Hi I am testing the migration from our actual Samba domain, based on Samba 3.3.8 and LDAP (389DS) to Samba 4. I have followed the Samba4 Howto, and I have successfully compiled it. Now I am running the classicupgrade command, but I am getting some errors.
First of them is that the script is ignoring the "ldap group suffix" parameter in smb.conf, and is always searching in the "ldap suffix". Because our LDAP database is very big, the script is getting a timeout as all groups are not received in time. I have changed the timeout and timelimit values in ldap.conf to 300, but they are also being ignored. This is the output of the script: [root@samba4 ~]# samba-tool domain classicupgrade ~/sambav3/smb.conf --dbdir ~/sambav3/private --realm XXXXXXXXXX.TEST Reading smb.conf Processing section "[netlogon]" Processing section "[unixscripts]" Provisioning smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXX.SACYL))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: XXXXXXXXXX$ smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=XXXXXXXXXX.SACYL))] smbldap_open_connection: connection opened Exporting account policy Exporting groups ldapsam_setsamgrent: LDAP search failed: Timed out ldapsam_enum_group_mapping: Unable to open passdb ERROR(<class 'passdb.error'>): uncaught exception - Unable to enumerate group mappings, (-1073741790,Access denied) File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", line 1318, in run useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs) File "/usr/local/samba/lib/python2.6/site-packages/samba/upgrade.py", line 635, in upgrade_from_samba3 grouplist = s3db.enum_group_mapping() And this is the LDAP access LOG: [03/Jan/2013:10:58:01 +0100] conn=24304 op=13 SRCH base="dc=XXXXXXXXXX,dc=XX" scope=2 filter="(objectClass=sambaGroupMapping)" attrs="gidNumber sambaSID sambaGroupType sambaSIDList description displayName cn objectClass" [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 UNBIND [03/Jan/2013:10:58:16 +0100] conn=24304 op=14 fd=73 closed - U1 dc=XXXXXXXXXX,dc=XX is our "ldap suffix", not our "ldap group suffix", as it should. Any ideas how to fix these problems and continue with the tests? Regards and thanks in advance, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba