Upgrade to 3.2 deleted some of my user accounts (SOLVED)

[djankowski]

I need some help here.  I had a perfectly good, and working setup yesterday ( with a good config and full backup) , and I upgraded to 3.2 per the instructions, and half of my users were deleted...and all their emails.  Their home directories are in tact. How can I recover from this?  I will add that the zentyal-samba package failed to upgrade properly.  http://trac.zentyal.org/ticket/7294

I am freakin' out here.

I should also add that I cannot add those users back via the web config.

[djankowski]

UPDATE:  there are entries in /var/log/zentyal/zentyal.log like the following

s4sync:160 main:: - Deleting Zentyal user '<username here>'

followed by:

/bin/rm -rf /var/vmail/<domain>/<username>/

and

/bin/rm -rf /var/vmail/sieve/<domain>/<username@domain>

If there is anything I can provide to assist, let me know.

[djankowski]

I also found directories backup-users-upgrade-to-32-1379938589 and backup-samba-upgrade-to-32-1379938736.   in the /var/lib/zentyal/conf directory.  Is there any way I can use the contents to back out the upgrade?

Is it possible to downgrade back to v3.0 and restore my good configuration backup from that version to get back up and working?

[djankowski]

Removing the zentyal-samba package allowed me to add back my users.  I then restored their email from a backup, and they are good to go.  I am waiting for the 3.2.2 zentyal-samba package to arrive before I try to reinstall.

[djankowski]

So I tried to add zentyal-samba back onto my server now that 3.2.2 has arrived.  But again, s4sync decided to delete half of my users and their emails (some different ones from before, some the same)  what do i need to purge from my system prior to reinstalling zentyal-samba to prevent this from happening?

Here is an bit of the zentyal.log (with domains and user name change):

Code: [Select]

2013/09/28 11:02:44 INFO> s4sync:161 main:: - Deleting Zentyal user 'user'
2013/09/28 11:02:51 ERROR> Sudo.pm:231 EBox::Sudo::_rootError - root command set -e
/bin/rm -rf /var/vmail/domain.com/me/
/bin/rm -rf /var/vmail/sieve/domain.com/me@domain.com failed.
Error output: /bin/rm: cannot remove `/var/vmail/domain.com/me': Directory not empty

Command output: .
Exit value: 1 at /usr/share/perl5/Error.pm line 182
Error::throw('EBox::Exceptions::Sudo::Command', 'cmd', 'set -e\x{a}/bin/rm -rf /var/vmail/domain.com/me/\x{a}/bin/rm -...', 'output', 'ARRAY(0x78739e8)', 'error', 'ARRAY(0x2351298)', 'exitValue', 1, ...) called at /usr/share/perl5/EBox/Sudo.pm line 231
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/UKotxqvu0J.cmd 2>...', 'set -e\x{a}/bin/rm -rf /var/vmail/domain.com/me/\x{a}/bin/rm -...', 256, 'ARRAY(0x78739e8)', 'ARRAY(0x2351298)') called at /usr/share/perl5/EBox/Sudo.pm line 201
EBox::Sudo::_root(1, '/bin/rm -rf /var/vmail/domain.com/me/', '/bin/rm -rf /var/vmail/sieve/domain.com/me@domain...') called at /usr/share/perl5/EBox/Sudo.pm line 152
EBox::Sudo::root('/bin/rm -rf /var/vmail/domain.com/me/', '/bin/rm -rf /var/vmail/sieve/domain.com/me@domain...') called at /usr/share/perl5/EBox/MailUserLdap.pm line 159
EBox::MailUserLdap::delUserAccount('EBox::MailUserLdap=HASH(0x78738c8)', 'EBox::Users::User=HASH(0x590dba0)') called at /usr/share/perl5/EBox/MailUserLdap.pm line 295
EBox::MailUserLdap::_delUser('EBox::MailUserLdap=HASH(0x78738c8)', 'EBox::Users::User=HASH(0x590dba0)') called at /usr/share/perl5/EBox/Users.pm line 1567
EBox::Users::notifyModsLdapUserBase('EBox::Users=HASH(0x576a0b0)', 'delUser', 'EBox::Users::User=HASH(0x590dba0)', 'ARRAY(0x58f07b8)', undef) called at /usr/share/perl5/EBox/Users/User.pm line 409
EBox::Users::User::deleteObject('EBox::Users::User=HASH(0x590dba0)') called at /usr/share/zentyal-samba/s4sync line 163
I will add that the other users that had their account in LDAP , and emails deleted simply had the following listed and nothing else:

Code: [Select]

2013/09/28 11:02:44 INFO> s4sync:161 main:: - Deleting Zentyal user 'user'
help?

