Hi,
ich habe auf UCS 3.2.5 mit Samba 3 eine Migration auf Samba 4 versucht, die leider völlig in die Hose gegangen ist.
Zunächst habe ich die SID angepasst:
/usr/share/univention-samba/set_domain_sid
/usr/share/univention-samba/change_sid
Danach die User und Gruppen aus einem LDAP-Dump importiert.
Dazu habe ich dieses Skript als Basis verwendet:
github.com/dansan/Samba3toUCS
Zusätzlich habe ich eingebunden, dass die Samba-RIDs korrekt gesetzt werden.
Das hat soweit sehr gut funktioniert.
Die Installation von Samba 4 ist dann so verlaufen:
root@univention1:~# ucr get samba4/ignore/mixsetup
yes
root@univention1:~# ucr get samba4/ntacl/backend
native
root@univention1:~# ucr get samba/debug/level
1
root@univention1:~# ucr get connector/s4/mapping/group/grouptype
false
root@univention1:~#
root@univention1:~#
root@univention1:~# univention-install univention-s4-connector
OK http://updates.software-univention.de 3.0-0/all/ Release.gpg
Ign http://updates.software-univention.de/3.0/maintained/ 3.0-0/all/ Translation-de
[..]
OK http://updates.software-univention.de 3.0-0/all/ Release
OK http://updates.software-univention.de 3.0-0/amd64/ Release
[..]
Hole:11 http://updates.software-univention.de 3.2-5-errata/all/ Packages [10,3 kB]
Hole:12 http://updates.software-univention.de 3.2-5-errata/amd64/ Packages [19,6 kB]
Es wurden 65,5 kB in 1 s geholt (33,0 kB/s)
Paketlisten werden gelesen...
Paketlisten werden gelesen...
Abhängigkeitsbaum wird aufgebaut...
Statusinformationen werden eingelesen...
Die folgenden Pakete wurden automatisch installiert und werden nicht mehr benötigt:
expect tcl8.5
Verwenden Sie »apt-get autoremove«, um sie zu entfernen.
Die folgenden zusätzlichen Pakete werden installiert:
attr ldb-tools libdcerpc-server0 python-pysqlite2
python-univention-connector-s4 samba-ad-dc samba-dsdb-modules samba4
samba4-clients sqlite3 univention-samba4 univention-samba4-sysvol-sync
Vorgeschlagene Pakete:
python-pysqlite2-doc python-pysqlite2-dbg samba-gtk swat2 sqlite3-doc
Die folgenden Pakete werden ENTFERNT:
univention-samba
Die folgenden NEUEN Pakete werden installiert:
attr ldb-tools libdcerpc-server0 python-pysqlite2
python-univention-connector-s4 samba-ad-dc samba-dsdb-modules samba4
samba4-clients sqlite3 univention-s4-connector univention-samba4
univention-samba4-sysvol-sync
0 aktualisiert, 13 neu installiert, 1 zu entfernen und 38 nicht aktualisiert.
Es müssen 3328 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 16,6 MB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren [J/n]? J
Hole:1 http://updates.software-univention.de/3.0/maintained/ 3.0-2/amd64/ attr 1:2.4.44-2.14.201207031515 [46,9 kB]
[..]
Hole:13 http://updates.software-univention.de/3.2/maintained/ 3.2-5/all/ univention-s4-connector 8.0.33-88.537.201412151702 [63,2 kB]
Vorkonfiguration der Pakete ...
Es wurden 3328 kB in 2 s geholt (1301 kB/s)
(Lese Datenbank ... 64874 Dateien und Verzeichnisse sind derzeit installiert.)
Entfernen von univention-samba ...
Multifile: /etc/samba/smb.conf
Unsetting security/packetfilter/package/univention-samba/tcp/137:139/all
Unsetting security/packetfilter/package/univention-samba/tcp/137:139/all/en
Unsetting security/packetfilter/package/univention-samba/udp/137:139/all
Unsetting security/packetfilter/package/univention-samba/udp/137:139/all/en
Unsetting security/packetfilter/package/univention-samba/udp/137/all
Unsetting security/packetfilter/package/univention-samba/tcp/445/all
Unsetting security/packetfilter/package/univention-samba/tcp/445/all/en
Unsetting security/packetfilter/package/univention-samba/udp/445/all
Unsetting security/packetfilter/package/univention-samba/udp/445/all/en
File: /etc/security/packetfilter.d/10_univention-firewall_start.sh
File: /etc/security/packetfilter.d/80_univention-firewall_policy.sh
Stopping Univention iptables configuration::.
Starting Univention iptables configuration::.
