Web lists-archives.com

Re: [Samba] Migration samba 3 to 4




Hello,

I realize again test by resuming all 0 with the following configuration and I arrive at the same result.

-------------------- smb.conf

[global]
    netbios name = svdom
    server string = Gestionnaire de domaine
    workgroup = dom.domain

    hosts allow = 192.168.15. 192.168.6. 10.0.7.
    security = user
    domain master = yes
    domain logons = yes
    prefered master = yes
    local master = yes
    os level = 252
    log level = 1

    encrypt passwords = yes
    username map = /etc/samba/smbusers
    passdb expand explicit = no

    add machine script = /usr/sbin/smbldap-useradd -w '%u'
    add user script = /usr/sbin/smbldap-useradd -a -m '%u'
    delete user script = /usr/sbin/smbldap-userdel -r '%u'
    add group script = /usr/sbin/smbldap-groupadd -g '%g'
    delete group script = /usr/sbin/smbldap-groupdel '%g'
    add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
    delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
    set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'

    ldap admin dn = cn=Manager,dc=dom,dc=domain
    ldap suffix = dc=dom,dc=domain
    ldap passwd sync = yes
    ldap ssl = no

    ldap user suffix = ou=Users
    ldap group suffix = ou=Groups
    ldap machine suffix = ou=Computers
    ldap idmap suffix = ou=Users

    passdb backend = ldapsam:ldap://ldap2.dom.domain
    idmap backend = ldapsam:ldap://ldap2.dom.domain

    nt acl support = yes
    map untrusted to domain = yes

    wins support = yes
    wins proxy = no
        dns proxy = yes
    name resolve order = wins lmhosts bcast
    interfaces = eth* lo
    bind interfaces only = yes
    time server = yes
    socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

    lock directory = /var/lib/samba
    log file = /var/log/samba/users/log-%U.log

    veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/*.FIC/*.NDX/*.xlsx/
    guest account = nobody

    logon script = %G.bat
    logon path = \\svdom\profiles\%U

    load printers = no
    printcap name = /dev/null
    printcap cache time = 0
    idmap uid = 16777216-33554431
    idmap gid = 16777216-33554431
    template shell = /bin/false
    winbind use default domain = no

[share...]

-------------------------------- samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/ --realm=dom.domain --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf -d 10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
WARNING: The "syslog" option is deprecated
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
pm_process() returned Yes
Reading smb.conf
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
doing parameter netbios name = svct02
doing parameter server string = Gestionnaire de domaine
doing parameter workgroup = dom.domain
doing parameter hosts allow = 192.168.15. 192.168.6. 10.0.7.
doing parameter security = user
doing parameter domain master = yes
doing parameter domain logons = yes
doing parameter prefered master = yes
doing parameter local master = yes
doing parameter os level = 252
doing parameter log level = 1
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators' S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found: Unable to enumerate group members, (-1073741596,This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users' S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found: Unable to enumerate group members, (-1073741596,This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our domain sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our domain   Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
  Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
Failed to connect to ldap URL 'ldap://ldap2.dom.domain' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://ldap2.dom.domain' with backend 'ldap': LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: Could not open ldb connection to ldap://ldap2.dom.domain, the error message is: (1, 'LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1566, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671, in upgrade_from_samba3     raise ProvisioningError("Could not open ldb connection to %s, the error message is: %s" % (url, e))

------------- ldapsearch -h ldap2.dom.domain -xb "ou=Groups,dc=dom,dc=domain" -W -D "cn=Manager,dc=dom,dc=domain" cn="Backup Operators"
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=dom,dc=domain> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#

# Backup Operators, Groups, dom.domain
dn: cn=Backup Operators,ou=Groups,dc=dom,dc=domain
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

---------------- ldapsearch -h ldap2.dom.domain -xb "ou=Groups,dc=dom,dc=domain" -W -D "cn=Manager,dc=dom,dc=domain" cn="Domain Users"
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=dom,dc=domain> with scope subtree
# filter: cn=Domain Users
# requesting: ALL
#

# Domain Users, Groups, dom.domain
dn: cn=Domain Users,ou=Groups,dc=dom,dc=domain
cn: Domain Users
description: Domain Unix group
displayName: Domain Users
gidNumber: 513
memberUid: [...]
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-513

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

ldap2 is a DNS alias of ns1.

------------------------------- ping ldap2.dom.domain

PING ns1.dom.domain (192.168.15.31) 56(84) bytes of data.
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=1 ttl=64 time=0.574 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=2 ttl=64 time=0.345 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=3 ttl=64 time=0.235 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=4 ttl=64 time=0.292 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=5 ttl=64 time=0.601 ms


------------------------------- ping ldap2

--- ns1.dom.domain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4056ms
rtt min/avg/max/mdev = 0.235/0.409/0.601/0.150 ms
PING ns1.dom.domain (192.168.15.31) 56(84) bytes of data.
64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=1 ttl=64 time=0.451 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=2 ttl=64 time=0.677 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=3 ttl=64 time=0.356 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=4 ttl=64 time=0.296 ms 64 bytes from ns1.dom.domain (192.168.15.31): icmp_seq=5 ttl=64 time=0.479 ms

--- ns1.dom.domain ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4068ms
rtt min/avg/max/mdev = 0.296/0.451/0.677/0.133 ms


I have exhausted all my resources and on the internet the error message is quite generic or an unmanaged error.

*Philippe MALADJIAN
Responsable informatique | administrateur système*


	

Le 06/09/2018 à 11:44, Rowland Penny via samba a écrit :
On Thu, 6 Sep 2018 11:08:21 +0200
Philippe Maladjian via samba <samba@xxxxxxxxxxxxxxx> wrote:
Before the classicupdate on my ldap I can change the rootdn to match
my.domain and not domain.fr?
I suppose you could try it, dump the entire ldap to an ldif, manually
change all 'dc=domain,dc=fr' to 'dc=my,dc=domain'. You would then have
to move the old ldap out of the way and add your new ldif to ldap.
Change your smb.conf to match. This could sort your ldap problem
(don't know, never tried it), not sure what you may have to do to
Samba, or how you would do it, again because I have never tried to do
this.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba