Samba4 upgrade: registraton of msgpo.schema failed

Hallo Forum, hallo Univention Team,

ich versuche bei zwei verschiedenen Kunden einen UCS 3.2-6 Master von Samba3 auf Samba4 zu Upgraden, und habe bei beiden Kunden das (zumindest Augenscheinlich) gleiche Problem.

Der UCS-Master ist der einzige Server in der Domäne.

Ich gehe nach der Anleitung im Wiki vor, und zwar nach Szenario 2 “In Place Migration”

#/usr/share/univention-directory-manager-tools/proof_uniqueMembers Checking if users are member of their primary group... Checked 560 posixAccounts, fixed 0 issues. Checking if group-members exist... Checked 37 posixGroups, fixed 0 issues.

ucr get kerberos/realm MEINEDOM.LOCAL hostname --fqdn server.meinedom.local

Wenn ich nun nach dem setzen der im Wiki beschriebenen UCR Variablen mit

ucr set samba4/ignore/mixsetup=yes \ samba4/ntacl/backend=native \ samba/debug/level=1 \ connector/s4/mapping/group/grouptype=false

die Installation des S4-Connectors starte, scheint alles prima zu laufen (Viele Objekte werden angelegt) bis zur Ausgabe:

Waiting for activation of the extension object msgpo: ........ERROR ERROR: Master did not mark the extension object active within 180 seconds. ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed. Joinscript 97univention-s4-connector.inst finished with exitcode 1 Stopping univention-s4-connector daemon. failed. Starting univention-s4-connector daemon. done. Trigger für python-support werden verarbeitet ...
Alle weiteren Schritte schlagen fehl:

/usr/share/univention-s4-connector/univention-s4-position-sync --dry-run Option --dry-run given, checking only: Traceback (most recent call last): File "/usr/share/univention-s4-connector/univention-s4-position-sync", line 187, in <module> s4=S4Connector(ucr) File "/usr/share/univention-s4-connector/univention-s4-position-sync", line 120, in __init__ ucr['%s/s4/listener/dir' % CONFIGBASENAME]) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/__init__.py", line 760, in __init__ timeout=-1, sizelimit=0) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 814, in search_ext_s return self._apply_method_s(SimpleLDAPObject.search_ext_s,*args,**kwargs) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 773, in _apply_method_s return func(self,*args,**kwargs) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 495, in search_ext_s msgid = self.search_ext(base,scope,filterstr,attrlist,attrsonly,serverctrls,clientctrls,timeout,sizelimit) File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 491, in search_ext timeout,sizelimit, File "/usr/lib/python2.6/dist-packages/ldap/ldapobject.py", line 96, in _ldap_call result = func(*args,**kwargs) ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}

Der Univention-LDAP-Server ist aber nach wie vor erreichbar (univention-ldap-search funktioniert).

Ein Reboot ändernt nichts, ebenso scheitert erneutes aufrufen der Join-Scripte. Ein connector-s4.log ist noch nicht vorhanden.

Hat jemand einen Tip für mich wie ich weitermachen kann? Oder werden noch Infos benötigt?

Beste Grüße
Gerd Wilhelm

Ein längerer Auszug aus der join.log könnte hilfreich sein. Ansosnten haben ich nur diesen Bug dazu gefunden.

Hallo Forum, hallo SirTux,

ich bin leider nicht weitergekommen:

die /var/log/univention/join.log bleibt wärend der installation des S4-connectors ohne einträge, obwohl die Installation mit Joinscript 97univention-s4-connector.inst finished with exitcode 1 endet.

Erst wenn ich nochmal univention-run-joinscripts aufrufe, erhalte ich eine join.log mit dem unten folgenden Inhalt. Danach poste ich mal Konsolenausgabe die kommt wenn ich univention-install univention-s4-connector aufrufe.

