samba - Sep 2018 - Migration samba 3 to 4

Hello,

I am working on the migration of our samba 3.5 domain controller (redhat 
5.7) with ldap backend to samba 4.5 on a new server (debian 9.5).

On the new server I transferred the smb.conf and all the contents of the 
/var/lib/samba folder to a temporary folder /root/samba3.

To start the migration I use the command:

# samba-tool domain samba3upgrade --dbdir =/root/samba3/ --realm = 
MYDOMAIN.LAN /root/samba3/smb.conf

I've this error

Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators' 
S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found: 
Unable to enumerate group members, (-1073741596,This error indicates 
that the requested operation cannot be completed due to a catastrophic 
media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users' 
S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found: 
Unable to enumerate group members, (-1073741596,This error indicates 
that the requested operation cannot be completed due to a catastrophic 
media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our 
domain
sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our 
domain
   Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST 
(W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
   Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Failed to connect to ldap URL 'ldap://ldap2.MYDOMAIN' - LDAP client 
internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldap2.MYDOMAIN' with backend
'ldap': LDAP
client internal error: NT_STATUS_BAD_NETWORK_NAME
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception -
ProvisioningError: Could not open ldb connection to 
ldap://ldap2.MYDOMAIN, the error message is: (1, 'LDAP client internal 
error: NT_STATUS_BAD_NETWORK_NAME')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
1566, in run
     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
   File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671,
in upgrade_from_samba3
     raise ProvisioningError("Could not open ldb connection to %s, the 
error message is: %s" % (url, e))


-- 

*Philippe MALADJIAN
Responsable informatique | administrateur système*

On Tue, 4 Sep 2018 11:05:10 +0200
Philippe Maladjian via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> I am working on the migration of our samba 3.5 domain controller
> (redhat 5.7) with ldap backend to samba 4.5 on a new server (debian
> 9.5).
> 
> On the new server I transferred the smb.conf and all the contents of
> the /var/lib/samba folder to a temporary folder /root/samba3.
> 
> To start the migration I use the command:
> 
> # samba-tool domain samba3upgrade --dbdir =/root/samba3/ --realm = 
> MYDOMAIN.LAN /root/samba3/smb.conf
> 
Have you read this:

https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)

You are running the wrong command.

You do seem to have problems with your databases though:

Severe DB error, sambaSamAccount can't miss the samba SIDattribute

Can you post the smb.conf you are using for the upgrade.

Rowland

Hello,

I'm testing with this link but i'have the same error.

# samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/ 
--realm=dom.hilaire --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf

# ll /root/samba3/
total 8
drwxr-xr-x 2 root root 4096 sept.  5 11:23 dbdir
drwxr-xr-x 2 root root 4096 sept.  5 11:21 etc

# ll /root/samba3/dbdir/
total 11900
-rw------- 1 root root    16384 août  17  2010 account_policy.tdb
-rw-r--r-- 1 root root    53248 sept.  3 13:20 brlock.tdb
-rw-r--r-- 1 root root   221184 sept.  3 15:45 connections.tdb
-rw-r--r-- 1 root root    36864 sept.  5 11:35 gencache_notrans.tdb
-rw-r--r-- 1 root root    49152 sept.  3 15:45 gencache.tdb
-rw------- 1 root root    77824 oct.  17  2011 group_mapping.ldb
-rw-r--r-- 1 root root 11005952 sept.  3 15:45 locking.tdb
-rw-r--r-- 1 root root      696 oct.  20  2010 login_cache.tdb
-rw------- 1 root root   188416 sept.  3 15:27 messages.tdb
-rw-r--r-- 1 root root    28672 août  28 11:40 notify_onelevel.tdb
-rw-r--r-- 1 root root    32768 sept.  3 15:26 notify.tdb
-rw------- 1 root root     8192 nov.   4  2011 ntdrivers.tdb
-rw------- 1 root root      696 août  17  2010 ntforms.tdb
-rw------- 1 root root    20480 mai   19  2017 ntprinters.tdb
-rw------- 1 root root    53248 oct.  15  2011 registry.tdb
-rw------- 1 root root    36864 sept.  3 15:46 schannel_store.tdb
-rw------- 1 root root    45056 oct.  27  2011 secrets.tdb
-rw-r--r-- 1 root root   204800 sept.  3 15:42 sessionid.tdb
-rw------- 1 root root    36864 oct.  15  2011 share_info.tdb
-rw-r--r-- 1 root root    36864 août  30 08:31 unexpected.tdb
-rw------- 1 root root    24576 sept.  3 15:45 wins.tdb

