Hello, I'm testing with this link but i'have the same error. # samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/ --realm=dom.hilaire --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf # ll /root/samba3/ total 8 drwxr-xr-x 2 root root 4096 sept. 5 11:23 dbdir drwxr-xr-x 2 root root 4096 sept. 5 11:21 etc # ll /root/samba3/dbdir/ total 11900 -rw------- 1 root root 16384 août 17 2010 account_policy.tdb -rw-r--r-- 1 root root 53248 sept. 3 13:20 brlock.tdb -rw-r--r-- 1 root root 221184 sept. 3 15:45 connections.tdb -rw-r--r-- 1 root root 36864 sept. 5 11:35 gencache_notrans.tdb -rw-r--r-- 1 root root 49152 sept. 3 15:45 gencache.tdb -rw------- 1 root root 77824 oct. 17 2011 group_mapping.ldb -rw-r--r-- 1 root root 11005952 sept. 3 15:45 locking.tdb -rw-r--r-- 1 root root 696 oct. 20 2010 login_cache.tdb -rw------- 1 root root 188416 sept. 3 15:27 messages.tdb -rw-r--r-- 1 root root 28672 août 28 11:40 notify_onelevel.tdb -rw-r--r-- 1 root root 32768 sept. 3 15:26 notify.tdb -rw------- 1 root root 8192 nov. 4 2011 ntdrivers.tdb -rw------- 1 root root 696 août 17 2010 ntforms.tdb -rw------- 1 root root 20480 mai 19 2017 ntprinters.tdb -rw------- 1 root root 53248 oct. 15 2011 registry.tdb -rw------- 1 root root 36864 sept. 3 15:46 schannel_store.tdb -rw------- 1 root root 45056 oct. 27 2011 secrets.tdb -rw-r--r-- 1 root root 204800 sept. 3 15:42 sessionid.tdb -rw------- 1 root root 36864 oct. 15 2011 share_info.tdb -rw-r--r-- 1 root root 36864 août 30 08:31 unexpected.tdb -rw------- 1 root root 24576 sept. 3 15:45 wins.tdb # ll /root/samba3/etc/ total 8 -rw-r--r-- 1 root root 4533 sept. 3 16:20 smb.conf # nano /root/samba/etc/smb.conf [global] netbios name = svct02 server string = Gestionnaire de domaine workgroup = MY.DOMAIN hosts allow = 192.168.15. 192.168.6. 10.0.7. security = user domain master = yes domain logons = yes prefered master = yes local master = yes os level = 252 log level = 1 encrypt passwords = yes username map = /etc/samba/smbusers passdb expand explicit = no add machine script = /usr/sbin/smbldap-useradd -w '%u' add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel -r '%u' add group script = /usr/sbin/smbldap-groupadd -g '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ldap admin dn = cn=Manager,dc=domain,dc=fr ldap suffix = dc=domain,dc=fr ldap passwd sync = yes ldap ssl = no ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users passdb backend = ldapsam:ldap://ldap2.my.domain idmap backend = ldapsam:ldap://ldap2.my.domain nt acl support = yes # Rajoute le nom de domaine devant le login map untrusted to domain = yes wins support = yes wins proxy = no dns proxy = yes name resolve order = wins lmhosts bcast interfaces = eth* lo bind interfaces only = yes time server = yes socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 lock directory = /var/lib/samba log file = /var/log/samba/users/log-%U.log veto oplock files = /*.mdb/*.doc/*.xls/*.ppt/*.FIC/*.NDX/*.xlsx/ guest account = nobody logon script = %G.bat logon path = \\svct02\profiles\%U load printers = no printcap name = /dev/null printcap cache time = 0 idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [... share definition...] Thank's *Philippe MALADJIAN Responsable informatique | administrateur système* Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr <mailto:pmaladjian at hilaire.fr> Hilaire s.a.s. <http://www.hilaire.fr> *HILAIRE s.a.s.* 203 - 205 rue Jean Voillot, 69100 Villeurbanne - France Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03 http://www.hilaire.fr Le 04/09/2018 à 17:19, Rowland Penny via samba a écrit :> On Tue, 4 Sep 2018 11:05:10 +0200 > Philippe Maladjian via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I am working on the migration of our samba 3.5 domain controller >> (redhat 5.7) with ldap backend to samba 4.5 on a new server (debian >> 9.5). >> >> On the new server I transferred the smb.conf and all the contents of >> the /var/lib/samba folder to a temporary folder /root/samba3. >> >> To start the migration I use the command: >> >> # samba-tool domain samba3upgrade --dbdir =/root/samba3/ --realm >> MYDOMAIN.LAN /root/samba3/smb.conf >> > Have you read this: > > https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade) > > You are running the wrong command. > > You do seem to have problems with your databases though: > > Severe DB error, sambaSamAccount can't miss the samba SIDattribute > > Can you post the smb.conf you are using for the upgrade. > > Rowland >
On Wed, 5 Sep 2018 11:42:04 +0200 Philippe Maladjian via samba <samba at lists.samba.org> wrote:> Hello, > > I'm testing with this link but i'have the same error. > > # samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/ > --realm=dom.hilaire > --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf >Okay, you have these in your smb.conf: workgroup = MY.DOMAIN passdb backend = ldapsam:ldap://ldap2.my.domain You have this error message: Failed to connect to ldap URL 'ldap://ldap2.MYDOMAIN' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Is this bad sanitisation ? Does the workgroup 'MY.DOMAIN' actually have a dot in it ? Why is the upgrade reading 'ldap2.my.domain' as 'ldap2.MYDOMAIN' ? Is the old ldap server still running and accessible ? Can you post the ldap object for 'Domain Users' What is the DNS domain name of the computer you are running the upgrade on. Rowland
Hello,
Indeed when I copied the result for the mailing I made a mistake.
