Gavrilov Aleksey
2015-Jun-04 07:24 UTC
[Samba] error when samba-tool domain classicupgrade
When you try to upgrade on a test stand, an error occurs.
I do not understand that you need to add ldap, or improve migration script?
Before that I tried to version 4.1.7, but the error was the sam
root at dc1:~/smb_old# samba --version
Version 4.2.2-SerNet-Ubuntu-7.trusty
I also modified the file
--- ./upgrade.py 2014-10-01 00:00:00.000000000 +0600
+++ /usr/lib/python2.7/dist-packages/samba/upgrade.py 2015-06-04
11:28:13.533990924 +0500
@@ -467,6 +467,9 @@
ldapuser = samba3.lp.get("ldap admin dn")
ldappass = secrets_db.get_ldap_bind_pw(ldapuser)
if ldappass is None:
+ ldappass = "pass" #1. Why is not defined in the file but
it is available
+
+ if ldappass is None:
raise ProvisioningError("ldapsam passdb backend detected but
no LDAP Bind PW found in secrets.tdb for user %s. Please point this tool at the
secrets.tdb that was used by the previous installation.")
ldappass = ldappass.strip('\x00')
ldap = True
@@ -562,7 +565,8 @@
continue
if entry['rid'] >= next_rid:
next_rid = entry['rid'] + 1
-
+ if username in "badretdinova":
+ continue
+ #2. The user has no in the ldap directory. I understand where he takes
it. On it there is an error that no such user unix.
user = s3db.getsampwnam(username)
acct_type = (user.acct_ctrl &
(samr.ACB_NORMAL|samr.ACB_WSTRUST|samr.ACB_SVRTRUST|samr.ACB_DOMTRUST))
if acct_type == samr.ACB_SVRTRUST:
smb.conf from the old server
[global]
workgroup = 74ru
netbios name = dc1
server string = Chelyabinsk PDC
security = user
enable privileges = yes
admin users = @nt_admins
hosts allow = 192.168. 127. 10.8.
load printers = no
log file = /var/log/samba.log
max log size = 500
encrypt passwords = yes
passdb backend = ldapsam:"ldap://192.168.0.7/"
#passdb backend = ldapsam:"ldap://127.0.0.1/"
ldap suffix = ou=chelyabinsk,dc=rugion,dc=ru
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap admin dn = "cn=admin,dc=rugion,dc=ru"
ldap delete dn = no
ldap ssl = off
ldap passwd sync = yes
socket options = TCP_NODELAY
smb ports = 139
idmap gid = 10000-30000
idmap uid = 10000-30000
local master = yes
os level = 200
domain master = yes
preferred master = yes
domain logons = yes
logon script = logon.bat
logon path logon home logon drive wins support = yes
dns proxy = no
unix charset = UTF-8
time server = yes
add machine script = /usr/local/sbin/ldapaddmachine '%u'
nt_computers
add user script = /usr/local/sbin/ldapadduser '%u' nt_users
add group script = /usr/local/sbin/ldapaddgroup '%g'
add user to group script = /usr/local/sbin/ldapaddusertogroup '%u'
'%g'
delete user script = /usr/local/sbin/ldapdeleteuser '%u'
delete group script = /usr/local/sbin/ldapdeletegroup '%g'
delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup
'%u' '%g'
set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u'
'%g'
rename user script = /usr/local/sbin/ldaprenameuser '%uold'
'%unew'
[netlogon]
comment = Network Logon Service
path = /usr/samba/netlogon/
guest ok = yes
writable = no
share modes = no
browseable = no
write list = @nt_admins
create mode = 666
directory mode = 777
[IPC$]
path = /tmp
also used the following structure ldap
Each unit is self-ldap samba3 nt domain
dc=rugion,dc=ru
ou=arkhangelsk,dc=rugion,dc=ru
ou=chelyabinsk,dc=rugion,dc=ru
ou=kazan,dc=rugion,dc=ru
ou=mcrugion,dc=rugion,dc=ru
ou=perm,dc=rugion,dc=ru
ou=rostov,dc=rugion,dc=ru
ou=samara,dc=rugion,dc=ru
ou=tumen,dc=rugion,dc=ru
ou=ufa,dc=rugion,dc=ru
ou=volgograd,dc=rugion,dc=ru
ou=yaroslavl,dc=rugion,dc=ru
root at dc1:~/smb_old# samba-tool domain classicupgrade --dbdir=/root/smb_old/
--use-xattrs=yes --realm=74ru.mpautina.ru --dns-backend=BIND9_DLZ
/root/smb_old/smb.conf
Reading smb.conf
Unknown parameter encountered: "share modes"
Ignoring unknown parameter "share modes"
Provisioning
Exporting account policy
Exporting groups
Exporting users
Demoting BDC account trust for pdc, this DC must be elevated to an AD DC
using 'samba-tool domain dcpromo'
Next rid = 132070
Failed to bind - LDAP error 34 LDAP_INVALID_DN_SYNTAX - <invalid DN>
<>
Failed to connect to 'ldap://192.168.0.7/' with backend 'ldap':
(null)
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception - ProvisioningError: Could not open ldb connection to
ldap://192.168.0.7/, the error message is: (34, None)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line 1452, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
raise ProvisioningError("Could not open ldb connection to %s, the
error message is: %s" % (url, e))
root at dc1:~/smb_old#
--
Sincerely, Alexei Gavrilov
System Administrator
74.RU
tel .: 8 (351) 729-94-90, ext. 345
mob. 8904804 79 34
jabber: gavrilov at info74.ru
mailto: gavrilov at info74.ru
sip: 345 at info74.ru
Chelyabinsk, st. Melkombinat February 1st Precinct, 18, office 208
for TRC `Rodnik`
Gavrilov Aleksey
2015-Jun-05 06:00 UTC
[Samba] error when samba-tool domain classicupgrade
decided corrections
--- /root/upgrade.py 2014-10-01 00:00:00.000000000 +0600
+++ /usr/lib/python2.7/dist-packages/samba/upgrade.py 2015-06-05
10:44:40.422531000 +0500
@@ -664,7 +667,8 @@
urls = samba3.lp.get("passdb
backend").split(":",1)[1].strip('"')
for url in urls.split():
try:
- ldb_object = Ldb(url, credentials=creds)
+ ldb_object = Ldb(url)
except ldb.LdbError, e:
raise ProvisioningError("Could not open ldb connection to
%s, the error message is: %s" % (url, e))
else:
but
See /var/lib/samba/private/named.conf for an example configuration include file
for BIND
and /var/lib/samba/private/named.txt for further documentation required for
secure DNS updates
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password: DDaM0l9ahqBH?F[k@#E5vJT+[b==+
Server Role: active directory domain controller
Hostname: dc1
NetBIOS Domain: 74RU
DNS Domain: 74ru.mpautina.ru
DOMAIN SID: S-1-5-21-1133099765-146447347-3469236173
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Adding groups
Importing groups
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-512,
groupname=nt_admins existing_groupname=Domain Admins, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-514,
groupname=nt_guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-515,
groupname=Domain Computers existing_groupname=Domain Computers, Ignoring.
Group already exists sid=S-1-5-32-545, groupname=Users existing_groupname=Users,
Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
existing_groupname=Administrators, Ignoring.
Group already exists sid=S-1-5-21-1133099765-146447347-3469236173-513,
groupname=nt_users existing_groupname=Domain Users, Ignoring.
Committing 'add groups' transaction to disk
Adding users
Importing users
ERROR(<class 'passdb.error'>): uncaught exception - Unable to add
sam account 'guest', (-1073741725,User exists)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line 1452, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 804,
in upgrade_from_samba3
s4_passdb.add_sam_account(userdata[username])
On 04.06.2015 12:24, Gavrilov Aleksey wrote:>
> root at dc1:~/smb_old# samba-tool domain classicupgrade
> --dbdir=/root/smb_old/ --use-xattrs=yes --realm=74ru.mpautina.ru
> --dns-backend=BIND9_DLZ /root/smb_old/smb.conf
> Reading smb.conf
> Unknown parameter encountered: "share modes"
> Ignoring unknown parameter "share modes"
> Provisioning
> Exporting account policy
> Exporting groups
> Exporting users
> Demoting BDC account trust for pdc, this DC must be elevated to an
> AD DC using 'samba-tool domain dcpromo'
> Next rid = 132070
> Failed to bind - LDAP error 34 LDAP_INVALID_DN_SYNTAX - <invalid DN>
<>
> Failed to connect to 'ldap://192.168.0.7/' with backend
'ldap': (null)
> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception
> - ProvisioningError: Could not open ldb connection to
> ldap://192.168.0.7/, the error message is: (34, None)
> File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
> 1452, in run
> useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> raise ProvisioningError("Could not open ldb connection to %s,
> the error message is: %s" % (url, e))
> root at dc1:~/smb_old#
>
>
>
>
>
--
Sincerely, Alexei Gavrilov
System Administrator
74.RU
tel .: 8 (351) 729-94-90, ext. 345
mob. 8904804 79 34
jabber: gavrilov at info74.ru
mailto: gavrilov at info74.ru
sip: 345 at info74.ru
Chelyabinsk, st. Melkombinat February 1st Precinct, 18, office 208
for TRC `Rodnik`