Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 08/11/2012, à 15:28

isador999

Migration OpenLDAP Samba3 vers OpenLDAP Samba4

Bonjour,

Nous avons un serveur OpenLDAP 2.4.11 avec Samba 3.6.
Nous voulons migrer cette solution vers un nouveau serveur Samba4.


J'ai réussi à importer la base OpenLDAP sur le nouveau serveur, OpenLDAP 2.4.23 :

apt-get install slapd ldap-utils
Ensuite, j'ai replacé le répertoire /etc/ldap/, et j'ai importé le schéma avec le fichier LDIF.
slapadd -l /tmp/backup.ldif
/etc/init.d/slapd start

J'ai installé phpldapadmin et j'ai vu que mon schéma était identique à l'ancien.
Seulement, les commandes   

getent passwd

   et   

getent group

   ne me renvoient que les utilisateurs et groupes de la machine.. 
malgré que j'ai modifié le fichier /etc/nsswitch.conf pour le LDAP.



Bref, LDAP étant démarré, j'ai ensuite installé Samba4 et tenté la migration à l'aide du tuto suivant :

Samba4/HOWTO
J'ai bien installé tous les paquet prérequis pour l'installation de Samba4.

J'ai copié comme à la section Upgrading  mes fichiers .tdb et mon smb.conf sur le nouveau serveur.

Lorsque je lance la commande de migration suivante  :  /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/usr/local/samba/var/lib/  --use-xattrs=yes  /usr/local/samba/etc/smb.conf


j'ai une sacrée erreur :  

Reading smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[profiles]"
Provisioning
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBA4))]
smbldap_open_connection: connection opened
Exporting account policy
Exporting groups
ldapsam_setsamgrent: 19 entries in the base!
init_group_from_ldap: Entry found for group: 512
init_group_from_ldap: Entry found for group: 513
init_group_from_ldap: Entry found for group: 514
........................................

SID string [-3011] could not be read as a valid SID
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Domain Admins' S-1-5-21-2735607581-4209329500-3995822880-512 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Domain Users' S-1-5-21-2735607581-4209329500-3995822880-513 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Domain Guests' S-1-5-21-2735607581-4209329500-3995822880-514 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Severe DB error, sambaSamAccount can't miss the samba SIDattribute
Ignoring group 'Domain Computers' S-1-5-21-2735607581-4209329500-3995822880-515 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Ignoring group 'Print Operators' S-1-5-32-550 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'sibio' S-1-5-21-2735607581-4209329500-3995822880-3009 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'management' S-1-5-21-2735607581-4209329500-3995822880-3005 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'comta' S-1-5-21-2735607581-4209329500-3995822880-3001 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'commercial' S-1-5-21-2735607581-4209329500-3995822880-3003 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'consulting' S-1-5-21-2735607581-4209329500-3995822880-3013 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'infogerance' S-1-5-21-2735607581-4209329500-3995822880-3017 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'devel' S-1-5-21-2735607581-4209329500-3995822880-3019 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'drh' S-1-5-21-2735607581-4209329500-3995822880-3021 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'invite' S-1-5-21-2735607581-4209329500-3995822880-5001 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
Exporting users
sid S-1-5-21-2735607581-4209329500-3995822880-500 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-2998 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1002 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1003 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1005 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1006 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-5000 does not belong to our domain
..........................................

Next rid = 1000
Exporting posix attributes
sid S-1-5-21-2735607581-4209329500-3995822880-500 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-2998 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1002 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1003 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1005 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1006 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-5000 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1013 does not belong to our domain
sid S-1-5-21-2735607581-4209329500-3995822880-1014 does not belong to our domain
........................................

Reading WINS database
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: guess_names: 'server role=auto' in /usr/local/samba/etc/smb.conf must match chosen server role 'active directory domain controller'!  Please remove the smb.conf file and let provision generate it
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1321, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 834, in upgrade_from_samba3
    use_ntvfs=use_ntvfs, skip_sysvolacl=True)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py", line 1875, in provision
    sitename=sitename, rootdn=rootdn)
  File "/usr/local/samba/lib/python2.6/site-packages/samba/provision/__init__.py", line 536, in guess_names
    raise ProvisioningError("guess_names: 'server role=%s' in %s must match chosen server role '%s'!  Please remove the smb.conf file and let provision generate it" % (lp.get("server role"), lp.configfile, serverrole))

J'ai tronqué certaines lignes identiques par des pointillés.

Si quelqu'un a une idée .. ?   Je comprends qu'il ne peut pas réimporter mes SID mais pourquoi..

Merci smile

Dernière modification par isador999 (Le 08/11/2012, à 17:17)

Hors ligne

#2 Le 09/11/2012, à 16:20

isador999

Re : Migration OpenLDAP Samba3 vers OpenLDAP Samba4

Après quelques recherches supplémentaires, j'ai pu obtenir les informations LDAP sur le nouveau serveur avec :

getent passwd
getent group

A priori, il fallait simplement installer libnss-ldap libpam-ldap, reprendre les 4 fichiers /etc/pam.d/common-  , ainsi que le fichier /etc/libnss_ldap.com de l'ancien serveur et redémarrer le service NSCD.


Par contre, j'ai toujours la même erreur lors de la commande de migration...

Je pense que je devrais supprimer les entrées SID, mais je ne sais pas vraiment comment faire...
Et puis, si je les supprime, Samba va-t-il réussir à recréer mes groupes correctement  ??
Galère !

N'importe quelles idées, questions, suggestions sont les bienvenues !
Merci de votre aide.

Hors ligne

#3 Le 27/12/2012, à 11:47

Boulabytes

Re : Migration OpenLDAP Samba3 vers OpenLDAP Samba4

Bonjour,

Il me semble que tu as deux problèmes. Celui avec les SID et celui avec le smb.conf.

Tu utilises la commande suivante :
/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/usr/local/samba/var/lib/  --use-xattrs=yes  /usr/local/samba/etc/smb.conf

Hors  /usr/local/samba/etc/smb.conf est justement l'emplacement où samba4 cherche à créer un nouveau smb.conf issu du script de migration. Je te suggère de copier le smb.conf de samba3 ailleurs disons dans /root et de lancer la commande suivante :
/usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/usr/local/samba/var/lib/  --use-xattrs=yes  /root/smb.conf
idem pour les fichiers .tdb il me semble que /usr/local/samba/var/lib/ est l'endroit où samba4 veut créer les nouveaux donc il vaut mieux copier les anciens ailleurs et changer le chemin dans le commande en conséquence.

Cordialement.

Dernière modification par Boulabytes (Le 27/12/2012, à 11:47)

Hors ligne

Pages : 1