Bin Dankbar für jeden Tip.
LG Gerd

[code]univention-run-join-scripts started
Do 18. Jun 12:25:47 CEST 2015

RUNNING 01univention-ldap-server-init.inst
EXITCODE=already_executed
RUNNING 02univention-directory-notifier.inst
EXITCODE=already_executed
RUNNING 03univention-directory-listener.inst
EXITCODE=already_executed
RUNNING 04univention-ldap-client.inst
EXITCODE=already_executed
RUNNING 05univention-bind.inst
EXITCODE=already_executed
RUNNING 08univention-apache.inst
EXITCODE=already_executed
RUNNING 10univention-ldap-server.inst
EXITCODE=already_executed
RUNNING 11univention-heimdal-init.inst
EXITCODE=already_executed
RUNNING 11univention-pam.inst
EXITCODE=already_executed
RUNNING 15univention-directory-notifier-post.inst
EXITCODE=already_executed
RUNNING 15univention-heimdal-kdc.inst
EXITCODE=already_executed
RUNNING 18python-univention-directory-manager.inst
EXITCODE=already_executed
RUNNING 20univention-directory-policy.inst
EXITCODE=already_executed
RUNNING 20univention-join.inst
EXITCODE=already_executed
RUNNING 25univention-dhcp.inst
EXITCODE=already_executed
RUNNING 26univention-nagios-common.inst
EXITCODE=already_executed
RUNNING 30univention-nagios-client.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-server.inst
EXITCODE=already_executed
RUNNING 34univention-management-console-web-server.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-appcenter.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ipchange.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-join.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-lib.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-mrtg.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-printers.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-quota.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-reboot.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-services.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-setup.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-sysinfo.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-top.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-ucr.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-udm.inst
EXITCODE=already_executed
RUNNING 35univention-management-console-module-updater.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-cups.inst
EXITCODE=already_executed
RUNNING 35univention-nagios-squid.inst
EXITCODE=already_executed
RUNNING 36univention-management-console-module-apps.inst
EXITCODE=already_executed
RUNNING 40univention-postgresql.inst
EXITCODE=already_executed
RUNNING 40univention-virtual-machine-manager-schema.inst
EXITCODE=already_executed
RUNNING 62univention-bareos.inst
EXITCODE=already_executed
RUNNING 67univention-mail-server.inst
EXITCODE=already_executed
RUNNING 79univention-printserver.inst
EXITCODE=already_executed
RUNNING 79univention-squid.inst
EXITCODE=already_executed
RUNNING 80univention-printquota.inst
EXITCODE=already_executed
RUNNING 81univention-mail-cyrus.inst
EXITCODE=already_executed
RUNNING 81univention-nfs-server.inst
EXITCODE=already_executed
RUNNING 90univention-bind-post.inst
EXITCODE=already_executed
RUNNING 92univention-fetchmail-schema.inst
EXITCODE=already_executed
RUNNING 92univention-fetchmail.inst
EXITCODE=already_executed
RUNNING 95univention-admingrp-user-passwordreset.inst
EXITCODE=already_executed
RUNNING 96univention-samba4.inst
EXITCODE=already_executed
RUNNING 97univention-s4-connector.inst
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
Object exists: cn=gPLink,cn=custom attributes,cn=univention,dc=ali-giessen,dc=local
Object exists: cn=Builtin,dc=ali-giessen,dc=local
Object exists: cn=System,dc=ali-giessen,dc=local
Object exists: cn=Policies,cn=System,dc=ali-giessen,dc=local
Object exists: ou=Domain Controllers,dc=ali-giessen,dc=local
Object exists: cn=WMIPolicy,cn=System,dc=ali-giessen,dc=local
Object exists: cn=SOM,cn=WMIPolicy,cn=System,dc=ali-giessen,dc=local
Object exists: cn=ldapschema,cn=univention,dc=ali-giessen,dc=local
INFO: No change of core data of object msgpo.
INFO: No change of core data of object mswmi.
Object exists: cn=udm_module,cn=univention,dc=ali-giessen,dc=local
INFO: No change of core data of object container/msgpo.
No modification: cn=msgpo,cn=ldapschema,cn=univention,dc=ali-giessen,dc=local

