LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-07-2014, 04:53 AM   #1
krazyivan
LQ Newbie
 
Registered: Jan 2012
Posts: 29

Rep: Reputation: Disabled
problem upgrading samba3->samba4


Hi, I'm doing an upgrade (to a new host), basing on http://wiki.samba.org/index.php/Samb...omain_to_AD%29

Code:
/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/root/elara/samba/ --use-xattrs=yes  --realm=**** /root/elara.smb.conf
elara is the name of my old DC and I substited the real domain name with MYCOMPANYNAME because I'm a paranoid security freak

Code:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: guess_names: Realm 'MYCOMPANYNAME' must not be equal to short domain name 'MYCOMPANYNAME'!
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 1448, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 734, in upgrade_from_samba3
    use_ntvfs=use_ntvfs, skip_sysvolacl=True)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 2020, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 634, in guess_names
    raise ProvisioningError("guess_names: Realm '%s' must not be equal to short domain name '%s'!" % (realm, domain))
There is no real explicitly declared in the smb conf file. Declaring it in the file changed nothing so I'm guessing I need to change it in the tdb's. To be honest I'm lost at the moment and not sure where to look for a sollution. The only instance of this same error I was manage was when some guy was joining an AD domain with smb4. Other one when doing new provisioning on a new domain. Both not matching my case at all.

Last edited by krazyivan; 05-07-2014 at 07:54 AM.
 
Old 05-07-2014, 07:37 AM   #2
krazyivan
LQ Newbie
 
Registered: Jan 2012
Posts: 29

Original Poster
Rep: Reputation: Disabled
adding security=domain makes samba see the realm option -> but then

Code:
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: guess_names: 'server role=active directory domain controller' in /usr/local/samba/etc/smb.conf must match chosen server role 'member server'!  Please remove the smb.conf file and let provision generate it
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 1448, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 734, in upgrade_from_samba3
    use_ntvfs=use_ntvfs, skip_sysvolacl=True)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 2020, in provision
    sitename=sitename, rootdn=rootdn, domain_names_forced=(samdb_fill == FILL_DRS))
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 605, in guess_names
    raise ProvisioningError("guess_names: 'server role=%s' in %s must match chosen server role '%s'!  Please remove the smb.conf file and let provision generate it" % (lp.get("server role"), lp.configfile, serverr
and it's only logical - "security = domain" forces the server to be a domain member even if it's a controler. So I'm still stuck.

My current config fallows, forgot to add it to my previous post

Code:
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the 
# Samba-Guide which is generated daily and can be downloaded from: 
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================

[global]

# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
        workgroup = ****** #hashed out for confidentiality reasons
        server string = ***
realm = *******-realm.com 
;       netbios name = MYSERVER

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 
        hosts allow = 192.168. 127.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

        # logs split per machine
        log file = /var/log/samba/%m.log
        # max 50KB per log file, then rotate
        max log size = 50
        log level = 10

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *


;        security = domain
;        passdb backend = tdbsam
;        realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations. 
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;       security = user
;       passdb backend = tdbsam

        domain master = yes 
        domain logons = yes

        # the login script name depends on the machine name
;       logon script = %m.bat
        # the login script name depends on the unix user used
;       logon script = %u.bat
        logon drive = Q:
        logon home = \\%N\%U
        logon path = \\%N\%U\profile
        # disables profiles support by specifing an empty path
;       logon path =          

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
        add machine script = /usr/sbin/useradd -d /var/lib/nobody -s /sbin/nologin "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
        local master = yes
;       os level = 33
        preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one        WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

        wins support = yes
;       wins server = 192.168.0.9
;       wins proxy = yes

;       dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

        load printers = no
        cups options = raw

;       printcap name = /etc/printcap
        #obtain list of printers automatically on SystemV
;       printcap name = lpstat
;       printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;       map archive = no
;       map hidden = no
;       map read only = no
;       map system = no
;       store dos attributes = yes


#============================ Share Definitions ==============================

    create mask = 0660
    directory mask = 0770
    unix extensions = no
    max open files = 100000
;       log level = 10


[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        valid users = %S
        valid users = GANYMEDE\%S

;[printers]
;       comment = All Printers
;       path = /var/spool/samba
;       browseable = no
;       guest ok = no
;       writable = no
;       printable = yes

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no


[archive]
    path=/mnt/matrix/archive
    public=yes
    writable=yes
    printable=no
    
[install]
    path=/mnt/matrix/install
    public=yes
    writable=yes
    printable=no


#and other shares
Any pointers would be greatly appriciated

Last edited by krazyivan; 05-07-2014 at 07:38 AM.
 
Old 05-07-2014, 07:57 AM   #3
krazyivan
LQ Newbie
 
Registered: Jan 2012
Posts: 29

Original Poster
Rep: Reputation: Disabled
My Mistake! - explictly used the realm flag with the wrong name same as workgroup!
Got another error but the script ran for considerably longer now
Figure reading the error message is the key to solving sutch problems....
 
Old 05-09-2014, 07:05 AM   #4
krazyivan
LQ Newbie
 
Registered: Jan 2012
Posts: 29

Original Poster
Rep: Reputation: Disabled
after doing a few more cleanups on the old domain I still cant get the migration to work


I'm stuck on

Code:
idmapping sid_to_xid failed for id[0]=S-1-5-21-1275545348-4294519683-4007804651-512: NT_STATUS_NONE_MAPPED
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 1448, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py", line 851, in upgrade_from_samba3
    result.names.domaindn, result.lp, use_ntvfs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1612, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1517, in set_gpos_acl
    passdb=passdb)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py", line 1480, in set_dir_acl
    setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/ntacls.py", line 104, in setntacl
    (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
This time I'm positive I did everything by the book
 
Old 05-21-2014, 08:12 AM   #5
krazyivan
LQ Newbie
 
Registered: Jan 2012
Posts: 29

Original Poster
Rep: Reputation: Disabled
any help would be welcome, I'm hitting a brick wall here. The only solid info I was able to find was that smb3 database have no consistency checks at all so there may be some excessive data in them holding errorous records. I tried dumping the tdb idmap database but failed to find this sid there
 
  


Reply

Tags
samba4


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with Joining Samba3 to Samba4 AD Domain varouj Linux - Enterprise 0 01-09-2013 02:44 AM
Samba4 domain not seeing imported users ,Groups and Machine Accounts from samba3 domain treedstang Linux - Server 0 01-06-2013 11:45 PM
Permission Problem on a Samba3 Share in a Samba4 Domain. varouj Linux - Enterprise 4 12-27-2012 05:06 PM
[SOLVED] joining samba3 to samba4 pdc swagcute Linux - Server 13 08-03-2012 08:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration