On Tue, 2013-07-23 at 20:41 -0300, Jonis Maurin Cear?
wrote:> Hi.
>
> I'm trying to convert from s3 to s4 using classic upgrade. I have LDAP
> backend and i'm getting this error:
>
> Ignoring group 'pgrd' S-1-5-21-511255529-1355219746-1726288727-3007
listed
> but then not found: Unable to enumerate group members,
> (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
>
>
> The problem is that this group is valid and almost all our users are in
> this group, so i can't just ignore. Brownsing my ldap i can find and
see
> this group and this SID. What could be wrong?
How are they members of this group?
The thing that Samba's classicupgrade code does that the operational
Samba 3.x DC didn't do by default is set 'ldapsam:trusted = yes'.
This
means that if you were using groupOfNames based groups, we might not
read that correctly in our internal handler, but nss_ldap would have, if
configured.
It's just a guess, but somewhere to start. Otherwise, perhaps look at
this group and see if there is anything different about it? Can you
show me the LDIF?
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz