
>>> fchown chdir ftruncate lock symlink readlink link mknod realpath
>>> doing parameter full_audit:facility = local7
>>> doing parameter full_audit:priority = notice
>>> doing parameter dos filemode = yes
>>> Processing section "[profile]"
>>> doing parameter path = /tmp
>>> Processing section "[netlogon]"
>>> doing parameter path = /var/lib/samba/netlogon
>>> doing parameter read only = No
>>> Processing section "[groups]"
>>> doing parameter comment = All groups
>>> doing parameter path = /home1/groups
>>> doing parameter invalid users = elsa
>>> doing parameter read only = No
>>> doing parameter dos filemode = Yes
>>> doing parameter create mask = 0770
>>> doing parameter directory mask = 0770
>>> doing parameter directory security mask = 0700
>>> Unknown parameter encountered: "directory security mask"
>>> Ignoring unknown parameter "directory security mask"
>>> Processing section "[conta]"
>>> doing parameter comment = Contabilitate
>>> doing parameter path = /home1/conta
>>> doing parameter read only = No
>>> doing parameter create mask = 0770
>>> doing parameter directory mask = 0770
>>> doing parameter directory security mask = 0700
>>> Unknown parameter encountered: "directory security mask"
>>> Ignoring unknown parameter "directory security mask"
>>> doing parameter veto files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>> jpg/*.jpeg/*.wma/
>>> doing parameter hide files = /*.mp3/*.avi/*.mpg/*.mpeg/*.**
>>> jpg/*.jpeg/*.wma/
>>> doing parameter vfs objects = full_audit
>>> Processing section "[marketing]"
>>> doing parameter path = /home1/marketing
>>> doing parameter read only = No
>>> doing parameter create mask = 0770
>>> doing parameter directory mask = 0770
>>> doing parameter directory security mask = 0700
>>> Unknown parameter encountered: "directory security mask"
>>> Ignoring unknown parameter "directory security mask"
>>> doing parameter vfs objects = full_audit
>>> Processing section "[ru]"
>>> doing parameter comment = ru
>>> doing parameter path = /home1/ru
>>> doing parameter read only = No
>>> doing parameter create mask = 0770
>>> doing parameter directory mask = 0770
>>> doing parameter directory security mask = 0770
>>> Unknown parameter encountered: "directory security mask"
>>> Ignoring unknown parameter "directory security mask"
>>> doing parameter vfs objects = full_audit
>>> Processing section "[p1]"
>>> doing parameter comment = Users Profile
>>> doing parameter writeable = yes
>>> doing parameter path = /home2
>>> doing parameter create mask = 0600
>>> doing parameter directory mask = 0700
>>> doing parameter profile acls = yes
>>> doing parameter root preexec = /etc/samba/mkdir.sh %U '%g' %H %P
>>> Processing section "[aaa]"
>>> doing parameter writeable = no
>>> doing parameter path = /home2/aaa
>>> doing parameter create mask = 0600
>>> doing parameter comment = sql
>>> doing parameter directory mask = 0700
>>> Processing section "[printers]"
>>> doing parameter comment = All Printers
>>> doing parameter path = /var/spool/samba/
>>> doing parameter guest ok = Yes
>>> doing parameter printable = Yes
>>> doing parameter browseable = No
>>> doing parameter public = yes
>>> Processing section "[print$]"
>>> doing parameter path = /var/lib/samba/printing
>>> doing parameter write list = "@Domain Admins", root
>>> doing parameter read only = yes
>>> doing parameter browseable = yes
>>> doing parameter guest ok = Yes
>>> Processing section "[kituri]"
>>> doing parameter path = /home/kituri
>>> doing parameter write list = "@Domain Admins"
>>> Processing section "[update]"
>>> doing parameter path = /home/update
>>> doing parameter write list = "@Domain Admins"
>>> Processing section "[toatalumea]"
>>> doing parameter path = /home1/groups/toatalumea
>>> doing parameter read only = No
>>> doing parameter write list = "Users"
>>> doing parameter create mask = 0777
>>> doing parameter directory mask = 0777
>>> doing parameter vfs objects = full_audit
>>> pm_process() returned Yes
>>> Provisioning
>>> smbldap_search_domain_info: Searching
>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>> ))]
>>> smbldap_open_connection: connection opened
>>> ldap_connect_system: successful connection to the LDAP server
>>> The LDAP server is successfully connected
>>> ldapsam_getsampwnam: Unable to locate user [LINUXRETEA$] count=0
>>> Exporting account policy
>>> Exporting groups
>>> ldapsam_setsamgrent: 21 entries in the base!
>>> init_group_from_ldap: Entry found for group: 548
>>> init_group_from_ldap: Entry found for group: 544
>>> init_group_from_ldap: Entry found for group: 551
>>> init_group_from_ldap: Entry found for group: 503
>>> init_group_from_ldap: Entry found for group: 509
>>> init_group_from_ldap: Entry found for group: 512
>>> init_group_from_ldap: Entry found for group: 515