No modification: cn=mswmi,cn=ldapschema,cn=univention,dc=ali-giessen,dc=local

No modification: cn=container/msgpo,cn=udm_module,cn=univention,dc=ali-giessen,dc=local

Waiting for activation of the extension object msgpo: OK
Waiting for activation of the extension object mswmi: OK
Waiting for activation of the extension object container/msgpo: OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/container/msgpo.py: OK
Terminating running univention-cli-server processes.
Object exists: cn=udm_module,cn=univention,dc=ali-giessen,dc=local
Object created: cn=settings/mswmifilter,cn=udm_module,cn=univention,dc=ali-giessen,dc=local

Waiting for activation of the extension object settings/mswmifilter:.OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/settings/mswmifilter.py: OK
Terminating running univention-cli-server processes.
Samba4 does not seem to be provisioned, exiting /usr/lib/univention-install/97univention-s4-connector.inst
EXITCODE=1
RUNNING 98univention-pkgdb-tools.inst
EXITCODE=already_executed
RUNNING 98univention-samba4-dns.inst
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Do 18. Jun 12:25:57 CEST 2015
univention-run-join-scripts finished
[/code]

********************************************************************************************
***** Konsolenausgabe nach univention-install univention-s4-connector **********************
***** Anfang fehlt, dort sind aber keine Fehlermeldungen oder Warnungen ********************
********************************************************************************************


Create security/packetfilter/package/univention-samba4/udp/123/all
Create security/packetfilter/package/univention-samba4/udp/123/all/en
Create security/packetfilter/package/univention-samba4/tcp/135/all
Create security/packetfilter/package/univention-samba4/tcp/135/all/en
Create security/packetfilter/package/univention-samba4/tcp/137:139/all
Create security/packetfilter/package/univention-samba4/tcp/137:139/all/en
Create security/packetfilter/package/univention-samba4/udp/137:139/all
Create security/packetfilter/package/univention-samba4/udp/137:139/all/en
Create security/packetfilter/package/univention-samba4/tcp/445/all
Create security/packetfilter/package/univention-samba4/tcp/445/all/en
Create security/packetfilter/package/univention-samba4/udp/445/all
Create security/packetfilter/package/univention-samba4/udp/445/all/en
Create security/packetfilter/package/univention-samba4/tcp/1024/all
Create security/packetfilter/package/univention-samba4/tcp/1024/all/en
Create security/packetfilter/package/univention-samba4/tcp/3268/all
Create security/packetfilter/package/univention-samba4/tcp/3268/all/en
Create security/packetfilter/package/univention-samba4/tcp/3269/all
Create security/packetfilter/package/univention-samba4/tcp/3269/all/en
Create security/packetfilter/package/univention-samba4/tcp/88/all
Create security/packetfilter/package/univention-samba4/tcp/88/all/en
Create security/packetfilter/package/univention-samba4/udp/88/all
Create security/packetfilter/package/univention-samba4/udp/88/all/en
Create security/packetfilter/package/univention-samba4/tcp/464/all
Create security/packetfilter/package/univention-samba4/tcp/464/all/en
Create security/packetfilter/package/univention-samba4/udp/464/all
Create security/packetfilter/package/univention-samba4/udp/464/all/en
Create security/packetfilter/package/univention-samba4/tcp/749/all
Create security/packetfilter/package/univention-samba4/tcp/749/all/en
File: /etc/security/packetfilter.d/10_univention-firewall_start.sh
File: /etc/security/packetfilter.d/80_univention-firewall_policy.sh
Stopping Univention iptables configuration::.
Starting Univention iptables configuration::.
Create samba4/autostart
Multifile: /etc/samba/smb.conf
Create samba/domain/master
Multifile: /etc/samba/smb.conf
Stopping NTP server: ntpd.
Starting NTP server: ntpd.
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 3851) 0s, normally down
done.
Calling joinscript 96univention-samba4.inst ...
WARNING: It is not possible to install a samba 4 domaincontroller 
         into a samba 3 environment. samba4/ignore/mixsetup is true.
         Continue as requested
Create samba4/role
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Multifile: /etc/samba/smb.conf
Setting samba/quota/command
Multifile: /etc/samba/smb.conf
Stopping Samba daemons: nmbd smbd.
Stopping the Winbind daemon: winbind.
Stopping Heimdal password server: kpasswdd.
Stopping Heimdal KDC: heimdal-kdc.
Setting samba/autostart
Create winbind/autostart
Setting kerberos/autostart
Multifile: /etc/samba/smb.conf
Setting samba4/autostart
Multifile: /etc/samba/smb.conf
Create samba4/ldap/base
Multifile: /etc/samba/smb.conf
Object created: cn=Builtin,dc=ali-giessen,dc=local
Object created: cn=Enterprise Domain Controllers,cn=groups,dc=ali-giessen,dc=local
modifying entry "cn=Enterprise Domain Controllers,cn=groups,dc=ali-giessen,dc=local"