Unsetting samba/share/home
Unsetting samba/share/groups
Unsetting samba/adminusers
Unsetting samba/debug/level
Unsetting samba/os/level
Unsetting samba/profileserver
Unsetting samba/profilepath
Unsetting samba/homedirserver
Unsetting samba/homedirpath
Unsetting samba/homedirletter
Unsetting samba/script/adduser
Unsetting samba/script/deleteuser
Unsetting samba/script/addgroup
Unsetting samba/script/deletegroup
Unsetting samba/script/addusertogroup
Unsetting samba/script/deleteuserfromgroup
Unsetting samba/script/addmachine
Unsetting samba/script/setprimarygroup
Unsetting samba/script/postusermodify
Unsetting samba/winbind/nested/groups
Unsetting samba/encrypt_passwords
Unsetting samba/use_spnego
Unsetting samba/client_use_spnego
Unsetting samba/oplocks
Unsetting samba/kernel_oplocks
Unsetting samba/large_readwrite
Unsetting samba/deadtime
Unsetting samba/read_raw
Unsetting samba/write_raw
Unsetting samba/max_xmit
Unsetting samba/max_open_files
Unsetting samba/max/protocol
Unsetting samba/getwd_cache
Unsetting samba/store_dos_attributes
Unsetting samba/preserve_case
Unsetting samba/short_preserve_case
Unsetting samba/time_server
Unsetting samba/guest_account
Unsetting samba/map_to_guest
Unsetting samba/netlogon/sync
Unsetting samba/domain/logons
Unsetting samba/password/checkscript
Unsetting windows/wins-support
Unsetting samba/role
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 2759) 0s, normally down
done.
Trigger für univention-config werden verarbeitet ...
Kein Paket gefunden, das auf ldapacl_66univention-appcenter_app.acl passt.
Vormals abgewähltes Paket attr wird gewählt.
(Lese Datenbank ... 64839 Dateien und Verzeichnisse sind derzeit installiert.)
Entpacken von attr (aus .../attr_1%3a2.4.44-2.14.201207031515_amd64.deb) ...
Vormals abgewähltes Paket ldb-tools wird gewählt.
Entpacken von ldb-tools (aus .../ldb-tools_1%3a1.1.16-1.44.201308081854_amd64.deb) ...
Vormals abgewähltes Paket libdcerpc-server0 wird gewählt.
Entpacken von libdcerpc-server0 (aus .../libdcerpc-server0_2%3a4.1.0-1.722.201502181223_amd64.deb) ...
Vormals abgewähltes Paket python-pysqlite2 wird gewählt.
Entpacken von python-pysqlite2 (aus .../python-pysqlite2_2.6.0-1.6.201201310837_amd64.deb) ...
Vormals abgewähltes Paket python-univention-connector-s4 wird gewählt.
Entpacken von python-univention-connector-s4 (aus .../python-univention-connector-s4_8.0.33-88.537.201412151702_all.deb) ...
Vormals abgewähltes Paket samba-dsdb-modules wird gewählt.
Entpacken von samba-dsdb-modules (aus .../samba-dsdb-modules_2%3a4.1.0-1.722.201502181223_amd64.deb) ...
Vormals abgewähltes Paket samba-ad-dc wird gewählt.
Entpacken von samba-ad-dc (aus .../samba-ad-dc_2%3a4.1.0-1.722.201502181223_amd64.deb) ...
Vormals abgewähltes Paket samba4 wird gewählt.
Entpacken von samba4 (aus .../samba4_2%3a4.1.0-1.722.201502181223_amd64.deb) ...
Vormals abgewähltes Paket samba4-clients wird gewählt.
Entpacken von samba4-clients (aus .../samba4-clients_2%3a4.1.0-1.722.201502181223_amd64.deb) ...
Vormals abgewähltes Paket sqlite3 wird gewählt.
Entpacken von sqlite3 (aus .../sqlite3_3.7.3-1.14.201201310833_amd64.deb) ...
Vormals abgewähltes Paket univention-samba4-sysvol-sync wird gewählt.
Entpacken von univention-samba4-sysvol-sync (aus .../univention-samba4-sysvol-sync_3.0.39-35.591.201408281245_all.deb) ...
Vormals abgewähltes Paket univention-samba4 wird gewählt.
Entpacken von univention-samba4 (aus .../univention-samba4_3.0.39-35.591.201408281245_amd64.deb) ...
Vormals abgewähltes Paket univention-s4-connector wird gewählt.
Entpacken von univention-s4-connector (aus .../univention-s4-connector_8.0.33-88.537.201412151702_all.deb) ...
