Hi, I have a working Samba3 installation with ldap backend on Debian Wheezy x64. I would like to upgrade to Samba4, so I test it on a virtual machine. I copied the PDC to the virtual machine, and set up debian backports, then installed Samba 4.1. I follow Samba Classic Upgrade SambaWiki. samba-tools didn't find an ldb lib, so I created a link: ln -s /usr/lib/x86_64-linux-gnu/ldb/ /usr/lib/x86_64-linux-gnu/samba/ samba-tool domain classicupgrade --dbdir=/var/lib/samba.pdc/private/ --use-xattrs=yes --realm=xy.site --dns-backend=Bind9.DLZ --option="interface=lo eth0" --option="bind interface only=yes" /etc/samba.pdc/smb.pdc.conf Reading smb.conf Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'bubo' S-1-5-21-1056419617-429938706-1326152232-3010: Unable to enumerate group memberships, (-1073741724,No such user) Skipping wellknown rid=501 (for username=nobody) Ignoring group memberships of 'xxx' S-1-5-21-1056419617-429938706-1326152232-3014: Unable to enumerate group memberships, (-1073741724,No such user) Next rid = 3015 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/var/lib/samba.pdc/private/wins.dat' Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=PDC Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: standalone server Hostname: pdc NetBIOS Domain: PDC DNS Domain: xy.site DOMAIN SID: S-1-5-21-1056419617-429938706-1326152232 Importing WINS database Importing Account policy Importing idmap database Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Adding groups Importing groups Commiting 'add groups' transaction to disk Adding users Importing users User root has been kept in the directory, it should be removed in favour of the Administrator user Commiting 'add users' transaction to disk Adding users to groups Commiting 'add users to groups' transaction to disk Setting password for administrator /usr/lib/python2.7/threading.py:832: RuntimeWarning: tp_compare didn't return -1 or -2 for exception return _active[_get_ident()] ERROR(<type 'exceptions.TypeError'>): uncaught exception - expected string or Unicode object, NoneType found File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 977, in upgrade_from_samba3 logger.info("Administrator password has been set to password of user '%s'", admin_user) File "/usr/lib/python2.7/logging/__init__.py", line 1148, in info self._log(INFO, msg, args, **kwargs) File "/usr/lib/python2.7/logging/__init__.py", line 1266, in _log record = self.makeRecord(self.name, level, fn, lno, msg, args, exc_info, func, extra) File "/usr/lib/python2.7/logging/__init__.py", line 1240, in makeRecord rv = LogRecord(name, level, fn, lno, msg, args, exc_info, func) File "/usr/lib/python2.7/logging/__init__.py", line 284, in __init__ self.threadName = threading.current_thread().name File "/usr/lib/python2.7/threading.py", line 832, in currentThread return _active[_get_ident()] I will give further details if it is necessary.
I ran into the same problem with 4.1.13. FYI, the troublesome LDAP entry was: --- dn: uid=root,ou=People,dc=ucc,dc=gu,dc=uwa,dc=edu,dc=au objectClass: sambaSamAccount objectClass: account displayName: root sambaAcctFlags: [DU ] sambaSID: S-1-5-21-3342141748-1574249315-1264630062-1425 uid: root --- Removing this account (the provenance of which was unknown) prevented the printing of this exception.
This is a bit mysterious, in that the exception comes from deep in Python's own threading code and, like, should not happen. There is nothing in there to cause a TypeError. /usr/lib/python2.7/threading.py:832: RuntimeWarning: tp_compare didn't return -1 or -2 for exception return _active[_get_ident()] ERROR(<type 'exceptions.TypeError'>): uncaught exception - expected string or Unicode object, NoneType found File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 977, in upgrade_from_samba3 logger.info("Administrator password has been set to password of user '%s'", admin_user) File "/usr/lib/python2.7/logging/__init__.py", line 1148, in info self._log(INFO, msg, args, **kwargs) File "/usr/lib/python2.7/logging/__init__.py", line 1266, in _log record = self.makeRecord(self.name, level, fn, lno, msg, args, exc_info, func, extra) File "/usr/lib/python2.7/logging/__init__.py", line 1240, in makeRecord rv = LogRecord(name, level, fn, lno, msg, args, exc_info, func) File "/usr/lib/python2.7/logging/__init__.py", line 284, in __init__ self.threadName = threading.current_thread().name File "/usr/lib/python2.7/threading.py", line 832, in currentThread return _active[_get_ident()] Unless Samba's python bindings had something wrong[!] and some object's tp_compare was pointing to the wrong kind of function (because use-after-free of some-such). 1. It is possible that `admin_user` or `userdata[admin_user]` variables have messed up refcounts or something. Their origin was tidied up in commit 61670169d5241f742bc80bec37b02800af8c8517, so if that's the problem it is likely fixed. 2. This seems to happen when a "root" account exists (c.f. comment 1, and "User root has been kept..." message). In both cases the root account is not really admin. It could be that s4_passdb.update_sam_account() somewhere assumes that the user data will contain something that it doesn't. 3. Another possible problem is > samba-tools didn't find an ldb lib, so I created a link: > ln -s /usr/lib/x86_64-linux-gnu/ldb/ /usr/lib/x86_64-linux-gnu/samba/ This might mean we're using an incompatible ldb (samba from debian backports, ldb not from backports). In summary: Still a mystery, but likely fixed in recent Samba. Keep you ldb in sync. If you have a mysterious non-admin root user, try not having that.
See also: https://lists.samba.org/archive/samba-technical/2013-January/089858.html