Object modified: cn=Enterprise Domain Controllers,cn=groups,dc=ali-giessen,dc=local
Object created: cn=Remote Interactive Logon,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Remote Interactive Logon,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=SChannel Authentication,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=SChannel Authentication,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Digest Authentication,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Digest Authentication,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Terminal Server User,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Terminal Server User,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=NTLM Authentication,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=NTLM Authentication,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Other Organization,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Other Organization,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=This Organization,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=This Organization,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Anonymous Logon,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Anonymous Logon,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Network Service,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Network Service,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Creator Group,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Creator Group,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Creator Owner,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Creator Owner,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Local Service,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Local Service,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Owner Rights,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Owner Rights,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Interactive,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Interactive,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Restricted,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Restricted,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Network,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Network,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Service,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Service,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Dialup,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Dialup,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=System,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=System,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Batch,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Batch,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Proxy,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Proxy,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=IUSR,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=IUSR,cn=Builtin,dc=ali-giessen,dc=local"

Object created: cn=Self,cn=Builtin,dc=ali-giessen,dc=local
modifying entry "cn=Self,cn=Builtin,dc=ali-giessen,dc=local"

Create samba/share/netlogon
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Stopping Samba AD DC daemon: samba nmbd.
Create kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
WARNING: The following Samba 3 domaincontroller have been found:
         neu
         It is not possible to install a samba 4 domaincontroller 
         into a samba 3 environment.samba4/ignore/mixsetup is true.
         Continue as requested
Create samba4/function/level
Multifile: /etc/samba/smb.conf
Object modified: cn=Windows Hosts,cn=groups,dc=ali-giessen,dc=local
Object modified: cn=DC Backup Hosts,cn=groups,dc=ali-giessen,dc=local
Object modified: cn=DC Slave Hosts,cn=groups,dc=ali-giessen,dc=local
Object modified: cn=Computers,cn=groups,dc=ali-giessen,dc=local
Object modified: cn=Power Users,cn=groups,dc=ali-giessen,dc=local
UPN: None
Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
WARNING: The "use spnego" option is deprecated
lp_int(): value is NULL or empty!
lp_bool(): value is NULL or empty!
Provisioning
Exporting account policy
Exporting groups
GROUP 'Users'
GROUP SID 'S-1-5-32-545'
Ignoring group 'Users' S-1-5-32-545 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Guests'
GROUP SID 'S-1-5-32-546'
Ignoring group 'Guests' S-1-5-32-546 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Nobody'
GROUP SID 'S-1-0-0'
GROUP 'interne'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3007'
GROUP 'Everyone'
GROUP SID 'S-1-1-0'
GROUP 'Computers'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11015'
GROUP 'opsiadmin'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3003'
GROUP 'druck2000'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3017'
GROUP 'Slave Join'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11019'
GROUP 'Power Users'
GROUP SID 'S-1-5-32-547'
Ignoring group 'Power Users' S-1-5-32-547 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Replicators'
GROUP SID 'S-1-5-32-552'
Ignoring group 'Replicators' S-1-5-32-552 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Backup Join'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11017'
GROUP 'Domain Users'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-513'
GROUP 'Domain Admins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-512'
GROUP 'Domain Guests'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-514'
GROUP 'Windows Hosts'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11011'
GROUP 'Nagios Admins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3033'
GROUP 'DC Slave Hosts'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11013'
GROUP 'Administrators'
GROUP SID 'S-1-5-32-544'
Ignoring group 'Administrators' S-1-5-32-544 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Printer-Admins'
GROUP SID 'S-1-5-32-550'
Ignoring group 'Printer-Admins' S-1-5-32-550 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Null Authority'
GROUP SID 'S-1-0'
FAILED to get SID/rid
GROUP 'DC Backup Hosts'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11012'
GROUP 'drucken-150-100'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3015'
GROUP 'World Authority'
GROUP SID 'S-1-1'
FAILED to get SID/rid
GROUP 'System Operators'
GROUP SID 'S-1-5-32-549'
Ignoring group 'System Operators' S-1-5-32-549 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Backup Operators'
GROUP SID 'S-1-5-32-551'
Ignoring group 'Backup Operators' S-1-5-32-551 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'teilnehmeradmins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3005'
GROUP 'sozpaedpraktikum'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3019'
GROUP 'Account Operators'
GROUP SID 'S-1-5-32-548'
Ignoring group 'Account Operators' S-1-5-32-548 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Enterprise Admins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-519'
GROUP 'OPSI Depot Servers'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-11029'
GROUP 'Authenticated Users'
GROUP SID 'S-1-5-11'
GROUP 'User Password Admins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3013'
GROUP 'materialfilmlager'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3035'
GROUP 'drucklimitadmins'
GROUP SID 'S-1-5-21-1917212790-3159163704-3442502427-3037'
GROUP 'Enterprise Domain Controllers'
GROUP SID 'S-1-5-9'
Ignoring 'well known' group 'Enterprise Domain Controllers' (should already be in AD, and have no members)
GROUP 'Remote Interactive Logon'
GROUP SID 'S-1-5-14'
Ignoring 'well known' group 'Remote Interactive Logon' (should already be in AD, and have no members)
GROUP 'SChannel Authentication'
GROUP SID 'S-1-5-64-14'
Ignoring 'well known' group 'SChannel Authentication' (should already be in AD, and have no members)
GROUP 'Digest Authentication'
GROUP SID 'S-1-5-64-21'
Ignoring 'well known' group 'Digest Authentication' (should already be in AD, and have no members)
GROUP 'Terminal Server User'
GROUP SID 'S-1-5-13'
Ignoring 'well known' group 'Terminal Server User' (should already be in AD, and have no members)
GROUP 'NTLM Authentication'
GROUP SID 'S-1-5-64-10'
Ignoring 'well known' group 'NTLM Authentication' (should already be in AD, and have no members)
GROUP 'Other Organization'
GROUP SID 'S-1-5-1000'
Ignoring 'well known' group 'Other Organization' (should already be in AD, and have no members)
GROUP 'This Organization'
GROUP SID 'S-1-5-15'
Ignoring 'well known' group 'This Organization' (should already be in AD, and have no members)
GROUP 'Anonymous Logon'
GROUP SID 'S-1-5-7'
Ignoring 'well known' group 'Anonymous Logon' (should already be in AD, and have no members)
GROUP 'Network Service'
GROUP SID 'S-1-5-20'
Ignoring 'well known' group 'Network Service' (should already be in AD, and have no members)
GROUP 'Creator Group'
GROUP SID 'S-1-3-1'
Ignoring 'well known' group 'Creator Group' (should already be in AD, and have no members)
GROUP 'Creator Owner'
GROUP SID 'S-1-3-0'
Ignoring 'well known' group 'Creator Owner' (should already be in AD, and have no members)
GROUP 'Local Service'
GROUP SID 'S-1-5-19'
Ignoring 'well known' group 'Local Service' (should already be in AD, and have no members)
GROUP 'Owner Rights'
GROUP SID 'S-1-3-4'
Ignoring 'well known' group 'Owner Rights' (should already be in AD, and have no members)
GROUP 'Interactive'
GROUP SID 'S-1-5-4'
Ignoring 'well known' group 'Interactive' (should already be in AD, and have no members)
GROUP 'Restricted'
GROUP SID 'S-1-5-12'
Ignoring 'well known' group 'Restricted' (should already be in AD, and have no members)
GROUP 'Network'
GROUP SID 'S-1-5-2'
Ignoring 'well known' group 'Network' (should already be in AD, and have no members)
GROUP 'Service'
GROUP SID 'S-1-5-6'
Ignoring 'well known' group 'Service' (should already be in AD, and have no members)
GROUP 'Dialup'
GROUP SID 'S-1-5-1'
Ignoring 'well known' group 'Dialup' (should already be in AD, and have no members)
GROUP 'System'
GROUP SID 'S-1-5-18'
Ignoring 'well known' group 'System' (should already be in AD, and have no members)
GROUP 'Batch'
GROUP SID 'S-1-5-3'
Ignoring 'well known' group 'Batch' (should already be in AD, and have no members)
GROUP 'Proxy'
GROUP SID 'S-1-5-8'
Ignoring 'well known' group 'Proxy' (should already be in AD, and have no members)
GROUP 'IUSR'
GROUP SID 'S-1-5-17'
Ignoring 'well known' group 'IUSR' (should already be in AD, and have no members)
GROUP 'Self'
GROUP SID 'S-1-5-10'
Ignoring 'well known' group 'Self' (should already be in AD, and have no members)
Exporting users
  Skipping wellknown rid=500 (for username=Administrator)
Next rid = 11030
Failed to connect to ldap URL 'ldap://neu.ali-giessen.local:7389' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://neu.ali-giessen.local:7389' with backend 'ldap': (null)
Could not open ldb connection to ldap://neu.ali-giessen.local:7389, the error message is: (1, None)
Trying to dig.
Failed to connect to ldap URL 'ldap://192.168.0.4:7389' - LDAP client internal error: NT_STATUS_HOST_UNREACHABLE
Failed to connect to 'ldap://192.168.0.4:7389' with backend 'ldap': (null)
ERROR(ldb): uncaught exception - None
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/domain.py", line 1399, in run
    useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs, no_upn=no_upn)
  File "/usr/lib/python2.6/dist-packages/samba/upgrade.py", line 851, in upgrade_from_samba3
    ldb_object = Ldb(url.replace(url_hostname, stdout.rstrip('\n')), credentials=creds)
  File "/usr/lib/python2.6/dist-packages/samba/__init__.py", line 114, in __init__
    self.connect(url, flags, options)
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=ALI-GIESSEN,cn=Primary Domains at block before line 8
Modify failed after processing 0 records
ERROR(runtime): uncaught exception - Unable to load default file
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/user.py", line 581, in run
    lp = sambaopts.get_loadparm()
  File "/usr/lib/python2.6/dist-packages/samba/getopt.py", line 92, in get_loadparm
    self._lp.load_default()
ERROR(runtime): uncaught exception - Unable to load default file
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/user.py", line 581, in run
    lp = sambaopts.get_loadparm()
  File "/usr/lib/python2.6/dist-packages/samba/getopt.py", line 92, in get_loadparm
    self._lp.load_default()
cp: Aufruf von stat für „/var/lib/samba/private/phpldapadmin-config.php“ nicht möglich: Datei oder Verzeichnis nicht gefunden
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting ldap/server/port
File: /etc/imapd/imapd.conf
File: /etc/pam.d/smtp
File: /etc/pam.d/imap
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/pam.d/sieve
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.virtual
File: /etc/libnss-ldap.conf
File: /etc/postgresql/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
File: /etc/dhcp/dhcpd.conf
File: /etc/pam.d/pop
Multifile: /etc/postfix/master.cf
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.saslusermapping
