Mario Codeniera
2012-Dec-13 04:56 UTC
[Samba] Checking data migration from samba3 to samba4
How do we check the data from Samba4 that the data from Samba3 successfully
migrated?
I dunno if it successfully migrated coz got these (last part):
[root at gaara LiveData]# /usr/local/samba/bin/samba-tool domain
classicupgrade --dbdir=/srv/LiveData/var_lib_samba/samba
--use-xattrs=yes --realm=kazekage.sura.sandbox.local
--dns-backend=SAMBA_INTERNAL /srv/smb.conf
Once the above files are installed, your Samba4 server will be ready to use
Admin password: c#NR4;R>RqfO;VSp5&NKV3A)D+C?r!R
Server Role: active directory domain controller
Hostname: gaara
NetBIOS Domain: KAZEKAGE
DNS Domain: kazekage.sura.sandbox.local
DOMAIN SID: S-1-5-21-1511653421-423844657-761698953
Importing WINS database
Importing Account policy
Importing idmap database
Importing groups
Group already exists sid=S-1-5-21-1511653421-423844657-761698953-512,
groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Group already exists sid=S-1-5-21-1511653421-423844657-761698953-514,
groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-21-1511653421-423844657-761698953-515,
groupname=Domain Computers existing_groupname=Domain Computers,
Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
existing_groupname=Administrators, Ignoring.
Group already exists sid=S-1-5-32-546, groupname=Guests
existing_groupname=Guests, Ignoring.
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 879, in upgrade_from_samba3
add_group_from_mapping_entry(result.samdb, g, logger)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
line 264, in add_group_from_mapping_entry
str(groupmap.sid), groupmap.nt_name, msg[0]['sAMAccountName'][0])
I used to follow the howto
[root at gaara ambot]# /usr/local/samba/sbin/samba -i -M single
samba version 4.1.0pre1-GIT-a44e58a started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
/usr/local/samba/sbin/samba_dnsupdate: Traceback (most recent call last):
/usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/sbin/samba_dnsupdate", line 508, in <module>
/usr/local/samba/sbin/samba_dnsupdate: get_credentials(lp)
/usr/local/samba/sbin/samba_dnsupdate: File
"/usr/local/samba/sbin/samba_dnsupdate", line 122, in get_credentials
/usr/local/samba/sbin/samba_dnsupdate: creds.get_named_ccache(lp,
ccachename)
/usr/local/samba/sbin/samba_dnsupdate: RuntimeError: kinit for
GAARA$@KAZEKAGE.SURA.SANDBOX.LOCAL failed (Cannot contact any KDC for
requested realm)
/usr/local/samba/sbin/samba_dnsupdate:
../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
NT_STATUS_ACCESS_DENIED
Based on above I can't use the kdc, the DNS is running.
Other options I used was having a static DNS, which kdc is working fine
with no problems but only administrator can login, BUT CAN'T use other user
which is from the migrated one from samba3.
I also having problems with my zone (see below, i only got some section)
https://wiki.samba.org//index.php/Samba4/DNS
/var/named/dynamic/kazekage.sura.sandbox.local.zone
gaara IN A 192.168.116.128
;_gc._msdcs IN A 192.168.116.128
;ae2e14df-3484-49bb-b8b2-7611e5abf877._msdcs IN CNAME gaara
; global catalog servers
_gc._tcp IN SRV 0 100 3268 gaara
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 gaara
_ldap._tcp.gc._msdcs IN SRV 0 100 3268 gaara
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 3268 gaara
;
if i leave these entries commented out, it will generate errors. As i
remembered before someone changing the (aexxxx._msdcs) before, but I can't
figure out where is it maybe this part is having the problem?
_gc._msdcs IN A 192.168.116.128
ae2e14df-3484-49bb-b8b2-7611e5abf877._msdcs IN CNAME gaara
I used to login on Windows but too slow, and can't use the the windows
remote administration tools (cant detect the Samba4 AD but able to login).
[root at gaara ambot]# /usr/local/samba/sbin/samba -i -M single
samba version 4.1.0pre1-GIT-ade5bfd started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_IO_TIMEOUT
Hope someone can enlighten the problems.
Thanks,
Mario
Andrew Bartlett
2012-Dec-17 21:30 UTC
[Samba] Checking data migration from samba3 to samba4
On Thu, 2012-12-13 at 17:56 +1300, Mario Codeniera wrote:> How do we check the data from Samba4 that the data from Samba3 successfully > migrated? > > I dunno if it successfully migrated coz got these (last part):No, the database has not been successfully migrated. The script has not completed successfully.> [root at gaara LiveData]# /usr/local/samba/bin/samba-tool domain > classicupgrade --dbdir=/srv/LiveData/var_lib_samba/samba > --use-xattrs=yes --realm=kazekage.sura.sandbox.local > --dns-backend=SAMBA_INTERNAL /srv/smb.conf > > Once the above files are installed, your Samba4 server will be ready to use > Admin password: c#NR4;R>RqfO;VSp5&NKV3A)D+C?r!R > Server Role: active directory domain controller > Hostname: gaara > NetBIOS Domain: KAZEKAGE > DNS Domain: kazekage.sura.sandbox.local > DOMAIN SID: S-1-5-21-1511653421-423844657-761698953 > Importing WINS database > Importing Account policy > Importing idmap database > Importing groups > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-512, > groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-514, > groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-515, > groupname=Domain Computers existing_groupname=Domain Computers, > Ignoring. > Group already exists sid=S-1-5-32-544, groupname=Administrators > existing_groupname=Administrators, Ignoring. > Group already exists sid=S-1-5-32-546, groupname=Guests > existing_groupname=Guests, Ignoring. > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' > File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", > line 1318, in run > useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) > File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", > line 879, in upgrade_from_samba3 > add_group_from_mapping_entry(result.samdb, g, logger) > File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", > line 264, in add_group_from_mapping_entry > str(groupmap.sid), groupmap.nt_name, msg[0]['sAMAccountName'][0]) >For some reason, we do not have a sAMAccountName attribute on this record. We need to work out which record this is, and what is different about it. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org