Trigger für man-db werden verarbeitet ...
Trigger für univention-config werden verarbeitet ...
Kein Paket gefunden, das auf ldapacl_66univention-appcenter_app.acl passt.
attr (1:2.4.44-2.14.201207031515) wird eingerichtet ...
ldb-tools (1:1.1.16-1.44.201308081854) wird eingerichtet ...
libdcerpc-server0 (2:4.1.0-1.722.201502181223) wird eingerichtet ...
python-pysqlite2 (2.6.0-1.6.201201310837) wird eingerichtet ...
samba-dsdb-modules (2:4.1.0-1.722.201502181223) wird eingerichtet ...
samba-ad-dc (2:4.1.0-1.722.201502181223) wird eingerichtet ...
samba4 (2:4.1.0-1.722.201502181223) wird eingerichtet ...
samba4-clients (2:4.1.0-1.722.201502181223) wird eingerichtet ...
sqlite3 (3.7.3-1.14.201201310833) wird eingerichtet ...
univention-samba4-sysvol-sync (3.0.39-35.591.201408281245) wird eingerichtet ...
File: /etc/cron.d/sysvol-cleanup
File: /etc/cron.d/sysvol-sync
Create samba4/sysvol/cleanup/cron
File: /etc/cron.d/sysvol-cleanup
univention-samba4 (3.0.39-35.591.201408281245) wird eingerichtet ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/logrotate.d/winbind wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/logrotate.d/samba wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/pam.d/samba wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/61univention-samba_misc wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/51univention-samba_domain wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/31univention-samba_password wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/92univention-samba_shares wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/71univention-samba_users wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/41univention-samba_printing wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/91univention-samba_shares wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/99univention-samba_local_shares wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/smb.conf.d/21univention-samba_winbind wird installiert ...
Neue Version der Konfigurationsdatei /etc/univention/templates/files/etc/samba/base.conf wird installiert ...
File: /etc/logrotate.d/univention-samba4
File: /etc/pam.d/samba
File: /etc/cron.d/univention-samba4-backup
File: /etc/logrotate.d/winbind
File: /etc/logrotate.d/samba
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
dpkg-statoverride: Ein Override für »/var/log/samba« existiert bereits, Abbruch.
Create samba/share/home
Create samba/share/groups
Create samba/adminusers
Create samba/encrypt_passwords
Create samba/use_spnego
Create samba/oplocks
Create samba/kernel_oplocks
Create samba/large_readwrite
Create samba/deadtime
Create samba/read_raw
Create samba/write_raw
Create samba/max_xmit
Create samba/max_open_files
Create samba/getwd_cache
Create samba/store_dos_attributes
Create samba/preserve_case
Create samba/short_preserve_case
Create samba/guest_account
Create samba/map_to_guest
Create samba/max/protocol
Create samba/enable-msdfs
Not updating samba/acl/allow/execute/always
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Create samba/profileserver
Create samba/profilepath
Create samba/homedirserver
Create samba/homedirpath
Create samba/homedirletter
Multifile: /etc/samba/smb.conf
Create samba/debug/level
Create samba4/sysvol/sync/jitter
Create samba4/service/smb
Create samba4/service/nmb
Not updating samba4/ntacl/backend
Create samba4/sysvol/sync/setfacl/AU
Create samba4/backup/cron
File: /etc/samba/base.conf
File: /etc/cron.d/sysvol-sync
File: /etc/cron.d/univention-samba4-backup
Multifile: /etc/samba/smb.conf
Create security/packetfilter/package/univention-samba4/tcp/389/all
Create security/packetfilter/package/univention-samba4/tcp/389/all/en
Create security/packetfilter/package/univention-samba4/udp/389/all
Create security/packetfilter/package/univention-samba4/udp/389/all/en
Create security/packetfilter/package/univention-samba4/tcp/636/all
Create security/packetfilter/package/univention-samba4/tcp/636/all/en
Create security/packetfilter/package/univention-samba4/tcp/53/all
Create security/packetfilter/package/univention-samba4/tcp/53/all/en
Create security/packetfilter/package/univention-samba4/udp/53/all
Create security/packetfilter/package/univention-samba4/udp/53/all/en
Create security/packetfilter/package/univention-samba4/udp/123/all
Create security/packetfilter/package/univention-samba4/udp/123/all/en
Create security/packetfilter/package/univention-samba4/tcp/135/all
Create security/packetfilter/package/univention-samba4/tcp/135/all/en
Create security/packetfilter/package/univention-samba4/tcp/137:139/all
Create security/packetfilter/package/univention-samba4/tcp/137:139/all/en
Create security/packetfilter/package/univention-samba4/udp/137:139/all
Create security/packetfilter/package/univention-samba4/udp/137:139/all/en
Create security/packetfilter/package/univention-samba4/tcp/445/all
Create security/packetfilter/package/univention-samba4/tcp/445/all/en
Create security/packetfilter/package/univention-samba4/udp/445/all
Create security/packetfilter/package/univention-samba4/udp/445/all/en
Create security/packetfilter/package/univention-samba4/tcp/1024/all
Create security/packetfilter/package/univention-samba4/tcp/1024/all/en
Create security/packetfilter/package/univention-samba4/tcp/3268/all
Create security/packetfilter/package/univention-samba4/tcp/3268/all/en
Create security/packetfilter/package/univention-samba4/tcp/3269/all
Create security/packetfilter/package/univention-samba4/tcp/3269/all/en
Create security/packetfilter/package/univention-samba4/tcp/88/all
Create security/packetfilter/package/univention-samba4/tcp/88/all/en
Create security/packetfilter/package/univention-samba4/udp/88/all
Create security/packetfilter/package/univention-samba4/udp/88/all/en
Create security/packetfilter/package/univention-samba4/tcp/464/all
