Web lists-archives.com

Re: [Samba] Migration samba 3 to 4





	

Le 05/09/2018 à 18:32, Rowland Penny via samba a écrit :
On Wed, 5 Sep 2018 16:53:50 +0200
Philippe Maladjian via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

Indeed when I copied the result for the mailing I made a mistake.
MY.DOMAIN is a dummy name. The result of the migration command is

Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators'
S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not
found: Unable to enumerate group members, (-1073741596,This error
indicates that the requested operation cannot be completed due to a
catastrophic media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users'
S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not
found: Unable to enumerate group members, (-1073741596,This error
indicates that the requested operation cannot be completed due to a
catastrophic media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to
our domain
sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to
our domain
    Fixing account svimp02$ which had both ACB_NORMAL (U) and
ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e.
as a domain member Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client
internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldap2.my.domain' with backend 'ldap':
LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception - ProvisioningError: Could not open ldb connection to
ldap://ldap2.my.domain, the error message is: (1, 'LDAP client
internal error: NT_STATUS_BAD_NETWORK_NAME')
Since my new samba server I tried to make a ldap request

# ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D
"cn=Manager,dc=domain,dc=fr" cn="Backup Operators"
If you are going to sanitise an object, please use it everywhere.

The upgrade is trying to use ldap2.my.domain
in the ldapsearch you use 'dc=domain,dc=fr' from which I would have
expected 'ldap2.domain.fr'
my.domain is the internal dns domain name, it is also used by the current samba domain controller and windows station.

domain.fr is the root name of the ldap directory. It was not a good idea to have two different names and I think that taking advantage of the update to change domain.fr to my.domain is the right time.


# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=domain,dc=fr> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#

*************
# Backup Operators, Groups, domain.fr
dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551

There doesn't seem to be anything wrong there
*******************


I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the
server is accessible with its ip or by its name dns (ldap2)

Yes, but is it accessible by 'ldap2.domain.fr'
# ping ldap2.my.domain (dns name)
OK

Is a firewall running on the old PDC ?
No

I would also like to point out that I think I have worked out what
'domain' is and you really shouldn't use this for an AD domain.
Sorry I did not understand ?
Rowland



Philippe.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba