samba classicupgrade de samba3 a samba4

Estoy muy confundido con hacer samba actualización de samba 3.5 (debian squezze) a samba 4.1 (ubuntu 14,04 lts) ¿Qué he hecho ahora? todo de la samba oficial wiki:

[ https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Samba_AD_domain_%28classic_upgrade%29]

Mi escenario es hacer copy de security de la samba 3 existente en la máquina antigua, transferir files a la nueva máquina y hacer classicupgrade de este file. No puedo hacer classicupgrade en la vieja máquina porque está en el sitio de la producción y no puede ser inasequible.

Ahora en la nueva máquina tengo trabajo ldap abierto con la database importada del viejo, y también tengo files smb.conf y / var / lib / samba / * de máquina vieja. He comprobado ldap para los nombres duplicates de usuarios y grupos.

Para hacer classicupgrade i ejecutar command:

samba-tool domain classicupgrade --dbdir=/dir/with/files/from/old/machine/var/lib/samba/ --use-xattrs=yes \ --realm=office.mycompany.com --dns-backend=SAMBA_INTERNAL /patch/to/samba3/smb.conf 

y la salida de este command es:

  eading smb.conf Provisioning Exporting account policy Exporting groups Exporting users Skipping wellknown rid=500 (for username=administrator) Next rid = 10003 Exporting posix attributes Reading WINS database Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=office,DC=mycompany,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=office,DC=mycompany,DC=com Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password: .......................... Server Role: active directory domain controller Hostname: DC1 NetBIOS Domain: mycompany DNS Domain: office.mycompany.com DOMAIN SID: S-1-5-21-2669135327-1831268680-3250772662 Importing WINS database Importing Account policy Importing idmap database Adding groups Importing groups Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-514, groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-515, groupname=Domain Computers existing_groupname=Domain Computers, Ignoring. Commiting 'add groups' transaction to disk Adding users Importing users Commiting 'add users' transaction to disk Adding users to groups Commiting 'add users to groups' transaction to disk idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0 idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-21-2669135327-1831268680-3250772662-512: NT_STATUS_NONE_MAPPED ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 983, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1581, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1511, in set_gpos_acl passdb=passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1474, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 104, in setntacl (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid) 

Después de que samba-tool puede listr usuarios y grupos pero no puede agregar orderadores, y el command

 samba-tool ntacl sysvolreset 

salir con error:

 ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 208, in run (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid) 

¿Puede alguien ayudarme con la comprensión de lo que estoy haciendo mal o lo que me callo para hacer más?

Cuando estoy intentando registrarme como alguien al compartir de la networking en los loggings de samba4 tengo esto:

 idmapping sid_to_xid failed for id[2]=S-1-5-21-2669135327-1831268680-3250772662-520: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[3]=S-1-5-21-2669135327-1831268680-3250772662-572: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[4]=S-1-5-21-2669135327-1831268680-3250772662-519: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[5]=S-1-5-21-2669135327-1831268680-3250772662-518: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[7]=S-1-1-0: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[8]=S-1-5-2: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[9]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[10]=S-1-5-32-544: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[11]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[12]=S-1-5-32-554: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[6]=S-1-1-0: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[7]=S-1-5-2: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[8]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[9]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[10]=S-1-5-32-554: NT_STATUS_NONE_MAPPED 

Creo que es algo con mapeos de grupos, pero no sé cómo solucionarlo. ¿Existe la posibilidad de editar algunos files samba3 o ldap, incluso manualmente para corregir este problema?

Saludos

One Solution collect form web for “samba classicupgrade de samba3 a samba4”

OK lo tengo, no debería copyr todos los files de / var / lib / samba desde el antiguo server, pero sólo estos files:

 # secrets.tdb # schannel_store.tdb # passdb.tdb # group_mapping.tdb # account_policy.tdb # smb.conf 

y utilizar sólo este file para el procedimiento clásico de actualización.

  • ¿Alguna posibilidad de usar ZFS para compartir Samba4 AD DC en Ubuntu 16.04?
  • ¿Cómo carga los controlleres de impresora de Windows en un server de printing Samba 4?
  • Cómo conocer el nombre de service de un server de samba
  • Conectando windows 2012 a un linux ADDC, ejecutando samba 4 con ldap como backend
  • Windows 10 PE No se puede asignar anónimamente la unidad de networking
  • ¿Un método más fácil de configurar Winbind auth en LMDE?
  • Configuración de Samba para acciones públicas
  • FreeRADIUS con integración de Active Directory roto sin ningún rastro
  • Samba 4x netlogon scripts que no se ejecutan en Windows 7
  • ¿Unirse al dominio de Samba 4 AD, faltando inputs de DNS?
  • Registro de cliente Samba4 Bind9 como un host
  • ¿Cómo puedo get escrituras en las acciones de samba para ser tratadas como un usuario específico con fines de permiso?
  • Permitir el cambio de passwords utilizando LDAP (s) con Samba4
  • El linux y los temas del servidor de Windows, como ubuntu, centos, apache, nginx, debian y consejos de red.