ClassicUpgrade of my samba3 data to samba4 fails, with this error:
ERROR(<class 'passdb.error'>): uncaught exception - Unable
to get id for sid
Full log of the classicupgrade is at the end of this email.
Project member on this list, Andrew Barlett, wrote that the issue is probably
that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually
'invalid' :
> The big issue here is that passdb has never had a 'fsck', and Samba
> operates quite well as a 'classic' DC with an almost totally
invalid
> database!
>
> As to what has happened in your particular instance, could you please
> post me the output of ldbdump private/idmap.ldb?"
I did post that, and will do so again, at the end of this email.
Assuming that the problem is my samba3 passdb.tdb data, what can I do to get on
with the upgrade?
My passdb is small-ish: 927 keys, according to this command, using samba3
binaries:
"tdbtool passdb.db keys | wc -l"
Is it feasible for me to manually 'fsck' my passdb.db?
Just looking at the output of tdbtool, it appears that there are 3 different
kinds of keys:
1) RID_<8 character hex code>; e.g. RID_00000c54
2) USER_<machine name>; e.g. USER_mailserver$
3) USER_<username>; e.g. USER_jdoe
There are 463 RID_ keys, and 463 USER_ keys.
That makes me think that there's supposed to be a RID_ key for each USER_
key. On that assumption, I did this to compare:
1) get sorted list of names appearing to be associated to RID_ keys:
tdbtool passdb.tdb dump | perl -ne 'if (/^(RID_\S+)/) { $rid=$1; $count =0;}
else { $count++; if ($count == 2 &&
/^\[\w+\]\s+(\w\w\s\s*)+(\w{3,}.*)$/) { $name = $2; $name =~ s/\s//g; print
"$name\n";}}' | sort > RID-names
2) get sorted list of names from USER_ keys:
tdbtool passdb.tdb keys | grep USER | sed 's/USER_//' | sort >
USER-names
3) compare the 2 lists:
diff USER-names RID-names
6c6
< a758b$
---> a758$
147d146
< foo-0m1onzr8h2a$
175,176d173
< is-conference$
< is-contractor$
244a242> kstachowiak$
270d267
< lwilcott$
421a419> termservbill$
424a423> termservdev$
450d448
< tthomas
There are diffs. I.e. There is a USER_ key for machine a758b, but no associated
RID_ key.
There are RID_ keys for 4 machine accounts (a758$, kstachowiak$, termservbill$,
termservdev$) that have no USER_ keys. Etc.
Are these diffs indicative of problems that would cause the Classic Upgrade to
fail? If so, can I use pdbedit to remove these problems from my samba3
passdb.tdb?
Thanks,
Jon
p.s. The full classic upgrade log, with log level set to 3:
<classicUpgradeLog>
Reading smb.conf
Processing section "[netlogon]"
Processing section "[homes]"
Processing section "[hr]"
Processing section "[is]"
Processing section "[billing]"
Processing section "[names]"
Processing section "[changed]"
Processing section "[to]"
Processing section "[protect]"
Processing section "[the]"
Processing section "[innocent]"
Processing section "[is_helpdesk]"
Processing section "[ISContractsAndLicenses]"
Processing section "[unsecure]"
Processing section "[names]"
Processing section "[changed]"
Processing section "[spaceplan]"
Processing section "[dr]"
Processing section "[to]"
Processing section "[hr_scan]"
Processing section "[ar]"
Processing section "[minutes]"
Processing section "[meeting_08_05]"
Processing section "[meeting_08_18]"
Processing section "[hr_analyst]"
Processing section "[hr_payroll]"
Processing section "[protect]"
Processing section "[financial_systems]"
Processing section "[is_files]"
Processing section "[valuation_model]"
Processing section "[the]"
Processing section "[innocent]"
Processing section "[bla]"
Processing section "[is_technical_services]"
Processing section "[bla bla]"
Processing section "[bla bla bla]"
Processing section "[bla bla bla bla]"
Processing section "[is_billing_files]"
Processing section "[lawson_project]"
Processing section "[jklsdfjklsdf]"
Processing section "[sdfsdfa]"
Processing section "[fax]"
Processing section "[werwer]"
Processing section "[anesth_coding]"
Processing section "[is_crystal_reports]"
Processing section "[7iiio]"
Processing section "[uiui]"
Processing section "[asdasdasd]"
Provisioning
Exporting account policy
Exporting groups
Exporting users
<snip>
I omitted a whole bunch of lines from this output like the following, in order
to remove sensitive names.
