Web lists-archives.com

Re: [Samba] Migration samba 3 to 4




Hello,

Indeed when I copied the result for the mailing I made a mistake. MY.DOMAIN is a dummy name. The result of the migration command is

Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators' S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found: Unable to enumerate group members, (-1073741596,This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users' S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found: Unable to enumerate group members, (-1073741596,This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our domain sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our domain   Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
  Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap': LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Could not open ldb connection to ldap://ldap2.my.domain, the error message is: (1, 'LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1566, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671, in upgrade_from_samba3     raise ProvisioningError("Could not open ldb connection to %s, the error message is: %s" % (url, e))


Since my new samba server I tried to make a ldap request

# ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D "cn=Manager,dc=domain,dc=fr" cn="Backup Operators"

# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=domain,dc=fr> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#

*************
# Backup Operators, Groups, domain.fr
dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

*******************


I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the server is accessible with its ip or by its name dns (ldap2)

*Philippe MALADJIAN
Responsable informatique | administrateur système*
Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian@xxxxxxxxxx <mailto:pmaladjian@xxxxxxxxxx>

Hilaire s.a.s. <http://www.hilaire.fr> 	*HILAIRE s.a.s.*
203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
http://www.hilaire.fr

Le 05/09/2018 à 13:02, Rowland Penny via samba a écrit :
On Wed, 5 Sep 2018 11:42:04 +0200
Philippe Maladjian via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

I'm testing with this link but i'have the same error.

# samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/
--realm=dom.hilaire
--dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf

Okay, you have these in your smb.conf:

          workgroup = MY.DOMAIN
          passdb backend = ldapsam:ldap://ldap2.my.domain

You have this error message:

Failed to connect to ldap URL 'ldap://ldap2.MYDOMAIN' - LDAP client
internal error: NT_STATUS_BAD_NETWORK_NAME

Is this bad sanitisation ?

Does the workgroup 'MY.DOMAIN' actually have a dot in it ?
Why is the upgrade reading 'ldap2.my.domain' as 'ldap2.MYDOMAIN' ?
Is the old ldap server still running and accessible ?
Can you post the ldap object for 'Domain Users'
What is the DNS domain name of the computer you are running the upgrade
on.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba