Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 3 classicupgrade to Samba AD
78 views
Skip to first unread message
Max Olivas
Jan 4, 2013, 2:30:02 PM1/4/13
to
Hey All,
I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
root@telluride:~# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=northglenn.org /root/old-samba/smb.conf
Reading smb.conf
Processing section "[netlogon]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'tkuenning' S-1-5-21-684095783-2094215992-774919444-1744: Unable to enumerate group memberships, (-1073741724,No such user)
.....There are a bunch of identical errors here that I'm omitting, one for every user/PC in the domain I'm guessing.
Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user)
Next rid = 6155
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat'
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Processing section "[netlogon]"
Processing section "[sysvol]"
Module 'acl_xattr' loaded
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata
Adding DomainDN: DC=mydomain,DC=org
DN: DC=northglenn,DC=org is a NC
Adding configuration container
DN: CN=Configuration,DC=northglenn,DC=org is a NC
Setting up sam.ldb schema
DN: CN=Schema,CN=Configuration,DC=northglenn,DC=org is a NC
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=northglenn,DC=org
Creating DomainDnsZones and ForestDnsZones partitions
DN: DC=DomainDnsZones,DC=northglenn,DC=org is a NC
DN: DC=ForestDnsZones,DC=northglenn,DC=org is a NC
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: 80r&K6jk(EeBM-C
Server Role: active directory domain controller
Hostname: telluride
NetBIOS Domain: NTSERV
DNS Domain: northglenn.org
DOMAIN SID: S-1-5-21-684095783-2094215992-774919444
Importing WINS database
Importing Account policy
Importing idmap database
Processing section "[netlogon]"
Processing section "[sysvol]"
Importing groups
Importing users
Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 896, in upgrade_from_samba3
s4_passdb.add_sam_account(userdata[username])
Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake. Thanks in advance for any help!
Thanks,
Max
I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
root@telluride:~# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=northglenn.org /root/old-samba/smb.conf
Reading smb.conf
Processing section "[netlogon]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'tkuenning' S-1-5-21-684095783-2094215992-774919444-1744: Unable to enumerate group memberships, (-1073741724,No such user)
.....There are a bunch of identical errors here that I'm omitting, one for every user/PC in the domain I'm guessing.
Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user)
Next rid = 6155
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat'
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Processing section "[netlogon]"
Processing section "[sysvol]"
Module 'acl_xattr' loaded
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata
Adding DomainDN: DC=mydomain,DC=org
DN: DC=northglenn,DC=org is a NC
Adding configuration container
DN: CN=Configuration,DC=northglenn,DC=org is a NC
Setting up sam.ldb schema
DN: CN=Schema,CN=Configuration,DC=northglenn,DC=org is a NC
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=northglenn,DC=org
Creating DomainDnsZones and ForestDnsZones partitions
DN: DC=DomainDnsZones,DC=northglenn,DC=org is a NC
DN: DC=ForestDnsZones,DC=northglenn,DC=org is a NC
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: 80r&K6jk(EeBM-C
Server Role: active directory domain controller
Hostname: telluride
NetBIOS Domain: NTSERV
DNS Domain: northglenn.org
DOMAIN SID: S-1-5-21-684095783-2094215992-774919444
Importing WINS database
Importing Account policy
Importing idmap database
Processing section "[netlogon]"
Processing section "[sysvol]"
Importing groups
Importing users
Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 896, in upgrade_from_samba3
s4_passdb.add_sam_account(userdata[username])
Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake. Thanks in advance for any help!
Thanks,
Max
Adam Tauno Williams
Jan 4, 2013, 3:30:02 PM1/4/13
to
On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote:
> Hey All,
>
> I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
> Hey All,
>
> I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
> Importing groups
> Importing users
> Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
> Importing users
> Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
> Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake. Thanks in advance for any help!
I'd wager the error message is exact and meaningful - you have a
duplicate sambaSID in your LDAPSAM. Also the machine account "watersan
$" contains a space. That seems odd.
I had several of these inconsistencies in my old LDAPSAM that I needed
to correct before the upgrade completed.
--
Adam Tauno Williams GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Andrew Bartlett
Jan 4, 2013, 5:40:01 PM1/4/13
to
On Fri, 2013-01-04 at 15:24 -0500, Adam Tauno Williams wrote:
> On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote:
> > Hey All,
> >
> > I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
> > Importing groups
> > Importing users
> > Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
> > Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake. Thanks in advance for any help!
>
> I'd wager the error message is exact and meaningful - you have a
> duplicate sambaSID in your LDAPSAM. Also the machine account "watersan
> $" contains a space. That seems odd.
>
> I had several of these inconsistencies in my old LDAPSAM that I needed
> to correct before the upgrade completed.
Adam,
> On Fri, 2013-01-04 at 12:28 -0700, Max Olivas wrote:
> > Hey All,
> >
> > I have a Samba 3 PDC (Debian, Samba version 3.5.6 with NIS groups and no winbind) with about 300 users, 200 client PC's, 15 member servers(mixed Windows Server 2003/2008 and Samba 3), and I'm attempting the classicupgrade to Samba AD. To test I've created a new Ubuntu 12.04 LTS and followed the HOWTO, successfully creating a blank Samba AD and testing adding users/PC's and connecting with Windows AD tools. I then attempted the classicupgrade (rolled VM back and copied .tdb files and smb.conf from current PDC) but I'm getting several errors.
> > Importing groups
> > Importing users
> > Failed to create user record CN=watersan ,CN=Computers,DC=northglenn,DC=org: Entry CN=watersan,CN=Computers,DC=northglenn,DC=org already exists
> > ERROR(<class 'passdb.error'>): uncaught exception - Unable to add sam account 'watersan $', (-1073741725,User exists)
> > Hopefully someone sees something that I"m doing blatently wrong and can point out my mistake. Thanks in advance for any help!
>
> I'd wager the error message is exact and meaningful - you have a
> duplicate sambaSID in your LDAPSAM. Also the machine account "watersan
> $" contains a space. That seems odd.
>
> I had several of these inconsistencies in my old LDAPSAM that I needed
> to correct before the upgrade completed.
I agree. As we have never had an internal passdb consistency checker
before, the checks being done as part of the import are often the first
time a Samba 3.x site will discover a number of internal
inconsistancies.
For example, we already check for usernames and group names that
overlap, and duplicate SIDs. The detection of duplicate usernames is
left to this stage because we can give a clearer error message at this
point. The script is just python however, and so it isn't hard to
improve if someone wants to provide a patch to improve it.
Max,
Your issue might be that what we fill in as CN is a duplicate, rather
than the username.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Max Olivas
Jan 14, 2013, 4:20:02 PM1/14/13
to
Hey All,
Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now:
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER')
result.names.domaindn, result.lp, use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1476, in setsysvolacl
setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated.
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/4/2013 3:37 PM >>>
Thanks for the feedback. I've cleaned up my .tdb files some and have moved farther with the upgrade command but I'm still getting errors. This is what I'm getting now:
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 926, in upgrade_from_samba3
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
result.names.domaindn, result.lp, use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1476, in setsysvolacl
setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
I see that sid is for the Administrators group but I'm not sure what I need to do to it to complete the upgrade command without errors? Any help is much appreciated.
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/4/2013 3:37 PM >>>
Andrew Bartlett
Jan 14, 2013, 5:10:03 PM1/14/13
to
On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote:
> Hey All,
>
> Hey All,
>
4.0.0?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Max Olivas
Jan 15, 2013, 9:00:01 AM1/15/13
to
Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS.
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/14/2013 3:01 PM >>>
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/14/2013 3:01 PM >>>
Max Olivas
Jan 16, 2013, 11:30:04 AM1/16/13
to
Is the workaround something I do or something that is fixed in the newer version?
Thanks,
Max
>>> "Max Olivas " <mol...@northglenn.org> 1/15/2013 6:54 AM >>>
Thanks,
Max
>>> "Max Olivas " <mol...@northglenn.org> 1/15/2013 6:54 AM >>>
Andrew Bartlett
Jan 16, 2013, 4:30:02 PM1/16/13
to
On Wed, 2013-01-16 at 09:23 -0700, Max Olivas wrote:
> Is the workaround something I do or something that is fixed in the
> newer version?
>
> Thanks,
> Max
>
> >>> "Max Olivas " <mol...@northglenn.org> 1/15/2013 6:54 AM >>>
> Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS.
>
> Thanks,
> Max
>
> >>> Andrew Bartlett <abar...@samba.org> 1/14/2013 3:01 PM >>>
> On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote:
> > Hey All,
> >
> > Thanks for the feedback. I've cleaned up my .tdb files some and
> have
> > moved farther with the upgrade command but I'm still getting errors.
> > This is what I'm getting now:
> >
> > idmapping sid_to_xid failed for id[0]=S-1-5-32-544:
> > NT_STATUS_NONE_MAPPED
> > set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
> > ERROR(runtime): uncaught exception - (-1073741734,
> > 'NT_STATUS_INVALID_OWNER')
> > File
> >
Looking more closely at the error, this is different. Is there more
> Is the workaround something I do or something that is fixed in the
> newer version?
