To migrate our existing, samba3 + OpenLDAP based domain to samba4, I set up a new server, copied over the db and config-Files of the old server to /root/samba3 and ran: samba-tool domain classicupgrade \ --dbdir=/root/samba3/db/private/ \ --targetdir=/root/samba4/ \ --use-xattrs=yes \ /root/samba3/conf/smb.conf The result in beta3 was a working PDC. However, in 4.0.0rc1 I get: Provisioning Exporting account policy Exporting groups Exporting users Skipping wellknown rid=500 (for username=administrator) Could not find uidNumber in uid=root,ou=People,o=IWM,dc=iwm-kmrc,dc=de Ignoring group memberships of 'root' S-1-5-21-1690228159-1232189243-2108207755-1000: Unable to enumerate group memberships, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION) Demoting BDC account trust for kmrcserv, this DC must be elevated to an AD DC using 'samba-tool domain promote' Next rid = 41390 Failed to connect to ldap URL 'ldap://ldapsrv.iwm-kmrc.de' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME Failed to connect to 'ldap://ldapsrv.iwm-kmrc.de' with backend 'ldap': (null) Could not open ldb connection to ldap://ldapsrv.iwm-kmrc.de, the error message is: (1, None) Exporting posix attributes ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local variable 'ldb_object' referenced before assignment File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 168, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 1312, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/lib64/python2.7/site-packages/samba/upgrade.py", line 795, in upgrade_from_samba3 homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory") My classic smb.conf contains: passdb backend = ldapsam:"ldap://ldapsrv.iwm-kmrc.de" However, I suspect that the migration of posix attributes that was recently introduced to classicupgrade causes the issue. Can someone confirm that? Best, Torsten
Created attachment 7912 [details] Small patch to make migration of POSIX attrs optional The attached patch introduces a new commandline option '--no-posix-attrs' to samba-tool domain classicupgrade to entirely skip migrating posix attributes. In addition, the patch introduces a check whether ldb_object is set, before calling 'get_posix_attr_from_ldap_backend'. This way, the old database can be migrated including posix attrs, even if they are not set for all users.
Created attachment 7913 [details] Small patch to make migration of POSIX attrs optional (refined) The new patch prints warnings about all accounts, whose posix attrs can't be read.
As Andrew Bartlett pointed out on the samba-technical mailing list, the problem lies with the different types of name resolution used by different parts of the upgrade process. In my setup, for some (yet unknown) reason one of those fail, producing the error. Thus, circumventing name resolution by putting the IP instead of the hostname into the 'passdb backend' line in my classic smb.conf, worked out perfectly. Closing as invalid. Best, Torsten