Create security/packetfilter/package/univention-samba4/tcp/464/all/en
Create security/packetfilter/package/univention-samba4/udp/464/all
Create security/packetfilter/package/univention-samba4/udp/464/all/en
Create security/packetfilter/package/univention-samba4/tcp/749/all
Create security/packetfilter/package/univention-samba4/tcp/749/all/en
File: /etc/security/packetfilter.d/10_univention-firewall_start.sh
File: /etc/security/packetfilter.d/80_univention-firewall_policy.sh
Stopping Univention iptables configuration::.
Starting Univention iptables configuration::.
Create samba4/autostart
Multifile: /etc/samba/smb.conf
Create samba/domain/master
Multifile: /etc/samba/smb.conf
Stopping NTP server: ntpd.
Starting NTP server: ntpd.
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 3523) 1s, normally down
done.
Calling joinscript 96univention-samba4.inst ...
WARNING: It is not possible to install a samba 4 domaincontroller
into a samba 3 environment. samba4/ignore/mixsetup is true.
Continue as requested
Traceback (most recent call last):
File "<string>", line 2, in <module>
ImportError: No module named univention.lib.admember
Create samba4/role
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Multifile: /etc/samba/smb.conf
Setting samba/quota/command
Multifile: /etc/samba/smb.conf
Stopping Samba daemons: nmbd smbd.
Stopping Heimdal password server: kpasswdd.
Stopping Heimdal KDC: heimdal-kdc.
Setting samba/autostart
Create winbind/autostart
Setting kerberos/autostart
Multifile: /etc/samba/smb.conf
Setting samba4/autostart
Multifile: /etc/samba/smb.conf
Create samba4/ldap/base
Multifile: /etc/samba/smb.conf
Object created: cn=Builtin,dc=gfm,dc=local
Object created: cn=Authenticated Users,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Authenticated Users,cn=Builtin,dc=gfm,dc=local"
Object modified: cn=Authenticated Users,cn=Builtin,dc=gfm,dc=local
Object created: cn=World Authority,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=World Authority,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Everyone,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Everyone,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Null Authority,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Null Authority,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Nobody,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Nobody,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Enterprise Domain Controllers,cn=groups,dc=gfm,dc=local
modifying entry "cn=Enterprise Domain Controllers,cn=groups,dc=gfm,dc=local"
Object modified: cn=Enterprise Domain Controllers,cn=groups,dc=gfm,dc=local
Object created: cn=Remote Interactive Logon,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Remote Interactive Logon,cn=Builtin,dc=gfm,dc=local"
Object created: cn=SChannel Authentication,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=SChannel Authentication,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Digest Authentication,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Digest Authentication,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Terminal Server User,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Terminal Server User,cn=Builtin,dc=gfm,dc=local"
Object created: cn=NTLM Authentication,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=NTLM Authentication,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Other Organization,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Other Organization,cn=Builtin,dc=gfm,dc=local"
Object created: cn=This Organization,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=This Organization,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Anonymous Logon,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Anonymous Logon,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Network Service,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Network Service,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Creator Group,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Creator Group,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Creator Owner,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Creator Owner,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Local Service,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Local Service,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Owner Rights,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Owner Rights,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Interactive,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Interactive,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Restricted,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Restricted,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Network,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Network,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Service,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Service,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Dialup,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Dialup,cn=Builtin,dc=gfm,dc=local"
Object created: cn=System,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=System,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Batch,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Batch,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Proxy,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Proxy,cn=Builtin,dc=gfm,dc=local"
Object created: cn=IUSR,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=IUSR,cn=Builtin,dc=gfm,dc=local"
Object created: cn=Self,cn=Builtin,dc=gfm,dc=local
modifying entry "cn=Self,cn=Builtin,dc=gfm,dc=local"
Create samba/share/netlogon
File: /etc/samba/base.conf
Multifile: /etc/samba/smb.conf
Stopping Samba AD DC daemon: samba nmbd.
