13994 – NT4 Domain to Samba AD Classic Upgrade fails with errors

Bug 13994 - NT4 Domain to Samba AD Classic Upgrade fails with errors

Summary: NT4 Domain to Samba AD Classic Upgrade fails with errors

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	Tools (show other bugs)
Version:	4.5.14
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-06-15 13:03 UTC by Oliver Doll
Modified:	2019-06-20 12:48 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Doll 2019-06-15 13:03:01 UTC

Trying to upgrade an NT4 Style Single Label Domain to Active Directory via Classic Upgrade (https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade))

HW: ARMBIAN based Cubietruck board with
Linux share 4.19.38-sunxi #5.86 SMP Sun May 12 17:56:25 CEST 2019 armv7l GNU/Linux
Samba Version 4.5.16-Debian

Upgrade process ends with the following error:
 [...]
Setting password for administrator
Administrator password has been set to password of user 'root'
Error loading module '/usr/lib/arm-linux-gnueabihf/samba/vfs/acl_xattr.so': /usr/lib/arm-linux-gnueabihf/samba/vfs/acl_xattr.so: cannot open shared object file: No such file or directory
error probing vfs module 'acl_xattr': NT_STATUS_UNSUCCESSFUL
smbd_vfs_init: vfs_init_custom failed for acl_xattr
create_conn_struct: smbd_vfs_init failed.
ERROR(runtime): uncaught exception - (-1073741633, 'The network is busy.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1566, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 853, in upgrade_from_samba3
    result.names.domaindn, result.lp, use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1539, in setsysvolacl
    smbd.set_simple_acl(file.name, 0755, gid)

Comment 1 Louis 2019-06-17 07:28:02 UTC

Hai, 

Please check if acl and attr and samba-vfs-modules are installed on your system.

Comment 2 Oliver Doll 2019-06-20 12:48:25 UTC

Sry, coming from an "ancient" samba config the wiki was not explicit for me that those package are required and where still missing.
After I added those the tool ran without any bigger issues (though the result is not as expected as the smb.con contains no references to any previous configured shares (inc. homes) nor can I "see" the DC on the network at all, but that's another story)


root@share:/var/lib/samba# samba-tool domain classicupgrade --dbdir=/usr/local/samba.PDC/dbdir/ \
> --realm=ad.mydom.de --dns-backend=SAMBA_INTERNAL /usr/local/samba.PDC/etc/smb.PDC.conf
Reading smb.conf
Provisioning
Exporting account policy
Exporting groups
Exporting users
Next rid = 5009
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/usr/local/samba.PDC/dbdir/wins.dat'
Looking up IPv4 addresses
Looking up IPv6 addresses
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ad,DC=mydom,DC=de
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Modifying display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=ad,DC=mydom,DC=de
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Server Role:           active directory domain controller
Hostname:              share
NetBIOS Domain:        MYDOM
DNS Domain:            ad.mydom.de
DOMAIN SID:            S-1-5-21-1234567890-1234567890-123456789
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Adding groups
Importing groups
Committing 'add groups' transaction to disk
Adding users
Importing users
Could not add posix attrs for AD entry for sid=S-1-5-21-1234567890-1234567890-123456789-1062, ((21, 'Element loginShell has empty attribute in ldb message ()!'))
User root has been kept in the directory, it should be removed in favour of the Administrator user
Committing 'add users' transaction to disk
Adding users to groups
Committing 'add users to groups' transaction to disk
Setting password for administrator
Administrator password has been set to password of user 'root'