Re: [Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER

2012-10-11 Thread Norberto Bensa 
Hello Andrew,

2012/10/10 Andrew Bartlett abart...@samba.org:

 A patch is in GIT master (to paper over the issue), which may be
 backported to the 4.0 release stream once folks confirm it works
 properly.

And so I pulled from master, and now it correctly upgrades the test domain.

Thank very much!!

Regards,
Norberto
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER

2012-10-10 Thread Andrew Bartlett 
On Wed, 2012-10-10 at 01:04 -0300, Norberto Bensa wrote:
 Hello,
 
 I'm testing samba4. I've setup a small samba3+ldap pdc, and then I
 tried a classicupgrade, but I can't pass step 4 of the howto.

As mentioned in the WHATSNEW, we have an issue when we upgrade a domain
with a domain admins group specified.  The problem is that the domain
admins group needs to own files in sysvol, but on upgrade we honour the
existin GID-only mapping for that group.

A patch is in GIT master (to paper over the issue), which may be
backported to the 4.0 release stream once folks confirm it works
properly.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] samba4, classicupgrade: set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER

2012-10-09 Thread Norberto Bensa 
Hello,

I'm testing samba4. I've setup a small samba3+ldap pdc, and then I
tried a classicupgrade, but I can't pass step 4 of the howto.


ubuntu@samba4:~/samba4$ /usr/local/samba/sbin/samba -V
Version 4.1.0pre1-GIT-899cdc4


ubuntu@samba4:~/samba4$ sudo /usr/local/samba/bin/samba-tool domain
classicupgrade --realm=example.com --dbdir=/root/samba
/root/samba/smb.conf
Reading smb.conf
Provisioning
Exporting account policy
Exporting groups
Exporting users
  Skipping wellknown rid=500 (for username=Administrator)
  Skipping wellknown rid=501 (for username=nobody)
  Demoting BDC account trust for samba3, this DC must be elevated to
an AD DC using 'samba-tool domain promote'
Next rid = 1009
Exporting posix attributes
Reading WINS database
Cannot open wins database, Ignoring: [Errno 2] No such file or
directory: '/root/samba/wins.dat'
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=example,DC=com
Adding configuration container
Setting up sam.ldb schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container
Modifying users container
Adding computers container
Modifying computers container
Setting up sam.ldb data
Setting up well known security principals
Setting up sam.ldb users and groups
Setting up self join
Setting acl on sysvol skipped
Adding DNS accounts
Creating CN=MicrosoftDNS,CN=System,DC=example,DC=com
Creating DomainDnsZones and ForestDnsZones partitions
Populating DomainDnsZones and ForestDnsZones partitions
Setting up sam.ldb rootDSE marking as synchronized
Fixing provision GUIDs
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Setting up fake yp server settings
Once the above files are installed, your Samba4 server will be ready to use
Admin password:,mlY44K(WDG(O7a_-.6M@E
Server Role:   active directory domain controller
Hostname:  samba4
NetBIOS Domain:EXAMPLE
DNS Domain:example.com
DOMAIN SID:S-1-5-21-831389399-4071795767-414191908
A phpLDAPadmin configuration file suitable for administering the Samba
4 LDAP server has been created in
/usr/local/samba/private/phpldapadmin-config.php.
Importing WINS database
Importing Account policy
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Importing groups
Group already exists sid=S-1-5-21-831389399-4071795767-414191908-513,
groupname=Domain Users existing_groupname=Domain Users, Ignoring.
Group already exists sid=S-1-5-21-831389399-4071795767-414191908-512,
groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
Group already exists sid=S-1-5-21-831389399-4071795767-414191908-514,
groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
Group already exists sid=S-1-5-32-544, groupname=Administrators
existing_groupname=Administrators, Ignoring.
Group already exists sid=S-1-5-32-545, groupname=Users
existing_groupname=Users, Ignoring.
Group already exists sid=S-1-5-32-546, groupname=Guests
existing_groupname=Guests, Ignoring.
Importing users
Adding users to groups
set_nt_acl_no_snum: fset_nt_acl returned NT_STATUS_INVALID_OWNER.
ERROR(runtime): uncaught exception - (-1073741734, 'NT_STATUS_INVALID_OWNER')
  File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py,
line 170, in _run
return self.run(*args, **kwargs)
  File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py,
line 1321, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
  File /usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py,
line 913, in upgrade_from_samba3
result.names.domaindn, result.lp, use_ntvfs)
  File 
/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py,
line 1468, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs)
  File 
/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py,
line 1405, in set_gpos_acl
str(domainsid), use_ntvfs)
  File 
/usr/local/samba/lib/python2.7/site-packages/samba/provision/__init__.py,
line 1369, in set_dir_acl
setntacl(lp, path, acl, domsid, use_ntvfs=use_ntvfs)
  File /usr/local/samba/lib/python2.7/site-packages/samba/ntacls.py,
line 108, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL |
security.SECINFO_SACL, sd)



ubuntu@samba4:~/samba4$ sudo testparm /root/samba/smb.conf

[global]
workgroup = EXAMPLE
passdb backend = ldapsam:ldap://localhost/
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
ldap admin dn =