Create kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
WARNING: The following Samba 3 domaincontroller have been found:
univention1
It is not possible to install a samba 4 domaincontroller
into a samba 3 environment.samba4/ignore/mixsetup is true.
Continue as requested
Create samba4/function/level
Multifile: /etc/samba/smb.conf
Object modified: cn=Windows Hosts,cn=groups,dc=gfm,dc=local
Object modified: cn=DC Backup Hosts,cn=groups,dc=gfm,dc=local
Object modified: cn=DC Slave Hosts,cn=groups,dc=gfm,dc=local
Object modified: cn=Computers,cn=groups,dc=gfm,dc=local
E: DN is missing
UPN: None
Reading smb.conf
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
WARNING: The "use spnego" option is deprecated
lp_int(): value is NULL or empty!
lp_bool(): value is NULL or empty!
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Provisioning
Exporting account policy
Exporting groups
GROUP 'Domain Admins'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-512'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Domain Admins' S-1-5-21-2657495056-2441450391-3094810640-512 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'Domain Users'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-513'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Domain Users' S-1-5-21-2657495056-2441450391-3094810640-513 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'Domain Guests'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-514'
GROUP 'Windows Hosts'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11011'
GROUP 'DC Backup Hosts'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11012'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'DC Backup Hosts' S-1-5-21-2657495056-2441450391-3094810640-11012 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'DC Slave Hosts'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11013'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'DC Slave Hosts' S-1-5-21-2657495056-2441450391-3094810640-11013 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'Computers'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11015'
GROUP 'Printer-Admins'
GROUP SID 'S-1-5-32-550'
Ignoring group 'Printer-Admins' S-1-5-32-550 listed but then not found: Unable to enumerate members for alias, (-1073741487,NT_STATUS_NO_SUCH_ALIAS)
GROUP 'Backup Join'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11017'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Backup Join' S-1-5-21-2657495056-2441450391-3094810640-11017 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'Slave Join'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-11019'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'Slave Join' S-1-5-21-2657495056-2441450391-3094810640-11019 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'alenia'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-2001'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'alenia' S-1-5-21-2657495056-2441450391-3094810640-2001 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'av'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1311'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'av' S-1-5-21-2657495056-2441450391-3094810640-1311 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'bh'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1251'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'bh' S-1-5-21-2657495056-2441450391-3094810640-1251 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'edv'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1231'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'edv' S-1-5-21-2657495056-2441450391-3094810640-1231 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'ekf'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1291'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'ekf' S-1-5-21-2657495056-2441450391-3094810640-1291 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'emont'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1371'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'emont' S-1-5-21-2657495056-2441450391-3094810640-1371 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'emont_l'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1373'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'emont_l' S-1-5-21-2657495056-2441450391-3094810640-1373 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'gf'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1221'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'gf' S-1-5-21-2657495056-2441450391-3094810640-1221 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'kb'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1261'
Inconsistent SAM -- group member uid not in our domain
[..]
