我很困惑从samba 3.5(debian squezze)samba升级到samba 4.1(ubuntu 14.04 lts)我现在做了什么? 全部来自官方samba wiki:
[ https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Samba_AD_domain_%28classic_upgrade%29]
我的scheme是在旧机器上备份现有的samba 3,将文件传输到新机器,并从该文件中执行classicupgrade。 我无法在旧机器上执行classicupgrade,因为它在生产站点上,并且不可用。
现在在新机器上,我已经用从旧机器导入的数据库打开了ldap,并且还从旧机器上获得了文件smb.conf和/ var / lib / samba / *。 我已经检查过ldap用户和组的重复名称。
要做classicupgrade我运行命令:
samba-tool domain classicupgrade --dbdir=/dir/with/files/from/old/machine/var/lib/samba/ --use-xattrs=yes \ --realm=office.mycompany.com --dns-backend=SAMBA_INTERNAL /patch/to/samba3/smb.conf 而这个命令的输出是:
eading smb.conf Provisioning Exporting account policy Exporting groups Exporting users Skipping wellknown rid=500 (for username=administrator) Next rid = 10003 Exporting posix attributes Reading WINS database Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=office,DC=mycompany,DC=com Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=office,DC=mycompany,DC=com Creating DomainDnsZones and ForestDnsZones partitions Populating DomainDnsZones and ForestDnsZones partitions Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Admin password: .......................... Server Role: active directory domain controller Hostname: DC1 NetBIOS Domain: mycompany DNS Domain: office.mycompany.com DOMAIN SID: S-1-5-21-2669135327-1831268680-3250772662 Importing WINS database Importing Account policy Importing idmap database Adding groups Importing groups Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-514, groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-21-2669135327-1831268680-3250772662-515, groupname=Domain Computers existing_groupname=Domain Computers, Ignoring. Commiting 'add groups' transaction to disk Adding users Importing users Commiting 'add users' transaction to disk Adding users to groups Commiting 'add users to groups' transaction to disk idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED account_policy_get: tdb_fetch_uint32 failed for type 1 (min password length), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 2 (password history), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 3 (user must logon to change password), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 4 (maximum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 5 (minimum password age), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 6 (lockout duration), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 7 (reset count minutes), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 8 (bad lockout attempt), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 9 (disconnect time), returning 0 account_policy_get: tdb_fetch_uint32 failed for type 10 (refuse machine password change), returning 0 idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-549: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-18: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-544: NT_STATUS_NONE_MAPPED enum_group_memberships failed for S-1-5-21-2669135327-1831268680-3250772662-500: NT_STATUS_NONE_MAPPED Fall back to unix uid lookup idmap range not specified for domain '*' idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[0]=S-1-5-21-2669135327-1831268680-3250772662-512: NT_STATUS_NONE_MAPPED ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/upgrade.py", line 983, in upgrade_from_samba3 result.names.domaindn, result.lp, use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1581, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1511, in set_gpos_acl passdb=passdb) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1474, in set_dir_acl setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=service) File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 104, in setntacl (owner_id, owner_type) = passdb.sid_to_id(sd.owner_sid)
之后,桑巴工具可以列出用户和组,但不能添加计算机和命令
samba-tool ntacl sysvolreset
退出时出错:
ERROR(<class 'passdb.error'>): uncaught exception - Unable to get id for sid File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 208, in run (BA_gid,BA_type) = s4_passdb.sid_to_id(BA_sid)
有人可以帮助我理解我做错了什么,或者我闭嘴要做更多的事吗?
当我试图loginsamba4日志中的networking共享的人我有这样的:
idmapping sid_to_xid failed for id[2]=S-1-5-21-2669135327-1831268680-3250772662-520: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[3]=S-1-5-21-2669135327-1831268680-3250772662-572: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[4]=S-1-5-21-2669135327-1831268680-3250772662-519: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[5]=S-1-5-21-2669135327-1831268680-3250772662-518: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[7]=S-1-1-0: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[8]=S-1-5-2: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[9]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[10]=S-1-5-32-544: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[11]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[12]=S-1-5-32-554: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[6]=S-1-1-0: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[7]=S-1-5-2: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[8]=S-1-5-11: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[9]=S-1-5-32-545: NT_STATUS_NONE_MAPPED idmapping sid_to_xid failed for id[10]=S-1-5-32-554: NT_STATUS_NONE_MAPPED
我认为是与组映射的东西,但不知道如何解决这个问题。 是否有可能编辑一些samba3或ldap文件,甚至手动纠正这个问题?
问候
好吧,我不应该从旧的服务器复制/ var / lib / samba的所有文件,但只有这个文件:
# secrets.tdb # schannel_store.tdb # passdb.tdb # group_mapping.tdb # account_policy.tdb # smb.conf
并仅使用此文件进行经典升级过程。