On Mon, 09 Jul 2018 07:10:17 +0200 (CEST)
Michal via samba <samba at lists.samba.org> wrote:
> Does anybody know any answer in this topic, please?
>
> Michal
>
> ---------- Původní e-mail ----------
> Od: Michal via samba <samba at lists.samba.org>
> Komu: samba at lists.samba.org
> Datum: 4. 7. 2018 8:58:45
> Předmět: [Samba] classicupgrade questions
> "I am trying to do a classicupgrade. (This is not 1st try, I went
> through it
> once time already; then I deleted all data and trying it again, with
> questions now.)
>
> Command
>
> samba-tool domain classicupgrade --dbdir=/etc/samba.PDC/
> --realm=ad.nemuh.cz
>
> --dns-backend=BIND9_DLZ /etc/samba.PDC/smb.PDC.conf
>
> Problem a)
> ...
> init_sam_from_ldap: Entry found for user: pc0027$
> init_sam_from_ldap: Failed to find Unix account for pc0027$
> ldapsam_getsampwnam: init_sam_from_ldap failed for user 'pc0027$'!
> ERROR(<class 'passdb.error'>): uncaught exception - Unable to
get
> user information for 'pc0027$', (-1073741724,The specified account
> does not exist.)
> File
> "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/__
> init__.py", line 176, in _run return self.run(*args, **kwargs)
> File
> "/usr/local/samba.ad/lib64/python2.7/site-packages/samba/netcmd/
> domain.py", line 1636, in run useeadb=eadb, dns_backend=dns_backend,
> use_ntvfs=use_ntvfs) File
>
"/usr/local/samba.ad/lib64/python2.7/site-packages/samba/upgrade.py",
>
> line 568, in upgrade_from_samba3
> user = s3db.getsampwnam(username)
>
> The machine LDAP data:
> # pc0027$, machines, nspuh.cz
> dn: uid=pc0027$,ou=machines,dc=nspuh,dc=cz
> uid: pc0027$
> objectClass: account
> objectClass: sambaSamAccount
> sambaPwdMustChange: 2147483647
> sambaAcctFlags: [W ]
> sambaPwdCanChange: 1158129830
> sambaPwdLastSet: 1158129830
> displayName: PC0027$
> sambaSID: S-1-5-21-..numbers here...-45023
>
> When I delete this machine from LDAP, the problem occurs with another
> computer.. and with another.. I finally deleted all machine/computer
> accounts from LDAP to be able to process users. What's wrong with
> the machine accounts?
Nothing as far as they go, they just don't go far enough ;-)
The clue is here:
init_sam_from_ldap: Failed to find Unix account for pc0027$
They are not in /etc/passwd
You could try giving them a unique uidNumber attribute.
>
>
> b) After upgrade, a lot of imported users in AD have "account
> disabled". One
>
> of them, as far as I can remember, was user "anger":
> dn: uid=anger,ou=People,dc=nspuh,dc=cz
> objectClass: shadowAccount
> objectClass: person
> objectClass: inetOrgPerson
> objectClass: OXUserObject
> objectClass: posixAccount
> objectClass: top
> objectClass: sambaSamAccount
> uid: anger
> shadowMin: 0
> shadowMax: 9999
> shadowWarning: 7
> shadowExpire: 0
> cn: anger
> preferredLanguage: EN
> userCountry: Czech Republic
> mailEnabled: OK
> lnetMailAccess: TRUE
> OXAppointmentDays: 5
> OXGroupID: 500
> OXTaskDays: 5
> OXTimeZone:: RXVyb3BlL3ByYWd1ZSA=
> loginShell: /usr/bin/ksh
> uidNumber: 270
> gidNumber: 20
> homeDirectory: /home/anger
> sambaSID: S-1-5-21-......-1540
> employeeNumber: 114
> sambaPwdLastSet: 1344931739
> mail: anger at nemuh.cz
> mailDomain: nemuh.cz
> o: UHN a.s.
> description:: WmRlbsSbayBBbmdlcg==
> givenName:: WmRlbsSbaw==
> sn: ANGER
> gecos: MUDr. Zdenek Anger
> ou: -
>
> Why is imported/upgraded account locked?
That is the users LDAP object, what does the users AD object look like ?
>
> c) After upgrade, national characters in (probably) user description
> and givenName are not correctly displayed - there a question marks in
> the names
>
> (in AD administration), every user (with national characters in their
> names)
>
> has the problem.
> Why?
This sounds like a locale problem, is the locale set correctly in the
original smb.conf ?
Rowland