</snip>
Ignoring group memberships of 'helpstar-phone$'
S-1-5-21-4219228698-1431711829-1578001372-2776: Unable to enumerate group
memberships, (-1073741724,No such user)
Demoting BDC account trust for mobius, this DC must be elevated to an AD DC
using 'samba-tool domain promote'
Ignoring group memberships of 'mrad$'
S-1-5-21-4219228698-1431711829-1578001372-2952: Unable to enumerate group
memberships, (-1073741724,No such user)
Next rid = 3689
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory:
'/usr/local/mobius/var/wins.dat'
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Module 'acl_xattr' loaded
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service Unknown
Service (snum == -1)
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service Unknown
Service (snum == -1)
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata
Adding DomainDN: DC=infinityhealthcare,DC=com
DN: DC=infinityhealthcare,DC=com is a NC
Adding configuration container
DN: CN=Configuration,DC=infinityhealthcare,DC=com is a NC
Setting up sam.ldb schema
DN: CN=Schema,CN=Configuration,DC=infinityhealthcare,DC=com is a NC
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=infinityhealthcare,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
DN: DC=DomainDnsZones,DC=infinityhealthcare,DC=com is a NC
DN: DC=ForestDnsZones,DC=infinityhealthcare,DC=com is a NC
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role: active directory domain controller
Hostname: samba4
NetBIOS Domain: IHC
DNS Domain: infinityhealthcare.com
DOMAIN SID: S-1-5-21-4219228698-1431711829-1578001372
Importing WINS database
Importing Account policy
Importing idmap database
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
ldb_wrap open of idmap.ldb
Importing groups
Importing users
User root has been kept in the directory, it should be removed in favour of the
Administrator user
Adding users to groups
Setting password for administrator
Administrator password has been set to password of user 'root'
lp_load_ex: refreshing parameters
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
ldb_wrap open of idmap.ldb
ldb_wrap open of idmap.ldb
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
Initialising default vfs hooks
Initialising custom vfs hooks from [/[Default VFS]/]
Initialising custom vfs hooks from [acl_xattr]
Initialising custom vfs hooks from [dfs_samba4]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service sysvol
unpack_nt_owners: owner sid mapped to uid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
unpack_nt_owners: group sid mapped to gid 0
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for
id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for
id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED
idmapping sid_to_xid failed for
id[0]=S-1-5-21-4219228698-1431711829-1578001372-512: NT_STATUS_NONE_MAPPED
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get
id for sid
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 1318, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line
938, in upgrade_from_samba3
result.names.domaindn, result.lp, use_ntvfs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1581, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs,
passdb=s4_passdb)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1511, in set_gpos_acl
passdb=passdb)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py",
line 1474, in set_dir_acl
setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs,
skip_invalid_chown=True, passdb=passdb, service=service)
File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py",
line 104, in setntacl
(owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
</ClassicUpgradeLog>
p.p.s. The ldbdump requested by A.Bartlett:
<RequestedOutput>
# /home/jdetert/samba4-master/bin/ldbdump /usr/local/samba/private/idmap.ldb
dn: CN=CONFIG
cn: CONFIG
upperBound: 4000000
lowerBound: None
xidNumber: None
dn: CN=S-1-5-7
cn: S-1-5-7
objectClass: sidMap
objectSid: S-1-5-7
type: ID_TYPE_UID
xidNumber: 65534
dn: CN=S-1-5-21-4219228698-1431711829-1578001372-500
cn: S-1-5-21-4219228698-1431711829-1578001372-500
objectClass: sidMap