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1361'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'mont' S-1-5-21-2657495056-2441450391-3094810640-1361 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'pp'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1511'
GROUP 'pur'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1441'
GROUP 'sal'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1451'
GROUP 'tec'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1281'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'tec' S-1-5-21-2657495056-2441450391-3094810640-1281 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'users'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1201'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'users' S-1-5-21-2657495056-2441450391-3094810640-1201 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'vkf'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-1301'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'vkf' S-1-5-21-2657495056-2441450391-3094810640-1301 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'vkfl'
GROUP SID 'S-1-5-21-2657495056-2441450391-3094810640-3003'
Inconsistent SAM -- group member uid not in our domain
Ignoring group 'vkfl' S-1-5-21-2657495056-2441450391-3094810640-3003 listed but then not found: Unable to enumerate group members, (-1073741596,NT_STATUS_INTERNAL_DB_CORRUPTION)
GROUP 'Authenticated Users'
GROUP SID 'S-1-5-11'
Ignoring 'well known' group 'Authenticated Users' (should already be in AD, and have no members)
GROUP 'World Authority'
GROUP SID 'S-1-1'
FAILED to get SID/rid
GROUP 'Everyone'
GROUP SID 'S-1-1-0'
Ignoring 'well known' group 'Everyone' (should already be in AD, and have no members)
GROUP 'Null Authority'
GROUP SID 'S-1-0'
FAILED to get SID/rid
GROUP 'Nobody'
GROUP SID 'S-1-0-0'
Ignoring 'well known' group 'Nobody' (should already be in AD, and have no members)
GROUP 'Enterprise Domain Controllers'
GROUP SID 'S-1-5-9'
Ignoring 'well known' group 'Enterprise Domain Controllers' (should already be in AD, and have no members)
GROUP 'Remote Interactive Logon'
GROUP SID 'S-1-5-14'
Ignoring 'well known' group 'Remote Interactive Logon' (should already be in AD, and have no members)
GROUP 'SChannel Authentication'
GROUP SID 'S-1-5-64-14'
Ignoring 'well known' group 'SChannel Authentication' (should already be in AD, and have no members)
GROUP 'Digest Authentication'
GROUP SID 'S-1-5-64-21'
Ignoring 'well known' group 'Digest Authentication' (should already be in AD, and have no members)
GROUP 'Terminal Server User'
GROUP SID 'S-1-5-13'
Ignoring 'well known' group 'Terminal Server User' (should already be in AD, and have no members)
GROUP 'NTLM Authentication'
GROUP SID 'S-1-5-64-10'
Ignoring 'well known' group 'NTLM Authentication' (should already be in AD, and have no members)
GROUP 'Other Organization'
GROUP SID 'S-1-5-1000'
Ignoring 'well known' group 'Other Organization' (should already be in AD, and have no members)
GROUP 'This Organization'
GROUP SID 'S-1-5-15'
Ignoring 'well known' group 'This Organization' (should already be in AD, and have no members)
GROUP 'Anonymous Logon'
GROUP SID 'S-1-5-7'
Ignoring 'well known' group 'Anonymous Logon' (should already be in AD, and have no members)
GROUP 'Network Service'
GROUP SID 'S-1-5-20'
Ignoring 'well known' group 'Network Service' (should already be in AD, and have no members)
GROUP 'Creator Group'
GROUP SID 'S-1-3-1'
Ignoring 'well known' group 'Creator Group' (should already be in AD, and have no members)
GROUP 'Creator Owner'
GROUP SID 'S-1-3-0'
Ignoring 'well known' group 'Creator Owner' (should already be in AD, and have no members)
GROUP 'Local Service'
GROUP SID 'S-1-5-19'
Ignoring 'well known' group 'Local Service' (should already be in AD, and have no members)
GROUP 'Owner Rights'
GROUP SID 'S-1-3-4'
Ignoring 'well known' group 'Owner Rights' (should already be in AD, and have no members)
GROUP 'Interactive'
GROUP SID 'S-1-5-4'
Ignoring 'well known' group 'Interactive' (should already be in AD, and have no members)
GROUP 'Restricted'
GROUP SID 'S-1-5-12'
Ignoring 'well known' group 'Restricted' (should already be in AD, and have no members)
GROUP 'Network'
GROUP SID 'S-1-5-2'
Ignoring 'well known' group 'Network' (should already be in AD, and have no members)
GROUP 'Service'
GROUP SID 'S-1-5-6'
Ignoring 'well known' group 'Service' (should already be in AD, and have no members)
GROUP 'Dialup'
GROUP SID 'S-1-5-1'
Ignoring 'well known' group 'Dialup' (should already be in AD, and have no members)
GROUP 'System'
GROUP SID 'S-1-5-18'
Ignoring 'well known' group 'System' (should already be in AD, and have no members)
GROUP 'Batch'
GROUP SID 'S-1-5-3'
Ignoring 'well known' group 'Batch' (should already be in AD, and have no members)
GROUP 'Proxy'
GROUP SID 'S-1-5-8'
Ignoring 'well known' group 'Proxy' (should already be in AD, and have no members)
GROUP 'IUSR'
GROUP SID 'S-1-5-17'
Ignoring 'well known' group 'IUSR' (should already be in AD, and have no members)
GROUP 'Self'
GROUP SID 'S-1-5-10'
Ignoring 'well known' group 'Self' (should already be in AD, and have no members)
Exporting users
sid S-1-5-21-2657495056-2441450391-3094810640-5002 does not belong to our domain
sid S-1-5-21-2657495056-2441450391-3094810640-500 does not belong to our domain
sid S-1-5-21-2657495056-2441450391-3094810640-5006 does not belong to our domain
[..]
sid S-1-5-21-2657495056-2441450391-3094810640-1896 does not belong to our domain
sid S-1-5-21-2657495056-2441450391-3094810640-1898 does not belong to our domain
sid S-1-5-21-2657495056-2441450391-3094810640-3070 does not belong to our domain
Next rid = 1000
Failed to connect to ldap URL 'ldap://univention1.gfm.local:7389' - LDAP client internal error: NT_STATUS_BAD_NETWORK_NAME
Failed to connect to 'ldap://univention1.gfm.local:7389' with backend 'ldap': (null)
Could not open ldb connection to ldap://univention1.gfm.local:7389, the error message is: (1, None)
Trying to dig.
