Univention Bugzilla – Full Text Bug Listing |
Summary: | UCS 3.1 Migration Samba3 zu Samba4: DC Backup samba join failed | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Samba4 | Assignee: | Samba maintainers <samba-maintainers> |
Status: | RESOLVED DUPLICATE | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann |
Version: | UCS 3.1 | ||
Target Milestone: | UCS 3.x | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Attachments: | Console output der Migration auf dem Master |
Description
Arvid Requate
2012-12-12 12:27:09 CET
Created attachment 4912 [details]
Console output der Migration auf dem Master
============================================================================= root@master23:~# udm settings/sambadomain list Value must be a number!. root@master23:~# univention-ldapsearch -xLLL objectclass=sambadomain dn: sambaDomainName=ARUCS31I23,cn=samba,dc=arucs31i23,dc=qa sambaDomainName: ARUCS31I23 sambaSID: S-1-5-21-1429084368-1943113508-3274989293 objectClass: sambaDomain objectClass: univentionObject univentionObjectType: settings/sambadomain sambaNextUserRid: 1000 sambaNextGroupRid: 1000 sambaMinPwdLength: 8 sambaPwdHistoryLength: 0 sambaMaxPwdAge: -1 sambaMinPwdAge: 0 sambaRefuseMachinePwdChange: 0 sambaNextRid: 1001 sambaLogonToChgPwd: 0 sambaLockoutDuration: 30 sambaLockoutObservationWindow: 30 sambaLockoutThreshold: 0 sambaForceLogoff: -1 root@master23:~# samba-tool domain passwordsettings show Password informations for domain 'DC=arucs31i23,DC=qa' Password complexity: on Store plaintext passwords: off Password history length: 0 Minimum password length: 8 Minimum password age (days): 0 Maximum password age (days): 0 root@master23:~# univention-s4search -b DC=arucs31i23,DC=qa -s base maxPwdAge minPwdAge pwdHistoryLength minPwdLength lockoutDuration lockOutObservationWindow lockoutThreshold forceLogoff SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS # record 1 dn: DC=arucs31i23,DC=qa forceLogoff: -9223372036854775808 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 minPwdLength: 8 pwdHistoryLength: 0 minPwdAge: 0 maxPwdAge: 10000000 lockoutDuration: -300000000 ============================================================================= Das Problem ist hier, dass maxPwdAge auf einem falschen Wert steht. Hier sollte der Connector-Code ggf. nochmal geprüft werden: ============================================================================= 12.12.2012 12:01:42,243 LDAP (PROCESS): sync from ucs: [ container_dc] [ add] sambaDomainName=ARUCS31I23,cn=samba,dc=arucs31i23,dc=qa [...] 12.12.2012 12:26:08,641 LDAP (PROCESS): sync from ucs: [ container_dc] [ modify] sambadomainname=arucs31i23,cn=samba,dc=arucs31i23,dc=qa ============================================================================= Folgender Workaround sollte in das Migrationsdokument aufgenommen werden: ============================================================================= root@master23:~# samba-tool domain passwordsettings set --max-pwd-age 0 Maximum password age changed! All changes applied successfully! root@master23:~# samba-tool domain passwordsettings set --max-pwd-age 0 Maximum password age changed! All changes applied successfully! root@master23:~# univention-s4search -b DC=arucs31i23,DC=qa -s base maxPwdAge minPwdAge pwdHistoryLength minPwdLength lockoutDuration lockOutObservationWindow lockoutThreshold forceLogoff SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS # record 1 dn: DC=arucs31i23,DC=qa forceLogoff: -9223372036854775808 lockOutObservationWindow: -18000000000 lockoutThreshold: 0 minPwdLength: 8 pwdHistoryLength: 0 minPwdAge: 0 lockoutDuration: -300000000 maxPwdAge: -9223372036854775808 ============================================================================= Danach funktioniert der Backup-samba-join. Aber das udm Modul kommt trotzdem noch nicht klar: root@master23:~# udm settings/sambadomain list Value must be a number!. Der S4 Connector Konvertierungs-Bug ist jetzt als Bug 29775 abgespalten. In den Migrations-Leitfaden ist jetzt die Empfehlung eingearbeitet, das maximale Passwortalter manuell neu zu setzen. Als Beispiel wird der Wert 0 beschreiben. http://wiki.univention.de/index.php?title=Migration_from_Samba_3_to_Samba_4#Migration_of_the_first_Samba_3_DC Über diesen Bug sollte also noch root@master23:~# udm settings/sambadomain list Value must be a number!. behoben werden. |