samba - Jun 2015 - error when samba-tool domain classicupgrade

When you try to upgrade on a test stand, an error occurs.
I do not understand that you need to add ldap, or improve migration script?


Before that I tried to version 4.1.7, but the error was the sam

root at dc1:~/smb_old# samba --version
Version 4.2.2-SerNet-Ubuntu-7.trusty

I also modified the file
--- ./upgrade.py        2014-10-01 00:00:00.000000000 +0600
+++ /usr/lib/python2.7/dist-packages/samba/upgrade.py   2015-06-04
11:28:13.533990924 +0500
@@ -467,6 +467,9 @@
          ldapuser = samba3.lp.get("ldap admin dn")
          ldappass = secrets_db.get_ldap_bind_pw(ldapuser)
          if ldappass is None:
+           ldappass = "pass"  #1. Why is not defined in the file but
it is available
+
+        if ldappass is None:
              raise ProvisioningError("ldapsam passdb backend detected but
no LDAP Bind PW found in secrets.tdb for user %s.  Please point this tool at the
secrets.tdb that was used by the previous installation.")
          ldappass = ldappass.strip('\x00')
          ldap = True
@@ -562,7 +565,8 @@
              continue
          if entry['rid'] >= next_rid:
              next_rid = entry['rid'] + 1
-
+       if username in "badretdinova":
+           continue
+        #2. The user has no in the ldap directory. I understand where he takes
it. On it there is an error that no such user unix.

          user = s3db.getsampwnam(username)
          acct_type = (user.acct_ctrl &
(samr.ACB_NORMAL|samr.ACB_WSTRUST|samr.ACB_SVRTRUST|samr.ACB_DOMTRUST))
          if acct_type == samr.ACB_SVRTRUST:

smb.conf from the old server
[global]
    workgroup = 74ru
    netbios name = dc1
    server string = Chelyabinsk PDC
    security = user
    enable privileges = yes
    admin users = @nt_admins
    hosts allow = 192.168. 127. 10.8.
    load printers = no
    log file = /var/log/samba.log
    max log size = 500
    encrypt passwords = yes
    passdb backend = ldapsam:"ldap://192.168.0.7/"
    #passdb backend = ldapsam:"ldap://127.0.0.1/"
    ldap suffix = ou=chelyabinsk,dc=rugion,dc=ru
    ldap user suffix = ou=users
    ldap group suffix = ou=groups
    ldap machine suffix = ou=computers
    ldap admin dn = "cn=admin,dc=rugion,dc=ru"
    ldap delete dn = no
    ldap ssl = off
    ldap passwd sync = yes
    socket options = TCP_NODELAY
    smb ports = 139
    idmap gid = 10000-30000
    idmap uid = 10000-30000
    local master = yes
    os level = 200
    domain master = yes
    preferred master = yes
    domain logons = yes
    logon script = logon.bat
     logon path      logon home      logon drive      wins support = yes
     dns proxy = no
     unix charset = UTF-8
     time server = yes
     add machine script = /usr/local/sbin/ldapaddmachine '%u'
nt_computers
     add user script = /usr/local/sbin/ldapadduser '%u' nt_users
     add group script = /usr/local/sbin/ldapaddgroup '%g'
     add user to group script = /usr/local/sbin/ldapaddusertogroup '%u'
'%g'
     delete user script = /usr/local/sbin/ldapdeleteuser '%u'
     delete group script = /usr/local/sbin/ldapdeletegroup '%g'
     delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup
'%u' '%g'
     set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u'
'%g'
     rename user script = /usr/local/sbin/ldaprenameuser '%uold'
'%unew'

[netlogon]
     comment = Network Logon Service
     path = /usr/samba/netlogon/
     guest ok = yes
     writable = no
     share modes = no
     browseable = no
     write list = @nt_admins
     create mode = 666
     directory mode = 777

[IPC$]
     path = /tmp

also used the following structure ldap
Each unit is self-ldap samba3 nt domain
dc=rugion,dc=ru
ou=arkhangelsk,dc=rugion,dc=ru
ou=chelyabinsk,dc=rugion,dc=ru
ou=kazan,dc=rugion,dc=ru
ou=mcrugion,dc=rugion,dc=ru
ou=perm,dc=rugion,dc=ru
ou=rostov,dc=rugion,dc=ru
ou=samara,dc=rugion,dc=ru
ou=tumen,dc=rugion,dc=ru
ou=ufa,dc=rugion,dc=ru
ou=volgograd,dc=rugion,dc=ru
ou=yaroslavl,dc=rugion,dc=ru




root at dc1:~/smb_old# samba-tool domain classicupgrade --dbdir=/root/smb_old/
--use-xattrs=yes --realm=74ru.mpautina.ru --dns-backend=BIND9_DLZ
/root/smb_old/smb.conf
Reading smb.conf
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
   Demoting BDC account trust for pdc, this DC must be elevated to an AD DC
using 'samba-tool domain dcpromo'
Next rid = 132070
Failed to bind - LDAP error 34 LDAP_INVALID_DN_SYNTAX -  <invalid DN>
<>
Failed to connect to 'ldap://192.168.0.7/' with backend 'ldap':
(null)
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception - ProvisioningError: Could not open ldb connection to
ldap://192.168.0.7/, the error message is: (34, None)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line 1452, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   
     raise ProvisioningError("Could not open ldb connection to %s, the
error message is: %s" % (url, e))
root at dc1:~/smb_old#





-- 

Sincerely, Alexei Gavrilov
System Administrator
74.RU
tel .: 8 (351) 729-94-90, ext. 345
mob. 8904804 79 34
jabber: gavrilov at info74.ru
mailto: gavrilov at info74.ru
sip: 345 at info74.ru
Chelyabinsk, st. Melkombinat February 1st Precinct, 18, office 208
for TRC `Rodnik`

decided corrections

--- /root/upgrade.py    2014-10-01 00:00:00.000000000 +0600
+++ /usr/lib/python2.7/dist-packages/samba/upgrade.py   2015-06-05
10:44:40.422531000 +0500
@@ -664,7 +667,8 @@
          urls = samba3.lp.get("passdb
backend").split(":",1)[1].strip('"')
          for url in urls.split():
              try:
-                ldb_object = Ldb(url, credentials=creds)
+                ldb_object = Ldb(url)
              except ldb.LdbError, e:
                  raise ProvisioningError("Could not open ldb connection to
%s, the error message is: %s" % (url, e))
              else:


but

See /var/lib/samba/private/named.conf for an example configuration include file
for BIND
and /var/lib/samba/private/named.txt for further documentation required for
secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password:        DDaM0l9ahqBH?F[k@#E5vJT+[b==+
Server Role:           active directory domain controller
Hostname:              dc1
NetBIOS Domain:        74RU
DNS Domain:            74ru.mpautina.ru
DOMAIN SID:            S-1-5-21-1133099765-146447347-3469236173
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Adding groups
Importing groups
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-512,
groupname=nt_admins existing_groupname=Domain Admins, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-514,
groupname=nt_guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-515,
groupname=Domain Computers existing_groupname=Domain Computers, Ignoring.
Group already exists sid=S-1-5-32-545, groupname=Users existing_groupname=Users,
Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
existing_groupname=Administrators, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-513,
groupname=nt_users existing_groupname=Domain Users, Ignoring.
Committing 'add groups' transaction to disk
Adding users
Importing users
ERROR(<class 'passdb.error'>): uncaught exception - Unable to add
sam account 'guest', (-1073741725,User exists)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line 1452, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 804,
in upgrade_from_samba3
     s4_passdb.add_sam_account(userdata[username])



On 04.06.2015 12:24, Gavrilov Aleksey wrote:
>
> root at dc1:~/smb_old# samba-tool domain classicupgrade 
> --dbdir=/root/smb_old/ --use-xattrs=yes --realm=74ru.mpautina.ru 
> --dns-backend=BIND9_DLZ /root/smb_old/smb.conf
> Reading smb.conf
> Unknown parameter encountered: "share modes"
> Ignoring unknown parameter "share modes"
> Provisioning
> Exporting account policy
> Exporting groups
> Exporting users
>   Demoting BDC account trust for pdc, this DC must be elevated to an 
> AD DC using 'samba-tool domain dcpromo'
> Next rid = 132070
> Failed to bind - LDAP error 34 LDAP_INVALID_DN_SYNTAX - <invalid DN>
<>
> Failed to connect to 'ldap://192.168.0.7/' with backend
'ldap': (null)
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception
> - ProvisioningError: Could not open ldb connection to 
> ldap://192.168.0.7/, the error message is: (34, None)
>   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
> 1452, in run
>     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
>       raise ProvisioningError("Could not open ldb connection to %s, 
> the error message is: %s" % (url, e))
> root at dc1:~/smb_old#
>
>
>
>
>
-- 

Sincerely, Alexei Gavrilov
System Administrator
74.RU
tel .: 8 (351) 729-94-90, ext. 345
mob. 8904804 79 34
jabber: gavrilov at info74.ru
mailto: gavrilov at info74.ru
sip: 345 at info74.ru
Chelyabinsk, st. Melkombinat February 1st Precinct, 18, office 208
for TRC `Rodnik`