>
> Thanks,
> Max
>
> >>> "Max Olivas " <mol...@northglenn.org> 1/15/2013 6:54 AM >>>
> Version 4.1.0pre1-GIT-94f11e9 on Ubuntu 12.04 LTS.
>
> Thanks,
> Max
>
> >>> Andrew Bartlett <abar...@samba.org> 1/14/2013 3:01 PM >>>
> On Mon, 2013-01-14 at 14:14 -0700, Max Olivas wrote:
> > Hey All,
> >
> > Thanks for the feedback. I've cleaned up my .tdb files some and
> have
> > moved farther with the upgrade command but I'm still getting errors.
> > This is what I'm getting now:
> >
> > idmapping sid_to_xid failed for id[0]=S-1-5-32-544:
> > NT_STATUS_NONE_MAPPED
> > set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
> > ERROR(runtime): uncaught exception - (-1073741734,
> > 'NT_STATUS_INVALID_OWNER')
> > File
> >
detail to the error than what you pasted?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Max Olivas
Jan 18, 2013, 11:30:01 AM1/18/13
to
Here is the whole command I am testing:
root@telluride:/usr/local/samba# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=ntserv.local /root/old-samba/smb.conf
Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user)
Next rid = 6155
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat'
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Processing section "[netlogon]"
Processing section "[sysvol]"
Module 'acl_xattr' loaded
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata
Adding DomainDN: DC=ntserv,DC=local
DN: DC=ntserv,DC=local is a NC
Adding configuration container
DN: CN=Configuration,DC=ntserv,DC=local is a NC
Setting up sam.ldb schema
DN: CN=Schema,CN=Configuration,DC=ntserv,DC=local is a NC
DN: DC=ForestDnsZones,DC=ntserv,DC=local is a NC
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/16/2013 2:24 PM >>>
root@telluride:/usr/local/samba# /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir /root/old-samba/ --use-xattrs=yes --realm=ntserv.local /root/old-samba/smb.conf
Reading smb.conf
Processing section "[netlogon]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user)
...... a whole bunch of similar errors........
Processing section "[netlogon]"
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Ignoring group memberships of 'L-LECHUGA$' S-1-5-21-684095783-2094215992-774919444-1995: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'ahendrickson' S-1-5-21-684095783-2094215992-774919444-1921: Unable to enumerate group memberships, (-1073741724,No such user)
Ignoring group memberships of 'S-GURULE$' S-1-5-21-684095783-2094215992-774919444-1658: Unable to enumerate group memberships, (-1073741724,No such user)
Next rid = 6155
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/root/old-samba/wins.dat'
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Processing section "[netlogon]"
Processing section "[sysvol]"
Module 'acl_xattr' loaded
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata
DN: DC=ntserv,DC=local is a NC
Adding configuration container
DN: CN=Configuration,DC=ntserv,DC=local is a NC
Setting up sam.ldb schema
DN: CN=Schema,CN=Configuration,DC=ntserv,DC=local is a NC
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ntserv,DC=local
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating DomainDnsZones and ForestDnsZones partitions
DN: DC=DomainDnsZones,DC=ntserv,DC=local is a NC
DN: DC=ForestDnsZones,DC=ntserv,DC=local is a NC
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: 5]9+V=xFXT9sixJ+o0!4O
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: telluride
NetBIOS Domain: NTSERV
DNS Domain: ntserv.local
Hostname: telluride
NetBIOS Domain: NTSERV
DOMAIN SID: S-1-5-21-684095783-2094215992-774919444
Importing WINS database
Importing Account policy
Importing idmap database
Processing section "[netlogon]"
Processing section "[sysvol]"
Importing groups
Importing users
Adding users to groups
Importing WINS database
Importing Account policy
Importing idmap database
Processing section "[netlogon]"
Processing section "[sysvol]"
Importing groups
Importing users
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[sysvol]"
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER')
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER')
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 926, in upgrade_from_samba3
result.names.domaindn, result.lp, use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1476, in setsysvolacl
setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
Thank you again for your help on this.
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 926, in upgrade_from_samba3
result.names.domaindn, result.lp, use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1476, in setsysvolacl
setntacl(lp,sysvol, SYSVOL_ACL, str(domainsid), use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=s4_passdb)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 154, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd)
Thanks,
Max
>>> Andrew Bartlett <abar...@samba.org> 1/16/2013 2:24 PM >>>
0 new messages