objectSid: S-1-5-21-4219228698-1431711829-1578001372-500
type: ID_TYPE_UID
xidNumber: 0
dn: CN=S-1-5-21-4219228698-1431711829-1578001372-513
cn: S-1-5-21-4219228698-1431711829-1578001372-513
objectClass: sidMap
objectSid: S-1-5-21-4219228698-1431711829-1578001372-513
type: ID_TYPE_GID
xidNumber: 100
dn: @INDEXLIST
@IDXATTR: xidNumber
@IDXATTR: objectSid
#
</RequestedOutput>
2013-04-05 21:47 keltez?ssel, Jon Detert ?rta:> ClassicUpgrade of my samba3 data to samba4 fails, with this error: > > ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid > > Full log of the classicupgrade is at the end of this email. > > Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' : > >> The big issue here is that passdb has never had a 'fsck', and Samba >> operates quite well as a 'classic' DC with an almost totally invalid >> database! >> >> As to what has happened in your particular instance, could you please >> post me the output of ldbdump private/idmap.ldb?" > I did post that, and will do so again, at the end of this email. > > Assuming that the problem is my samba3 passdb.tdb data, what can I do to get on with the upgrade? > > My passdb is small-ish: 927 keys, according to this command, using samba3 binaries: > "tdbtool passdb.db keys | wc -l" > > Is it feasible for me to manually 'fsck' my passdb.db? > > Just looking at the output of tdbtool, it appears that there are 3 different kinds of keys: > 1) RID_<8 character hex code>; e.g. RID_00000c54 > 2) USER_<machine name>; e.g. USER_mailserver$ > 3) USER_<username>; e.g. USER_jdoe > > There are 463 RID_ keys, and 463 USER_ keys. > > That makes me think that there's supposed to be a RID_ key for each USER_ key. On that assumption, I did this to compare: > > 1) get sorted list of names appearing to be associated to RID_ keys: > > tdbtool passdb.tdb dump | perl -ne 'if (/^(RID_\S+)/) { $rid=$1; $count =0;} else { $count++; if ($count == 2 && /^\[\w+\]\s+(\w\w\s\s*)+(\w{3,}.*)$/) { $name = $2; $name =~ s/\s//g; print "$name\n";}}' | sort > RID-names > > 2) get sorted list of names from USER_ keys: > > tdbtool passdb.tdb keys | grep USER | sed 's/USER_//' | sort > USER-names > > 3) compare the 2 lists: > > diff USER-names RID-names > 6c6 > < a758b$ > --- >> a758$ > 147d146 > < foo-0m1onzr8h2a$ > 175,176d173 > < is-conference$ > < is-contractor$ > 244a242 >> kstachowiak$ > 270d267 > < lwilcott$ > 421a419 >> termservbill$ > 424a423 >> termservdev$ > 450d448 > < tthomas > > There are diffs. I.e. There is a USER_ key for machine a758b, but no associated RID_ key. > There are RID_ keys for 4 machine accounts (a758$, kstachowiak$, termservbill$, termservdev$) that have no USER_ keys. Etc. > > Are these diffs indicative of problems that would cause the Classic Upgrade to fail? If so, can I use pdbedit to remove these problems from my samba3 passdb.tdb? > > Thanks, > > Jon > > > p.s. The full classic upgrade log, with log level set to 3: > > <classicUpgradeLog> > Reading smb.conf > Processing section "[netlogon]" > Processing section "[homes]" > Processing section "[hr]" > Processing section "[is]" > Processing section "[billing]" > Processing section "[names]" > Processing section "[changed]" > Processing section "[to]" > Processing section "[protect]" > Processing section "[the]" > Processing section "[innocent]" > Processing section "[is_helpdesk]" > Processing section "[ISContractsAndLicenses]" > Processing section "[unsecure]" > Processing section "[names]" > Processing section "[changed]" > Processing section "[spaceplan]" > Processing section "[dr]" > Processing section "[to]" > Processing section "[hr_scan]" > Processing section "[ar]" > Processing section "[minutes]" > Processing section "[meeting_08_05]" > Processing section "[meeting_08_18]" > Processing section "[hr_analyst]" > Processing section "[hr_payroll]" > Processing section "[protect]" > Processing section "[financial_systems]" > Processing section "[is_files]" > Processing section "[valuation_model]" > Processing section "[the]" > Processing section "[innocent]" > Processing section "[bla]" > Processing section "[is_technical_services]" > Processing section "[bla bla]" > Processing