From a3457df2ff91b71ce8a7c52639eafb169c7f88d4 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 11 Apr 2013 09:32:13 +1000
Subject: [PATCH 1/2] python-samba-tool domain classicupgrade: Skip machine
 accounts that do not end in $

These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.

Andrew Bartlett
---
 python/samba/upgrade.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index af854ef..136e3ba 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -708,6 +708,10 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
         elif acct_type == samr.ACB_DOMTRUST:
             logger.warn("  Skipping inter-domain trust from domain %s, this trust must be re-created as an AD trust" % username[:-1])
 
+        elif acct_type == (samr.ACB_WSTRUST) and username[-1] != '$':
+            logger.warn("  Skipping account %s that has ACB_WSTRUST (W) set but does not end in $.  This account can not have worked, and is probably left over from a misconfiguration." % username)
+            continue
+
         elif acct_type == (samr.ACB_NORMAL|samr.ACB_WSTRUST) and username[-1] == '$':
             logger.warn("  Fixing account %s which had both ACB_NORMAL (U) and ACB_WSTRUST (W) set.  Account will be marked as ACB_WSTRUST (W), i.e. as a domain member" % username)
             user.acct_ctrl = (user.acct_ctrl & ~samr.ACB_NORMAL)
-- 
1.7.11.7


From c22ba5d0bcee00dfeed1657a86e9baade353155d Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 11 Apr 2013 09:33:16 +1000
Subject: [PATCH 2/2] python-samba-tool domain classicupgrade: Actually Skip
 domain trust accounts

---
 python/samba/upgrade.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 136e3ba..ad23b0b 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -707,6 +707,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, session_info=None,
 
         elif acct_type == samr.ACB_DOMTRUST:
             logger.warn("  Skipping inter-domain trust from domain %s, this trust must be re-created as an AD trust" % username[:-1])
+            continue
 
         elif acct_type == (samr.ACB_WSTRUST) and username[-1] != '$':
             logger.warn("  Skipping account %s that has ACB_WSTRUST (W) set but does not end in $.  This account can not have worked, and is probably left over from a misconfiguration." % username)
-- 
1.7.11.7