>>> init_group_from_ldap: Entry found for group: 514
>>> init_group_from_ldap: Entry found for group: 513
>>> init_group_from_ldap: Entry found for group: 1001
>>> init_group_from_ldap: Entry found for group: 517
>>> init_group_from_ldap: Entry found for group: 507
>>> init_group_from_ldap: Entry found for group: 508
>>> init_group_from_ldap: Entry found for group: 550
>>> init_group_from_ldap: Entry found for group: 552
>>> init_group_from_ldap: Entry found for group: 1011
>>> init_group_from_ldap: Entry found for group: 504
>>> init_group_from_ldap: Entry found for group: 524
>>> init_group_from_ldap: Entry found for group: 500
>>> init_group_from_ldap: Entry found for group: 510
>>> init_group_from_ldap: Entry found for group: 580
>>> ldapsam_enum_aliasmem: Did not find alias
>>> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not
>>> found:
>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>> SUCH_ALIAS)
>>> ldapsam_enum_aliasmem: Did not find alias
>>> Ignoring group 'Administrators' S-1-5-32-544 listed but then not found:
>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>> SUCH_ALIAS)
>>> ldapsam_enum_aliasmem: Did not find alias
>>> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found:
>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>> SUCH_ALIAS)
>>> ldapsam_enum_aliasmem: Did not find alias
>>> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found:
>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>> SUCH_ALIAS)
>>> ldapsam_enum_aliasmem: Did not find alias
>>> Ignoring group 'Replicators' S-1-5-32-552 listed but then not found:
>>> Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_**
>>> SUCH_ALIAS)
>>> Exporting users
>>> smbldap_search_paged: base => [dc=aviamotors,dc=ro], filter =>
>>> [(&(uid=*)(objectclass=**sambaSamAccount))],scope => [2], pagesize =>
>>> [1024]
>>> smbldap_search_paged: search was successful
>>> init_sam_from_ldap: Entry found for user: nobody
>>> Home server: LINUXRETEA
>>> Home server: LINUXRETEA
>>> smbldap_search_domain_info: Searching
>>> for:[(&(objectClass=**sambaDomain)(sambaDomainName=A**VIAMOTORS.RO<http://AVIAMOTORS.RO>
>>> ))]
>>> smbldap_open_connection: connection opened
>>> ldap_connect_system: successful connection to the LDAP server
>>> The LDAP server is successfully connected
>>>    Skipping wellknown rid=500 (for username=root)
>>> init_sam_from_ldap: Entry found for user: catalin
>>> Home server: LINUXRETEA
>>> init_sam_from_ldap: Entry found for user: parlitu
>>> init_sam_from_ldap: Entry found for user: valig
>>> init_sam_from_ldap: Entry found for user: ion
>>> init_sam_from_ldap: Entry found for user: pascu
>>> init_sam_from_ldap: Entry found for user: paraschiv
>>> init_sam_from_ldap: Entry found for user: ddaniel
>>> init_sam_from_ldap: Entry found for user: H9101201$
>>> Home server: LINUXRETEA
>>> Home server: LINUXRETEA
>>> init_sam_from_ldap: Failed to find Unix account for H9101201$
>>> ldapsam_getsampwnam: init_sam_from_ldap failed for user 'H9101201$'!
>>> ERROR(<class 'passdb.error'>): uncaught exception - Unable to get user
>>> information for 'H9101201$', (-1073741724,No such user)
>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/__init__**
>>> .py",
>>> line 175, in _run
>>>      return self.run(*args, **kwargs)
>>>    File "/samba/lib64/python2.6/site-**packages/samba/netcmd/domain.**py",
>>> line
>>> 1318, in run
>>>      useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>>>    File "/samba/lib64/python2.6/site-**packages/samba/upgrade.py", line
>>> 694,
>>> in upgrade_from_samba3
>>>      user = s3db.getsampwnam(username)
>>>
>>> the ldif snipped for a machine account is:
>>>
>>> dn: uid=H9101200,ou=Computers,dc=**aviamotors,dc=ro
>>> displayName: Machine
>>> objectClass: sambaSamAccount
>>> objectClass: account
>>> sambaAcctFlags: [W ]
>>> sambaSID: S-1-5-21-3911796660-**3176143098-666610135-9999
>>> uid: H9101200
>>> sambaNTPassword: ****************************
>>> sambaPwdLastSet: 1257150878
>>>
>>> What am I missing here?
>>>
>>> --
>>> ______________________________**_____________________
>>> Cu stima/Best regards/Mit freundlichen Grüßen,
>>>
>>>
>>> Chirana-Gheorghita Eugeniu-Theodor
>>> Bucharest, Romania
>>>
>>> e-mail : office at adaptcom.ro
>>> mobile: 0743 698721
>>>              0747 447675
>>>
>>>
>>
>>  You need to posixify your accounts, including the machine accounts,
> which translates into adding the posixAccount objectclass to them, together
> with some "must" attributes of it (e.g. uidNumber)
>
> Regards
>
> Geza Gemes
>



-- 
___________________________________________________
Cu stima/Best regards/Mit freundlichen Grüßen/最好的问候,

Chirana-Gheorghita Eugeniu-Theodor
Bucharest, Romania

e-mail : office at adaptcom.ro
mobile: 0743 698721
            0747 447675

More information about the samba-technical mailing list