Bug 33345 – In place upgrade of the Samba 3/NT4 to a Samba 4/AD domain - user sid's were changed during migration

Bug 33345 - In place upgrade of the Samba 3/NT4 to a Samba 4/AD domain - user sid's were changed during migration


Summary:	In place upgrade of the Samba 3/NT4 to a Samba 4/AD domain - user sid's were ...

Status:	RESOLVED DUPLICATE of bug 33338

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UNSTABLE
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	Samba maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-11-13 10:56 CET by Felix Botner
Modified:	2013-11-13 12:01 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Felix Botner

2013-11-13 10:56:43 CET

-> univention-ldapsearch uid=testxp sambaSid
dn: uid=testxp,cn=users,dc=perf,dc=test
sambaSID: S-1-5-21-2258647891-1754753931-3671923481-11127
uidNumber: 2007

-> univention-s4search cn=testxp objectSid
dn: CN=testxp,CN=Users,DC=perf,DC=test
objectSid: S-1-5-21-2258647891-1754753931-3671923481-11127

-> ldbsearch -H /var/lib/samba/private/idmap.ldb \
   objectSid=S-1-5-21-2258647891-1754753931-3671923481-11127
# record 1
dn: CN=S-1-5-21-2258647891-1754753931-3671923481-11127
cn: S-1-5-21-2258647891-1754753931-3671923481-11127
objectClass: sidMap
objectSid: S-1-5-21-2258647891-1754753931-3671923481-11127
type: ID_TYPE_UID
xidNumber: 2007
distinguishedName: CN=S-1-5-21-2258647891-1754753931-3671923481-11127

-> samba-tool ntacl get /home/testxp| grep sid
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
        owner_sid                : *
            owner_sid                : S-1-5-21-2258647891-1754753931-3671923481-5014
        group_sid                : *
            group_sid                : S-1-5-21-2258647891-1754753931-3671923481-513

-> more /var/log/univention/listener.log | grep 5014
13.11.13 09:30:56.029  LISTENER    ( PROCESS ) : samba4-idmap: added entry for S-1-5-21-2258647891-1754753931-3671923481-5014
13.11.13 09:33:03.883  LISTENER    ( PROCESS ) : samba4-idmap: renaming entry for S-1-5-21-2258647891-1754753931-3671923481-5014 to S-1-5-21-2258647891-1754753931-3671923481-11127

Comment 1 Arvid Requate

2013-11-13 11:05:42 CET

connector-s4.log shows thath the user was not exported to samba during the classicupgrade:
===============================================================================
13.11.2013 09:32:36,715 LDAP        (PROCESS): sync from ucs: [          user] [       add] cn=testxp,cn=users,dc=perf,dc=test
===============================================================================

And a bit later, shortly before the listener detects the sambaSID change:
===============================================================================
13.11.2013 09:33:03,547 LDAP        (PROCESS): sync to ucs:   [          user] [    modify] uid=testxp,cn=users,dc=perf,dc=test
===============================================================================

Comment 2 Stefan Gohmann

2013-11-13 12:01:39 CET

Part of Bug #33338

*** This bug has been marked as a duplicate of bug 33338 ***