# ll /root/samba3/etc/
total 8
-rw-r--r-- 1 root root 4533 sept.  3 16:20 smb.conf

# nano /root/samba/etc/smb.conf

[global]
         netbios name = svct02
         server string = Gestionnaire de domaine
         workgroup = MY.DOMAIN

         hosts allow = 192.168.15. 192.168.6. 10.0.7.
         security = user
         domain master = yes
         domain logons = yes
         prefered master = yes
         local master = yes
         os level = 252
         log level = 1

         encrypt passwords = yes
         username map = /etc/samba/smbusers
         passdb expand explicit = no

         add machine script = /usr/sbin/smbldap-useradd -w '%u'
         add user script = /usr/sbin/smbldap-useradd -a -m '%u'
         delete user script = /usr/sbin/smbldap-userdel -r '%u'
         add group script = /usr/sbin/smbldap-groupadd -g '%g'
         delete group script = /usr/sbin/smbldap-groupdel '%g'
         add user to group script = /usr/sbin/smbldap-groupmod -m '%u'
'%g'
         delete user from group script = /usr/sbin/smbldap-groupmod -x 
'%u' '%g'
         set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'

         ldap admin dn = cn=Manager,dc=domain,dc=fr
         ldap suffix = dc=domain,dc=fr
         ldap passwd sync = yes
         ldap ssl = no

         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap machine suffix = ou=Computers
         ldap idmap suffix = ou=Users

         passdb backend = ldapsam:ldap://ldap2.my.domain
         idmap backend = ldapsam:ldap://ldap2.my.domain

         nt acl support = yes

         # Rajoute le nom de domaine devant le login
         map untrusted to domain = yes
         wins support = yes
         wins proxy = no
         dns proxy = yes
         name resolve order = wins lmhosts bcast
         interfaces = eth* lo
         bind interfaces only = yes
         time server = yes
         socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT 
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

         lock directory = /var/lib/samba
         log file = /var/log/samba/users/log-%U.log

         veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/*.FIC/*.NDX/*.xlsx/
         guest account = nobody

         logon script = %G.bat
         logon path = \\svct02\profiles\%U
         load printers = no
         printcap name = /dev/null
         printcap cache time = 0

         idmap uid = 16777216-33554431
         idmap gid = 16777216-33554431
         template shell = /bin/false
         winbind use default domain = no

[... share definition...]

Thank's

*Philippe MALADJIAN
Responsable informatique | administrateur système*
Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr 
<mailto:pmaladjian at hilaire.fr>

Hilaire s.a.s. <http://www.hilaire.fr> 	*HILAIRE s.a.s.*
203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
http://www.hilaire.fr

Le 04/09/2018 à 17:19, Rowland Penny via samba a écrit :
> On Tue, 4 Sep 2018 11:05:10 +0200
> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I am working on the migration of our samba 3.5 domain controller
>> (redhat 5.7) with ldap backend to samba 4.5 on a new server (debian
>> 9.5).
>>
>> On the new server I transferred the smb.conf and all the contents of
>> the /var/lib/samba folder to a temporary folder /root/samba3.
>>
>> To start the migration I use the command:
>>
>> # samba-tool domain samba3upgrade --dbdir =/root/samba3/ --realm
>> MYDOMAIN.LAN /root/samba3/smb.conf
>>
> Have you read this:
>
>
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
>
> You are running the wrong command.
>
> You do seem to have problems with your databases though:
>
> Severe DB error, sambaSamAccount can't miss the samba SIDattribute
>
> Can you post the smb.conf you are using for the upgrade.
>
> Rowland
>