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/squid3/squid.conf
File: /etc/ldap/ldap.conf
Setting ldap/master/port
File: /etc/ntp.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Check database: ...done.
Starting ldap server(s): slapd ...done.
Checking Schema ID: ...done.
Restarting univention-directory-listener daemon.
timeout: run: univention-directory-listener: (pid 3851) 79s, normally down, got TERM
done.
Restarting Univention Management Console Server.
done.
Create windows/wins-support
Create windows/wins-server
Multifile: /etc/samba/smb.conf
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=ALI-GIESSEN,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=ALI-GIESSEN,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
restore_rIDNextRID: Attribute rIDSetReferences not found
ERROR(runtime): uncaught exception - Unable to load default file
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.6/dist-packages/samba/netcmd/ntacl.py", line 170, in run
    lp = sambaopts.get_loadparm()
  File "/usr/lib/python2.6/dist-packages/samba/getopt.py", line 92, in get_loadparm
    self._lp.load_default()
Samba4 does not seem to be provisioned, exiting /usr/share/univention-samba4/scripts/setup-dns-in-ucsldap.sh
neu.ali-giessen.local port 7389 is not offering the Service 'Samba 4'
Object modified: relativeDomainName=_ldap._tcp,zoneName=ali-giessen.local,cn=dns,dc=ali-giessen,dc=local
ERR: (No such object) "ldb_wait: No such object (32)" on DN CN=neu,OU=Domain Controllers,DC=ALI-GIESSEN,DC=LOCAL at block before line 7
Modify failed after processing 0 records
Create samba4/sysvol/sync/cron
File: /etc/cron.d/sysvol-sync
Multifile: /etc/samba/smb.conf
Object modified: zoneName=ali-giessen.local,cn=dns,dc=ali-giessen,dc=local
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=ALI-GIESSEN,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=ALI-GIESSEN,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
Object exists: cn=neu.ali-giessen.local,cn=shares,dc=ali-giessen,dc=local
No modification: cn=neu.ali-giessen.local,cn=shares,dc=ali-giessen,dc=local
Stopping Samba AD DC daemon: samba nmbd.
WARNING: Failed to search for S4 connector DC
Object exists: cn=services,cn=univention,dc=ali-giessen,dc=local
Object created: cn=Samba 4,cn=services,cn=univention,dc=ali-giessen,dc=local
Object modified: cn=neu,cn=dc,cn=computers,dc=ali-giessen,dc=local
Joinscript 96univention-samba4.inst finished with exitcode 0
Trigger für python-central werden verarbeitet ...
python-univention-connector-s4 (8.0.33-89.549.201505130950) wird eingerichtet ...
univention-s4-connector (8.0.33-89.549.201505130950) wird eingerichtet ...
File: /etc/logrotate.d/univention-s4-connector
Create connector/s4/listener/dir
Create connector/s4/poll/sleep
Create connector/s4/retryrejected
Create connector/s4/ldap/port
Create connector/s4/ldap/ssl
Create connector/debug/function
Create connector/debug/level
Create connector/ad/mapping/group/language
Create connector/s4/mapping/syncmode
Create connector/s4/mapping/sid
Create connector/s4/mapping/gpo
Create connector/s4/mapping/user/ignorelist
Not updating connector/s4/mapping/group/grouptype
Create connector/s4/mapping/group/ignorelist
Create connector/s4/mapping/group/table/Printer-Admins
Create connector/s4/mapping/container/ignorelist
Create connector/s4/mapping/dns/ignorelist
Restarting univention-directory-listener daemon.
timeout: run: univention-directory-listener: (pid 3851) 106s, normally down, got TERM
done.
Calling joinscript 97univention-s4-connector.inst ...
Create connector/s4/ldap/host
Create connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Create connector/s4/mapping/group/language
Create connector/s4/ldap/protocol
Create connector/s4/ldap/socket
Object created: cn=gPLink,cn=custom attributes,cn=univention,dc=ali-giessen,dc=local
Object exists: cn=Builtin,dc=ali-giessen,dc=local
Object created: cn=System,dc=ali-giessen,dc=local
Object created: cn=Policies,cn=System,dc=ali-giessen,dc=local
Object created: ou=Domain Controllers,dc=ali-giessen,dc=local
Object created: cn=WMIPolicy,cn=System,dc=ali-giessen,dc=local
Object created: cn=SOM,cn=WMIPolicy,cn=System,dc=ali-giessen,dc=local
Object exists: cn=ldapschema,cn=univention,dc=ali-giessen,dc=local
Object created: cn=msgpo,cn=ldapschema,cn=univention,dc=ali-giessen,dc=local