[djankowski]

I decided to take some advice from another post: http://forum.zentyal.org/index.php/topic,18179.msg70321.html#msg70321

• Delete the module "File Sharing and Domain Services" and if you have "Printer Sharing Service"
• apt-get remove samba4
• apt-get purge samba4
• rm /opt/samba4
• Install again the module "File Sharing and Domain Services" and "Printer Sharing Service"

This at least allowed me to install the module, and users are no longer being deleted automatically.  However, shares are no longer functioning and restarting of the samba module fails.

Code: [Select]

2013/09/28 15:09:36 ERROR> LDAPBase.pm:503 EBox::LDAPBase::_errorOnLdap - LDAP error: The client attempted to add an entry that already exists. This can occur as
a result of

 * An add request was submitted with a DN that already exists

 * A modify DN requested was submitted, where the requested new DN already exists

 * The request is adding an attribute to the schema and an attribute with the
given OID or name already exists
.<br/> Operation parameters:{
  'attr' => [
              'objectclass',
              [
                'organizationalUnit'
              ],
              'ou',
              'Domain Controllers'
            ]
}
 at /usr/share/perl5/EBox/LDAPBase.pm line 503
EBox::LDAPBase::_errorOnLdap('EBox::LDB=HASH(0x6bd8798)', 'Net::LDAP::Add=HASH(0x6bfe410)', 'HASH(0x6169bd8)') called at /usr/share/perl5/EBox/LDAPBase.pm line 210
EBox::LDAPBase::add('EBox::LDB=HASH(0x6bd8798)', 'ou=Domain Controllers,DC=domain,DC=com', 'HASH(0x6169bd8)') called at /usr/share/perl5/EBox/Samba/OU.pm line 129
EBox::Samba::OU::create('EBox::Samba::OU', 'name', 'Domain Controllers', 'parent', 'EBox::Samba::NamingContext=HASH(0x6bf3d00)') called at /usr/share/perl5/EBox/LDB.pm line 327
EBox::LDB::ldapOUToLDB('EBox::LDB=HASH(0x6bd8798)', 'EBox::Users::OU=HASH(0x6beedf8)') called at /usr/share/perl5/EBox/LDB.pm line 366
EBox::LDB::ldapOUsToLDB('EBox::LDB=HASH(0x6bd8798)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 565
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x469fc20)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x469fc20)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 987
EBox::Module::Service::restartService('EBox::Samba=HASH(0x27b25f8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 201
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 53
main::main() called at /etc/init.d/zentyal line 69
2013/09/28 15:09:36 ERROR> LDB.pm:334 EBox::LDB::__ANON__ - Error loading OU 'Domain Controllers' in 'DC=domain,DC=com': LDAP error: The client attempted to add an entry that already exists. This can occur as
a result of

