Since gdb shows some problem at:
355 FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)
I searched the internet and eventually found this thread:
https://lists.samba.org/archive/samba/2013-January/170797.html
"The solution there is to use the IP address instead of the DNS name"
So, in my PDC smb.conf (the one I'm migrating FROM), I substituted:
passdb backend = ldapsam:"ldaps://ldap.motec.com.au"
ldap ssl = off
FOR
passdb backend = ldapsam:"ldap://192.168.0.3"
ldap ssl = start tls
And the classicupgrade succeeded!
Perhaps ldapsam:"ldaps://192.168.0.3" could have also worked but I
didn't get to test it.
I suspect that there is something not quite right with the samba-tool
classicupgrade handling of the ldaps:// URL. This looks like a long standing
issue.
Kind regards,
Tom
Tom Robinson
IT Manager/System Administrator
MoTeC Pty Ltd
121 Merrindale Drive
Croydon South
3136 Victoria
Australia
T: +61 3 9761 5050
F: +61 3 9761 5051
E: tom.robinson at motec.com.au
On 29/06/17 13:51, Tom Robinson via samba wrote:> Hi,
>
> Not sure if I should post in samba-technical or just samba list. Please
advise.
>
> Back in February I was trying to do a samba-tool classicupgrade but kept
getting SIGSEGV:
>
> https://lists.samba.org/archive/samba/2017-February/206409.html
>
> I didn't progress much after that.
>
> This week I've compiled samba-4.6.5 and installed that. Following the
HOW-TO for classic upgrade
>
(https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
), I've
> tried again but I'm still getting SIGSEGV.
>
> # cat /etc/redhat-release CentOS Linux release 7.3.1611 (Core)
>
> # samba-tool --version
> 4.6.5
>
> # gdb --args python /usr/bin/samba-tool domain classicupgrade
--dbdir=/var/lib/samba/bentley
> --realm=mrc.motec.com.au --dns-backend=BIND9_DLZ
/etc/samba/smb.bentley.conf
>
> GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-94.el7
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show
copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-redhat-linux-gnu".
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>...
> Reading symbols from /usr/bin/python2.7...Reading symbols from
> /usr/lib/debug/usr/bin/python2.7.debug...done.
> done.
> (gdb) run
> Starting program: /usr/bin/python /usr/bin/samba-tool domain classicupgrade
> --dbdir=/var/lib/samba/bentley --realm=mrc.motec.com.au
--dns-backend=BIND9_DLZ
> /etc/samba/smb.bentley.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib64/libthread_db.so.1".
> Detaching after fork from child process 8647.
> Detaching after fork from child process 8649.
> Reading smb.conf
> Unknown parameter encountered: "share modes"
> Ignoring unknown parameter "share modes"
> Provisioning
> Attempting to register passdb backend samba_dsdb
> Successfully added passdb backend 'samba_dsdb'
> Attempting to register passdb backend samba4
> Successfully added passdb backend 'samba4'
> Attempting to find a passdb backend to match
ldapsam:"ldaps://ldap.motec.com.au" (ldapsam)
> No builtin backend found, trying to load plugin
> Attempting to register passdb backend ldapsam
> Successfully added passdb backend 'ldapsam'
> Attempting to register passdb backend NDS_ldapsam
> Successfully added passdb backend 'NDS_ldapsam'
> Attempting to register passdb backend IPA_ldapsam
> Successfully added passdb backend 'IPA_ldapsam'
> Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> ldapsam_getsampwnam: Unable to locate user [CROFT$] count=0
> Exporting account policy
> Detaching after fork from child process 8651.
> Exporting groups
> ldapsam_setsamgrent: 38 entries in the base!
> init_group_from_ldap: Entry found for group: gid1
> ---8<---*snip*---8<---
> init_group_from_ldap: Entry found for group: lastgid
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Administrators' S-1-5-32-544 listed but then not
found: Unable to enumerate members
> for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Account Operators' S-1-5-32-548 listed but then not
found: Unable to enumerate
> members for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Print Operators' S-1-5-32-550 listed but then not
found: Unable to enumerate members
> for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not
found: Unable to enumerate
> members for alias, (-1073741487,The specified local group does not exist.)
> ldapsam_enum_aliasmem: Did not find alias
> Ignoring group 'Replicators' S-1-5-32-552 listed but then not
found: Unable to enumerate members for
> alias, (-1073741487,The specified local group does not exist.)
> Exporting users
> Skipping wellknown rid=500 (for username=root)
> init_sam_from_ldap: Entry found for user: nobody
> Attempting to find a passdb backend to match
ldapsam:"ldaps://ldap.motec.com.au" (ldapsam)
> Found pdb backend ldapsam
> pdb backend ldapsam:"ldaps://ldap.motec.com.au" has a valid init
> Opening cache file at /var/lib/samba/login_cache.tdb
> init_sam_from_ldap: Entry found for user: user1
> ---8<---*snip*---8<---
> init_sam_from_ldap: Entry found for user: lastuser
> Next rid = 13001
>
> Program received signal SIGSEGV, Segmentation fault.
> lpcfg_tls_verify_peer (lp_ctx=0x0) at
default/lib/param/param_functions.c:355
> 355 FN_GLOBAL_INTEGER(tls_verify_peer, tls_verify_peer)
> (gdb)
>
> Any help appreciated.
>
> Kind regards,
> Tom
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20170629/ec05668d/signature.sig>