Web lists-archives.com

Re: [Samba] error adding users to Domain Admins group during classicupgrade




On 14/05/2019 08:44, Ruisheng Peng via samba wrote:
Hi,

   I'm trying to migrate a NT4 domain under Samba3 to an AD DC under Samba4
on a separate server.  During the classicupgrade, there were a number
warnings while importing groups:

WARNING 2019-05-13 15:09:56,728 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #299: Could
not add group name=Domain Admins ((68, 'Entry CN=Domain
Admins,CN=Users,DC=ifa,DC=hawaii,DC=edu already exists'))

WARNING 2019-05-13 15:09:56,729 pid:25284
/usr/local/samba/lib64/python2.7/site-packages/samba/upgrade.py #161: Could
not modify AD idmap entry for
sid=S-1-5-21-280721883-191778108-123917971-512, id=512, type=ID_TYPE_GID
((32, "Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>' not
found"))


You will get errors like this because the groups will already have been created before the users and groups are migrated, you can ignore these.

Soon after when adding users to groups, the process bombed out with
the following error:


ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
ProvisioningError: Could not add member
'S-1-5-21-2342696748-4272319941-312989834-1001' to group
'S-1-5-21-280721883-191778108-123917971-512' as either group or user record
doesn't exist: Base-DN '<SID=S-1-5-21-280721883-191778108-123917971-512>'
not found

Why does the user have a different SID to the group ?

That would make them members of different domains.

Is it like this in your old domain ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba