The Samba-Bugzilla – Bug 9186
'samba-tool domain classicupgrade' fails with 'LDAP client internal error'
Last modified: 2012-09-21 01:08:55 UTC
To migrate our existing, samba3 + OpenLDAP based domain to samba4, I set up a new server, copied over the db and config-Files of the old server to /root/samba3 and ran:
samba-tool domain classicupgrade \
The result in beta3 was a working PDC. However, in 4.0.0rc1 I get:
Exporting account policy
Skipping wellknown rid=500 (for username=administrator)
Could not find uidNumber in uid=root,ou=People,o=IWM,dc=iwm-kmrc,dc=de
Ignoring group memberships of 'root' S-1-5-21-1690228159-1232189243-2108207755-1000: Unable to enumerate group memberships, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Demoting BDC account trust for kmrcserv, this DC must be elevated to an AD DC using 'samba-tool domain promote'
Next rid = 41390
Failed to connect to ldap URL 'ldap://ldapsrv.iwm-kmrc.de' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://ldapsrv.iwm-kmrc.de' with backend 'ldap': (null)
Could not open ldb connection to ldap://ldapsrv.iwm-kmrc.de, the error message is: (1, None)
Exporting posix attributes
ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local variable 'ldb_object' referenced before assignment
File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 168, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 1312, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/lib64/python2.7/site-packages/samba/upgrade.py", line 795, in upgrade_from_samba3
homes[username] = get_posix_attr_from_ldap_backend(logger, ldb_object, base_dn, username, "homeDirectory")
My classic smb.conf contains:
passdb backend = ldapsam:"ldap://ldapsrv.iwm-kmrc.de"
However, I suspect that the migration of posix attributes that was recently introduced to classicupgrade causes the issue.
Can someone confirm that?
Created attachment 7912 [details]
Small patch to make migration of POSIX attrs optional
The attached patch introduces a new commandline option
to samba-tool domain classicupgrade to entirely skip migrating posix attributes.
In addition, the patch introduces a check whether ldb_object is set, before calling 'get_posix_attr_from_ldap_backend'. This way, the old database can be migrated including posix attrs, even if they are not set for all users.
Created attachment 7913 [details]
Small patch to make migration of POSIX attrs optional (refined)
The new patch prints warnings about all accounts, whose posix attrs can't be read.
As Andrew Bartlett pointed out on the samba-technical mailing list, the problem lies with the different types of name resolution used by different parts of the upgrade process. In my setup, for some (yet unknown) reason one of those fail, producing the error.
Thus, circumventing name resolution by putting the IP instead of the hostname into the 'passdb backend' line in my classic smb.conf, worked out perfectly.
Closing as invalid.