>
>
> On Sat, May 26, 2012 at 1:41 AM, Andrew Bartlett <
[hidden email]>
> wrote:
> On Fri, 2012-05-25 at 16:43 +0200, Marc Muehlfeld wrote:
> > Hi,
> >
> > I'm playing in my test environment with a migration from s3
> to the latest git
> > version. My s3 is in LDAP and I followed the HowTo.
> >
> > But I'm having the following issues/errors when running
> > # /usr/local/samba/bin/samba-tool domain samba3upgrade
> > --dbdir=/usr/var/locks3/ --use-xattrs=yes
> --realm=MUC.medizinische-genetik.de
> > /etc/samba/smb3.conf
> >
> >
> >
> >
> > 1.) tdb(/usr/var/locks3/gencache.tdb):Corrupt database:
> Record offset 696 has
> > incorrect hash
> > gencache_init: tdb_check(/usr/var/locks3/gencache.tdb)
> failed - retry after
> > truncate
> >
> > It's nothing serious. The script just continues.
>
>
> Indeed, gencache is only a cache, and therefore not required
> for
> migration.
>
> > 2.) Exporting groups
> > Ignoring group 'Print Operators' S-1-5-32-550 listed but
> then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Backup Operators' S-1-5-32-551 listed but
> then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Replicator' S-1-5-32-552 listed but then not
> found: Unable to
> > enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Administrators' S-1-5-32-544 listed but then
> not found: Unable
> > to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring 'well known' group 'Guests' (should already be in
> AD, and have no
> > members)
> > Ignoring group 'Account Operators' S-1-5-32-548 listed but
> then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Server Operators' S-1-5-32-549 listed but
> then not found:
> > Unable to enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Power Users' S-1-5-32-547 listed but then
> not found: Unable to
> > enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> > Ignoring group 'Users' S-1-5-32-545 listed but then not
> found: Unable to
> > enumerate members for alias,
> (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
> >
> > The script continues, but this groups are all ignored. Any
> idea why?
>
>
> A number of Samba3 databases appear to have aliases templates
> for these
> well known groups, but if they are not mapped to system
> groups, then
> this will happen. That's why we ignore the error, because
> clearly there
> are no users in these groups.
>
> > 3.) Importing WINS database
> > ERROR(<type 'exceptions.ValueError'>): uncaught exception -
> invalid literal
> > for int() with base 16: ''
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 160, in _run
> > return self.run(*args, **kwargs)
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
> > 926, in run
> > useeadb=eadb)
> > File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
> > line 683, in upgrade_from_samba3
> > samba3_winsdb = samba3.get_wins_db()
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
> > line 399, in get_wins_db
> > return WinsDatabase(self.statedir_path("wins.dat"))
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/samba3/__init__.py",
> > line 333, in __init__
> > nb_flags = int(entries[i][:-1], 16)
> >
> > Here the script crashes and stops. The only way to continue,
> is to delete
> > wins.dat. Maybe the script can continue, if the WINS import
> failes.
>
>
> I need a sample of the failed wins.dat, so we can fix the
> parsing
> script.
>
> > 4.) Adding users to groups
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught
> exception -
> > ProvisioningError: Could not add member
> > 'S-1-5-21-1362721961-1801182073-732966438-2996' to group
> > 'S-1-5-21-1362721961-1801182073-732966438-512' as either
> group or user record
> > doesn't exist: Unable to find GUID for DN
> >
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 160, in _run
> > return self.run(*args, **kwargs)
> > File
> >
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
> > 926, in run
> > useeadb=eadb)
> > File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
> > line 728, in upgrade_from_samba3
> > add_users_to_group(result.samdb, g,
> groupmembers[str(g.sid)], logger)
> > File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
> > line 242, in add_users_to_group
> > raise ProvisioningError("Could not add member '%s' to
> group '%s' as
> > either group or user record doesn't exist: %s" %
> (member_sid, group.sid, emsg))
> >
> > Here the script crash and stop again.
> > S-1-5-21-1362721961-1801182073-732966438-2996 in LDAP =
> Administrator
> > S-1-5-21-1362721961-1801182073-732966438-512 in LDAP = Group
> "Domain Admins"
> >
> > If I delete the user Administator from LDAP, the script run
> up to the end.
>
>
> The issue would be that Administrator should have a SID ending
> in -500.
> We already skip accounts "root" and "administrator" and map
> the password
> on to the Administrator account we build at provision time.
> This does
> however mean that we break when trying to import the incorrect
> administrator as a group member.
>
>
>
>
> Urk... This could explain some long term problems we've been having
> with our old S3 (3.0.9) system. :-P Another problem I'm seeing in
> our database is a "nobody" user with a SID ending in *-501. Our
> database has had a long and tortuous journey over the years, and I'm
> not surprised to find various accumulated crud in there. I'm hoping
> that our S4 migration manages to filter out some of that garbage...
Locked
wins.tar.bz2 (13K) 