 * An add request was submitted with a DN that already exists

 * A modify DN requested was submitted, where the requested new DN already exists

 * The request is adding an attribute to the schema and an attribute with the
given OID or name already exists
.<br/> Operation parameters:{
  'attr' => [
              'objectclass',
              [
                'organizationalUnit'
              ],
              'ou',
              'Domain Controllers'
            ]
}
2013/09/28 15:09:36 INFO> LDB.pm:374 EBox::LDB::ldapUsersToLdb - Loading Zentyal users into samba database
2013/09/28 15:09:38 DEBUG> SecurityPrincipal.pm:208 EBox::Samba::SecurityPrincipal::_checkAccountNotExists - Account name Administrator (CN=Administrator,CN=Users,DC=domain,DC=com) already exists. at /usr/share/perl5/EBox/Samba/SecurityPrincipal.pm line 208
EBox::Samba::SecurityPrincipal::_checkAccountNotExists('EBox::Samba::User', 'Administrator') called at /usr/share/perl5/EBox/Samba/User.pm line 341
EBox::Samba::User::create('EBox::Samba::User', 'parent', 'EBox::Samba::Container=HASH(0x6c8b150)', 'name', 'Administrator', 'uidNumber', 50500, 'description', 'Built-in account for administering the computer/domain', ...) called at /usr/share/perl5/EBox/LDB.pm line 399
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x6bd8798)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x469fc20)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x469fc20)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 987
EBox::Module::Service::restartService('EBox::Samba=HASH(0x27b25f8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 201
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 53
main::main() called at /etc/init.d/zentyal line 69
2013/09/28 15:09:46 DEBUG> SecurityPrincipal.pm:208 EBox::Samba::SecurityPrincipal::_checkAccountNotExists - Account name dns-zentyal1 (CN=dns-zentyal1,CN=Users,DC=domain,DC=com) already exists. at /usr/share/perl5/EBox/Samba/SecurityPrincipal.pm line 208
EBox::Samba::SecurityPrincipal::_checkAccountNotExists('EBox::Samba::User', 'dns-zentyal1') called at /usr/share/perl5/EBox/Samba/User.pm line 341
EBox::Samba::User::create('EBox::Samba::User', 'parent', 'EBox::Samba::Container=HASH(0x2a0d010)', 'name', 'dns-zentyal1', 'uidNumber', 51101, 'description', 'DNS Service Account for zentyal1', ...) called at /usr/share/perl5/EBox/LDB.pm line 399
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x6bd8798)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x469fc20)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x469fc20)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 987
EBox::Module::Service::restartService('EBox::Samba=HASH(0x27b25f8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 201
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 53
main::main() called at /etc/init.d/zentyal line 69
2013/09/28 15:09:48 DEBUG> SecurityPrincipal.pm:208 EBox::Samba::SecurityPrincipal::_checkAccountNotExists - Account name Guest (CN=Guest,CN=Users,DC=domain,DC=com) already exists. at /usr/share/perl5/EBox/Samba/SecurityPrincipal.pm line 208
EBox::Samba::SecurityPrincipal::_checkAccountNotExists('EBox::Samba::User', 'Guest') called at /usr/share/perl5/EBox/Samba/User.pm line 341
EBox::Samba::User::create('EBox::Samba::User', 'parent', 'EBox::Samba::Container=HASH(0x6c736f8)', 'name', 'Guest', 'uidNumber', 3000011, 'description', 'Built-in account for guest access to the computer/domain', ...) called at /usr/share/perl5/EBox/LDB.pm line 399
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x6bd8798)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x469fc20)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x469fc20)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 987
EBox::Module::Service::restartService('EBox::Samba=HASH(0x27b25f8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 201
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 53
main::main() called at /etc/init.d/zentyal line 69
2013/09/28 15:09:48 DEBUG> LDB.pm:384 EBox::LDB::ldapUsersToLdb - Unable to to find the container for 'uid=http-zentyal1,ou=Kerberos,dc=domain,dc=com' in Samba at /usr/share/perl5/EBox/LDB.pm line 384
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x6bd8798)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x469fc20)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x469fc20)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x27b25f8)', 'restart', 1, 'restartModules', 1) called at /usr/share/perl5/EBox/Module/Service.pm line 987
EBox::Module::Service::restartService('EBox::Samba=HASH(0x27b25f8)', 'restartModules', 1) called at /usr/share/perl5/EBox/Util/Init.pm line 127
EBox::Util::Init::moduleAction('samba', 'restartService', 'restart') called at /usr/share/perl5/EBox/Util/Init.pm line 201
EBox::Util::Init::moduleRestart('samba') called at /etc/init.d/zentyal line 53
main::main() called at /etc/init.d/zentyal line 69
2013/09/28 15:09:48 DEBUG> Provision.pm:579 EBox::Samba::Provision::__ANON__ - 1
2013/09/28 15:09:48 ERROR> Service.pm:990 EBox::Module::Service::__ANON__ - Error restarting service: Unable to to find the container for 'uid=http-zentyal1,ou=Kerberos,dc=domain,dc=com' in Samba
The webadmin now allows me to create a share and assign permissions, but it doesn't actually share it out after applying the cahnges, even after a a server reboot.  Running getfacl on the share folder, i get that a group with the number 300002 is a default group.  A search of my LDAP tree finds no group with that ID.  I am not exactly sure what step to take next.  Should I delete the already existing entries in LDAP? Any thoughts on this would be welcome

[djankowski]

I have tried every workaround, including manually deleting accounts from ldap.  I am now down to what i believe is the root of my issue.  The samba database is not provisioning completely, but I cannot figure out why I get this in the logs now:

Code: [Select]