section "[bla bla bla]" > Processing section "[bla bla bla bla]" > Processing section "[is_billing_files]" > Processing section "[lawson_project]" > Processing section "[jklsdfjklsdf]" > Processing section "[sdfsdfa]" > Processing section "[fax]" > Processing section "[werwer]" > Processing section "[anesth_coding]" > Processing section "[is_crystal_reports]" > Processing section "[7iiio]" > Processing section "[uiui]" > Processing section "[asdasdasd]" > Provisioning > Exporting account policy > Exporting groups > Exporting users > <snip> > I omitted a whole bunch of lines from this output like the following, in order to remove sensitive names. > </snip> > Ignoring group memberships of 'helpstar-phone$' S-1-5-21-4219228698-1431711829-1578001372-2776: Unable to enumerate group memberships, (-1073741724,No such user) > Demoting BDC account trust for mobius, this DC must be elevated to an AD DC using 'samba-tool domain promote' > Ignoring group memberships of 'mrad$' S-1-5-21-4219228698-1431711829-1578001372-2952: Unable to enumerate group memberships, (-1073741724,No such user) > Next rid = 3689 > Exporting posix attributes > Reading WINS database > Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/usr/local/mobius/var/wins.dat' > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > lp_load_ex: refreshing parameters > params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Module 'acl_xattr' loaded > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1) > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service Unknown Service (snum == -1) > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata > Adding DomainDN: DC=infinityhealthcare,DC=com > DN: DC=infinityhealthcare,DC=com is a NC > Adding configuration container > DN: CN=Configuration,DC=infinityhealthcare,DC=com is a NC > Setting up sam.ldb schema > DN: CN=Schema,CN=Configuration,DC=infinityhealthcare,DC=com is a NC > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > Setting acl on sysvol skipped > Adding DNS accounts > Creating CN=MicrosoftDNS,CN=System,DC=infinityhealthcare,DC=com > Creating DomainDnsZones and ForestDnsZones partitions > DN: DC=DomainDnsZones,DC=infinityhealthcare,DC=com is a NC > DN: DC=ForestDnsZones,DC=infinityhealthcare,DC=com is a NC > Populating DomainDnsZones and ForestDnsZones partitions > Setting up sam.ldb rootDSE marking as synchronized > Fixing provision GUIDs > A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf > Setting up fake yp server settings > Once the above files are installed, your Samba4 server will be ready to use > Server Role: active directory domain controller > Hostname: samba4 > NetBIOS Domain: IHC > DNS Domain: infinityhealthcare.com > DOMAIN SID: S-1-5-21-4219228698-1431711829-1578001372 > Importing WINS database > Importing Account policy > Importing idmap database > lp_load_ex: refreshing parameters > params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > ldb_wrap open of idmap.ldb > Importing groups > Importing users > User root has been kept in the directory, it should be removed in favour of the Administrator user > Adding users to groups > Setting password for administrator > Administrator password has been set to password of user 'root' > lp_load_ex: refreshing parameters > params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf" > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > ldb_wrap open of idmap.ldb > ldb_wrap open of idmap.ldb > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > Initialising default vfs hooks > Initialising custom vfs hooks from [/[Default VFS]/] > Initialising custom vfs hooks from [acl_xattr] > Initialising custom vfs hooks from [dfs_samba4] > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service sysvol > unpack_nt_owners: owner sid mapped to uid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > unpack_nt_owners: group sid mapped to gid 0 > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-520: NT_STATUS_NONE_MAPPED > idmapping sid_to_xid failed for id[0]=S-1-5-21-4219228698-1431711829-1578001372-512: NT_STATUS_NONE_MAPPED > ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 