Object created: cn=mswmi,cn=ldapschema,cn=univention,dc=ali-giessen,dc=local

Object exists: cn=udm_module,cn=univention,dc=ali-giessen,dc=local
Object created: cn=container/msgpo,cn=udm_module,cn=univention,dc=ali-giessen,dc=local

Waiting for activation of the extension object msgpo:........................................................ERROR
ERROR: Master did not mark the extension object active within 180 seconds.
ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed.
Joinscript 97univention-s4-connector.inst finished with exitcode 1
Stopping univention-s4-connector daemon.
failed.
Starting univention-s4-connector daemon.
done.
Trigger für python-support werden verarbeitet ...
root@neu:~# ;2A

Welche IP hat denn der UCS Server? Stimmt denn die 0.4?

Failed to connect to ldap URL 'ldap://192.168.0.4:7389' - LDAP client internal error: NT_STATUS_HOST_UNREACHABLE
Failed to connect to 'ldap://192.168.0.4:7389' with backend 'ldap': (null)

Bei mir in der Logdatei versucht er erst per Namen auf den LDAP zu kommen, das klappt nicht, dann kommt die Zeile Trying to dig. gefolgt von Exporting posix attributes. Hier versucht er es dann per IP.

Haut denn “Make sure that the existing UCS Kerberos realm (UCR Variable kerberos/realm) matches the DNS domainname of the UCS domain. This is mandatory.” hin?
Was gibt denn ucr get domainname raus?

[quote=“edvbgstgruene”]Stimmt denn die 0.4?

[/quote]

Vielen Dank fürs drübergucken. Dies war in der Tat einer der Fehler, der sich beim kopieren des Produktivsystems in das Testsystem eingeschlichen hatte. Gefunden habe dann noch weitere Fehler die sich durch die IP-Änderung ergeben haben durch “ucs dumo | grep alte.ip.adresse.123”

Inzwischen läuft das Upgrade durch (HURRA), hier mal eine Liste der Hinderungsgründe die ich sonst noch gefunden habe, wobei ich nicht sicher weiss, ob jeder dieser Fehler das Upgrade verhindert hätte:

[]Nach IP-Änderung ucr Variable ldap/acl/read/ip nicht angepasst
[]ein Dateisystem im Testsystem nicht gemounted, auf das aber eine Samba-Freigabe eingerichtet war
[]mein Editor (joe) hatte im Verz. /etc/samba/shares.conf.d einen Absturzbericht hinterlassen, der dann in die smb.conf mit eingebaut wurde.
[]Einige Objekte (ein Rechnerobjekt, dass nicht im richtigen Container war und zwei Gruppen) gelöscht.
[*]Vorsorglich OSPI vor dem Samba4 Umpgrade deinstalliert und alle OPSI-Benutzer und Gruppen gelöscht.

So long

Gerd