MY.DOMAIN is a dummy name. The result of the migration command is
Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Provisioning
Exporting account policy
Exporting groups
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Backup Operators'
S-1-5-21-3199360825-2299538094-1836089394-551 listed but then not found:
Unable to enumerate group members, (-1073741596,This error indicates
that the requested operation cannot be completed due to a catastrophic
media failure or an on-disk data structure corruption.)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Users'
S-1-5-21-3199360825-2299538094-1836089394-513 listed but then not found:
Unable to enumerate group members, (-1073741596,This error indicates
that the requested operation cannot be completed due to a catastrophic
media failure or an on-disk data structure corruption.)
Exporting users
sid S-1-5-21-629504534-1699756358-2856581066-3658 does not belong to our
domain
sid S-1-5-21-629504534-1699756358-2856581066-3632 does not belong to our
domain
Fixing account svimp02$ which had both ACB_NORMAL (U) and ACB_WSTRUST
(W) set. Account will be marked as ACB_WSTRUST (W), i.e. as a domain member
Skipping wellknown rid=501 (for username=nobody)
Next rid = 3867
krb5_init_context failed (Invalid argument)
smb_krb5_context_init_basic failed (Invalid argument)
Failed to connect to ldap URL 'ldap://ldap2.my.domain' - LDAP client
internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldap2.my.domain' with backend
'ldap': LDAP
client internal error: NT_STATUS_BAD_NETWORK_NAME
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
exception -
ProvisioningError: Could not open ldb connection to
ldap://ldap2.my.domain, the error message is: (1, 'LDAP client internal
error: NT_STATUS_BAD_NETWORK_NAME')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
1566, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 671,
in upgrade_from_samba3
raise ProvisioningError("Could not open ldb connection to %s, the
error message is: %s" % (url, e))
Since my new samba server I tried to make a ldap request
# ldapsearch -h ldap2 -xb "ou=Groups,dc=domain,dc=fr" -W -D
"cn=Manager,dc=domain,dc=fr" cn="Backup Operators"
# extended LDIF
#
# LDAPv3
# base <ou=Groups,dc=domain,dc=fr> with scope subtree
# filter: cn=Backup Operators
# requesting: ALL
#
*************
# Backup Operators, Groups, domain.fr
dn: cn=Backup Operators,ou=Groups,dc=domain,dc=fr
cn: Backup Operators
description: Domain Unix group
displayName: Backup Operators
gidNumber: 551
memberUid: backupmanager
memberUid: backuppc
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-3199360825-2299538094-1836089394-551
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
*******************
I do not understand the NT_STATUS_DAB_NETWORK_NAME error because the
server is accessible with its ip or by its name dns (ldap2)
*Philippe MALADJIAN
Responsable informatique | administrateur système*
Ligne directe : +33 (0)4 72 14 50 66 | pmaladjian at hilaire.fr
<mailto:pmaladjian at hilaire.fr>
Hilaire s.a.s. <http://www.hilaire.fr> *HILAIRE s.a.s.*
203 - 205 rue Jean Voillot, 69100 Villeurbanne - France
Tél. : +33 (0)4 72 37 58 23 - Fax : +33 (0)4 78 26 02 03
http://www.hilaire.fr
Le 05/09/2018 à 13:02, Rowland Penny via samba a écrit :> On Wed, 5 Sep 2018 11:42:04 +0200
> Philippe Maladjian via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I'm testing with this link but i'have the same error.
>>
>> # samba-tool domain classicupgrade --dbdir=/root/samba3/dbdir/
>> --realm=dom.hilaire
>> --dns-backend=SAMBA_INTERNAL /root/samba3/etc/smb.conf
>>
> Okay, you have these in your smb.conf:
>
> workgroup = MY.DOMAIN
> passdb backend = ldapsam:ldap://ldap2.my.domain
>
> You have this error message:
>
> Failed to connect to ldap URL 'ldap://ldap2.MYDOMAIN' - LDAP client
> internal error: NT_STATUS_BAD_NETWORK_NAME
>
> Is this bad sanitisation ?
>
> Does the workgroup 'MY.DOMAIN' actually have a dot in it ?
> Why is the upgrade reading 'ldap2.my.domain' as
'ldap2.MYDOMAIN' ?
> Is the old ldap server still running and accessible ?
> Can you post the ldap object for 'Domain Users'
> What is the DNS domain name of the computer you are running the upgrade
> on.
>
> Rowland
>