ERROR(<type 'exceptions.NameError'>): uncaught exception - global name 'ProvisiongError' is not defined
File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/domain.py", line 1399, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs, no_upn=no_upn)
File "/usr/lib/python2.6/dist-packages/samba/upgrade.py", line 853, in upgrade_from_samba3
raise ProvisiongError("Could not open ldb connection to %s, the error message is: %s" % (url, e))
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=GFM,cn=Primary Domains at block before line 8
Modify failed after processing 0 records
ERROR: Failed to set password for user 'univention1$': (34, "ldb_search: invalid basedn '(null)'")
ERROR: Failed to set password for user 'Administrator': (34, "ldb_search: invalid basedn '(null)'")
cp: Aufruf von stat für „/var/lib/samba/private/phpldapadmin-config.php“ nicht möglich: Datei oder Verzeichnis nicht gefunden
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting ldap/server/port
File: /etc/pam.d/smtp
Multifile: /etc/postfix/ldap.virtualwithcanonical
File: /etc/pam_ldap.conf
File: /etc/runit/univention-directory-listener/run
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
File: /etc/libnss-ldap.conf
File: /etc/postgresql/pam_ldap.conf
Multifile: /etc/postfix/ldap.virtualdomains
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/master.cf
Multifile: /etc/postfix/main.cf
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.canonicalsender
File: /etc/ldap/ldap.conf
Setting ldap/master/port
File: /etc/ntp.conf
Multifile: /etc/ldap/slapd.conf
File: /etc/default/ntpdate
File: /etc/nagios/nrpe.cfg
Restarting ldap server(s).
Stopping ldap server(s): slapd ...done.
Check database: ...done.
Starting ldap server(s): slapd ...done.
Checking Schema ID: ...done.
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 4951) 1s, normally down
done.
Restarting Univention Management Console Server.
done.
Create windows/wins-support
Not updating windows/wins-server
Multifile: /etc/samba/smb.conf
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=GFM,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=GFM,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
restore_rIDNextRID: Attribute rIDSetReferences not found
ERROR(runtime): uncaught exception - samdb_domain_sid failed
File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/ntacl.py", line 189, in run
domain_sid = security.dom_sid(samdb.domain_sid)
File "/usr/lib/python2.6/dist-packages/samba/samdb.py", line 550, in get_domain_sid
return dsdb._samdb_get_domain_sid(self)
Samba4 does not seem to be provisioned, exiting /usr/share/univention-samba4/scripts/setup-dns-in-ucsldap.sh
univention1.gfm.local port 7389 is not offering the Service 'Samba 4'
Information provided is not sufficient.
ERR: (No such object) "ldb_wait: No such object (32)" on DN CN=univention1,OU=Domain Controllers,DC=GFM,DC=LOCAL at block before line 7
Modify failed after processing 0 records
Starting Samba AD DC daemon: samba nmbd.
Create samba4/sysvol/sync/cron
File: /etc/cron.d/sysvol-sync
Multifile: /etc/samba/smb.conf
Object modified: zoneName=gfm.local,cn=dns,dc=gfm,dc=local
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=GFM,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
ERR: (No such object) "ldb_wait: No such object (32)" on DN flatname=GFM,cn=Primary Domains at block before line 5
Modify failed after processing 0 records
Object exists: cn=univention1.gfm.local,cn=shares,dc=gfm,dc=local
No modification: cn=univention1.gfm.local,cn=shares,dc=gfm,dc=local
Stopping Samba AD DC daemon: samba nmbd.
Starting Samba AD DC daemon: samba nmbd.
WARNING: Failed to search for S4 connector DC
Object exists: cn=services,cn=univention,dc=gfm,dc=local
Object created: cn=Samba 4,cn=services,cn=univention,dc=gfm,dc=local
Object modified: cn=univention1,cn=dc,cn=computers,dc=gfm,dc=local
Joinscript 96univention-samba4.inst finished with exitcode 0
Trigger für python-central werden verarbeitet ...
python-univention-connector-s4 (8.0.33-88.537.201412151702) wird eingerichtet ...
univention-s4-connector (8.0.33-88.537.201412151702) wird eingerichtet ...
File: /etc/logrotate.d/univention-s4-connector
Create connector/s4/listener/dir
Create connector/s4/poll/sleep
Create connector/s4/retryrejected
Create connector/s4/ldap/port
Create connector/s4/ldap/ssl
Create connector/debug/function
Create connector/debug/level
Create connector/ad/mapping/group/language
Create connector/s4/mapping/syncmode
Create connector/s4/mapping/sid
Create connector/s4/mapping/gpo
Create connector/s4/mapping/user/ignorelist
Not updating connector/s4/mapping/group/grouptype
Create connector/s4/mapping/group/ignorelist
Create connector/s4/mapping/group/table/Printer-Admins
Create connector/s4/mapping/container/ignorelist
Create connector/s4/mapping/dns/ignorelist
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 5438) 0s, normally down
done.
Calling joinscript 97univention-s4-connector.inst ...
Traceback (most recent call last):
File "<string>", line 2, in <module>
ImportError: No module named univention.lib.admember
Create connector/s4/ldap/host
Create connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Create connector/s4/mapping/group/language
Create connector/s4/ldap/protocol
Create connector/s4/ldap/socket
Object created: cn=gPLink,cn=custom attributes,cn=univention,dc=gfm,dc=local
Object exists: cn=Builtin,dc=gfm,dc=local
Object created: cn=System,dc=gfm,dc=local
Object created: cn=Policies,cn=System,dc=gfm,dc=local
Object created: ou=Domain Controllers,dc=gfm,dc=local
Object created: cn=WMIPolicy,cn=System,dc=gfm,dc=local
Object created: cn=SOM,cn=WMIPolicy,cn=System,dc=gfm,dc=local
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/pymodules/python2.6/univention/lib/ldap_extension.py", line 8, in <module>
import univention.debug as ud
ImportError: No module named univention.debug
Joinscript 97univention-s4-connector.inst finished with exitcode 1
Stopping univention-s4-connector daemon.
failed.
Starting univention-s4-connector daemon.
done.
Trigger für python-support werden verarbeitet ...
Cannot find service-record of _pkgdb._tcp.
No DB-Server-Name found.
root@univention1:~# tail -f /var/log/univention/join.log
ERROR
ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed.
EXITCODE=1
RUNNING 98univention-samba4-dns.inst
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1
Fre Mai 8 09:19:29 CEST 2015
univention-run-join-scripts finished
^C
root@univention1:~#
root@univention1:~# less /var/log/univention/join.log
root@univention1:~# tail -f /var/log/univention/join.log
ERROR
ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed.
EXITCODE=1
RUNNING 98univention-samba4-dns.inst
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1
Fre Mai 8 09:19:29 CEST 2015
univention-run-join-scripts finished
univention-run-join-scripts started
Fre Mai 8 10:36:59 CEST 2015
RUNNING 97univention-s4-connector.inst
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
Object exists: cn=gPLink,cn=custom attributes,cn=univention,dc=gfm,dc=local
Object exists: cn=Builtin,dc=gfm,dc=local
Object exists: cn=System,dc=gfm,dc=local
Object exists: cn=Policies,cn=System,dc=gfm,dc=local
Object exists: ou=Domain Controllers,dc=gfm,dc=local
Object exists: cn=WMIPolicy,cn=System,dc=gfm,dc=local
Object exists: cn=SOM,cn=WMIPolicy,cn=System,dc=gfm,dc=local
Object exists: cn=ldapschema,cn=univention,dc=gfm,dc=local
INFO: No change of core data of object msgpo.
INFO: No change of core data of object mswmi.
Object exists: cn=udm_module,cn=univention,dc=gfm,dc=local
INFO: No change of core data of object container/msgpo.
No modification: cn=msgpo,cn=ldapschema,cn=univention,dc=gfm,dc=local
No modification: cn=mswmi,cn=ldapschema,cn=univention,dc=gfm,dc=local
No modification: cn=container/msgpo,cn=udm_module,cn=univention,dc=gfm,dc=local
Waiting for activation of the extension object msgpo:........................................................ERROR: Master did not mark the extension object active within 180 seconds.
ERROR
ucs_registerLDAPExtension: registraton of /usr/share/univention-s4-connector/ldap/msgpo.schema failed.
EXITCODE=1
Fre Mai 8 10:40:02 CEST 2015
univention-run-join-scripts finished
Damit habe ich das UCS ziemlich zerschossen - der LDAP-Dienst startet nicht mehr.