1318, in run > useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py", line 938, in upgrade_from_samba3 > result.names.domaindn, result.lp, use_ntvfs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1581, in setsysvolacl > set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1511, in set_gpos_acl > passdb=passdb) > File "/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py", line 1474, in set_dir_acl > setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) > File "/usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py", line 104, in setntacl > (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) > </ClassicUpgradeLog> > > > p.p.s. The ldbdump requested by A.Bartlett: > <RequestedOutput> > # /home/jdetert/samba4-master/bin/ldbdump /usr/local/samba/private/idmap.ldb > dn: CN=CONFIG > cn: CONFIG > upperBound: 4000000 > lowerBound: None > xidNumber: None > > dn: CN=S-1-5-7 > cn: S-1-5-7 > objectClass: sidMap > objectSid: S-1-5-7 > type: ID_TYPE_UID > xidNumber: 65534 > > dn: CN=S-1-5-21-4219228698-1431711829-1578001372-500 > cn: S-1-5-21-4219228698-1431711829-1578001372-500 > objectClass: sidMap > objectSid: S-1-5-21-4219228698-1431711829-1578001372-500 > type: ID_TYPE_UID > xidNumber: 0 > > dn: CN=S-1-5-21-4219228698-1431711829-1578001372-513 > cn: S-1-5-21-4219228698-1431711829-1578001372-513 > objectClass: sidMap > objectSid: S-1-5-21-4219228698-1431711829-1578001372-513 > type: ID_TYPE_GID > xidNumber: 100 > > dn: @INDEXLIST > @IDXATTR: xidNumber > @IDXATTR: objectSid > > # > </RequestedOutput>Hi, In order to do a successful classicupgrade samba4 needs to be able to resolve sids, uids and gids. The way it can be done depends on what kind of passdb backend was used with the classic (aka samba3) domain. There are two (supported) cases: 1. tdbsam: SIDs in tdb; uids and gids obtained from nss calls (as configured in /etc/nsswitch.conf): In this case samba4 needs to be able to lookup that information 2. ldapsam: SIDs, uids and gids are in LDAP and samba4 can obtain all the informations needed doing ldap lookups From what you have wrote I think you are using tdbsam and didn't configured the box running samba4 to ba able to lookup the uids and gids, how to do that depends on where were the user and groups defined on the samba3 box. Regards Geza Gemes
On Fri, 2013-04-05 at 14:47 -0500, Jon Detert wrote:> ClassicUpgrade of my samba3 data to samba4 fails, with this error: > > ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid > > Full log of the classicupgrade is at the end of this email. > > Project member on this list, Andrew Barlett, wrote that the issue is probably that my Samba 3 passdb was passable in an NT 4 DC mode, but is actually 'invalid' :I should have been clearer: I make no statement as to that validity of your database, but note that this tool has much stricter requirements than we enforced on passdb databases in the past. We never clearly specified nor enforced those requirements in the past, but our new AD DC is much stricter, following the rules Microsoft has always enforced in both NT4 and AD. Databases created purely with our tools and with matching /etc/passwd or (for ldap backends) LDAP-based posixAccount entires are normally not an issue, but for example, we have seen: - Duplicate SIDs - Names of users and groups overlapping - Accounts flagged as both normal users and machine accounts In any case, from here the next debugging step would be to run with git master or v4-0-test, as I included some idmap patches there that didn't make 4.0.4. Eventually, we will either to improve the import of the DB for your particular issue, either to accept it (possibly fixing it along the way) or more clearly rejecting it with a proper explanation. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org
Possibly Parallel Threads
- samba-tool classicupgrade (from v3 to v4) aborts with "Unable to get id for sid"
- Samba classicupgrade problem
- 'set_simple_acl' referenced before assignment in classicupgrade
- uncaught exception - Unable to get id for sid in classicupgrade
- uncaught exception - Unable to get id for sid in classicupgrade