2013/10/06 15:03:28 INFO> Provision.pm:516 EBox::Samba::Provision::__ANON__ - Provisioning database 'samba-tool domain provision  --domain='MYDOMAIN' --workgroup='MYDOMAIN' --realm='MYDOMAIN.COM' --dns-backend=BIND9_DLZ --use-xattrs=yes  --use-rfc2307  --server-role='dc' --users='__USERS__' --host-name='zentyal1' --host-ip='10.0.0.11''
2013/10/06 15:04:36 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/10/06 15:04:39 INFO> Provision.pm:550 EBox::Samba::Provision::__ANON__ - Setting password policy
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Users,DC=mydomain,DC=com' into 'ou=Users,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Computers,DC=mydomain,DC=com' into 'ou=Computers,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Builtin,DC=mydomain,DC=com' into 'ou=Builtin,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:403 EBox::Samba::Provision::mapDefaultContainers - Mapping 'OU=Groups,DC=northcoastcs,DC=com' into 'ou=Groups,dc=northcoastcs,dc=com'
2013/10/06 15:04:45 INFO> LDB.pm:344 EBox::LDB::ldapOUsToLDB - Loading Zentyal OUS into samba database
2013/10/06 15:04:45 INFO> LDB.pm:374 EBox::LDB::ldapUsersToLdb - Loading Zentyal users into samba database
2013/10/06 15:04:57 DEBUG> LDB.pm:384 EBox::LDB::ldapUsersToLdb - Unable to to find the container for 'uid=http-zentyal1,ou=Kerberos,dc=mydomain,dc=com' in Samba at /usr/share/perl5/EBox/LDB.pm line 384
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x68f42d8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x64310d0)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x64310d0)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
EBox::Module::Base::save('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 642
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x2234238)', 'progress', 'EBox::ProgressIndicator=HASH(0x2227dc0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x2233e60)', 'progress', 'EBox::ProgressIndicator=HASH(0x2227dc0)') called at /usr/share/zentyal/global-action line 39
2013/10/06 15:04:57 DEBUG> Provision.pm:579 EBox::Samba::Provision::__ANON__ - 1
The problem is that when I look at the ldap tree, that account exists.  I am not really sure at this point where to go, bug I basically have an incomplete samba setup and it goes no further.  I have a feeling there may be a problem with that ldap entry.  Is there a way I can kill it and recreate it?

[christian]

I have a feeling there may be a problem with that ldap entry.  Is there a way I can kill it and recreate it?

I can't really help, at least efficiently    but what I can tell you, in case it helps, is that Zentyal embeds 2 LDAP servers, one for Samba and one for other Zentyal services (more or less). There is a synchronization process between these 2 LDAP servers. So your problem might be due to some itch at this level. As I don't have any 3.x currently running here, I can't look closer but would start in this direction.

Are you sure that when you remove Samba, its dedicated LDAP server get purged too ?

[djankowski]

Thank you Christian for the reply,

I hope so, though I am not sure how to confirm. I  am doing the following:

• delete the zentyal-samba component from the webgui
• apt-get remove samba4
• apt-get purge samba4
• rm /opt/samba4
• rm /etc/samba/smb.conf
• reinstall samba from the web gui

I was pretty sure this process wipes out all samba configuration.  I am also wondering if that user isn't a 'left-over' from 3.0.x  and not even needed, and therefore killing the provisioning process.  I wonder if anyone can confirm this from a fresh 3.2 install if that user exists.

[djankowski]

noticed zentyal-samba 3.2.3 in my updates.

So tried to:

• apt-get purge zentyal-samba
• apt-get purge samba4
• rm /opt/samba4 -rf
• reinstall from the webadmin

same results. 

Code: [Select]

2013/10/06 15:03:28 INFO> Provision.pm:516 EBox::Samba::Provision::__ANON__ - Provisioning database 'samba-tool domain provision  --domain='MYDOMAIN' --workgroup='MYDOMAIN' --realm='MYDOMAIN.COM' --dns-backend=BIND9_DLZ --use-xattrs=yes  --use-rfc2307  --server-role='dc' --users='__USERS__' --host-name='zentyal1' --host-ip='10.0.0.11''
2013/10/06 15:04:36 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2013/10/06 15:04:39 INFO> Provision.pm:550 EBox::Samba::Provision::__ANON__ - Setting password policy
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Users,DC=mydomain,DC=com' into 'ou=Users,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Computers,DC=mydomain,DC=com' into 'ou=Computers,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:382 EBox::Samba::Provision::mapDefaultContainers - Mapping 'CN=Builtin,DC=mydomain,DC=com' into 'ou=Builtin,dc=mydomain,dc=com'
2013/10/06 15:04:44 INFO> Provision.pm:403 EBox::Samba::Provision::mapDefaultContainers - Mapping 'OU=Groups,DC=northcoastcs,DC=com' into 'ou=Groups,dc=northcoastcs,dc=com'
2013/10/06 15:04:45 INFO> LDB.pm:344 EBox::LDB::ldapOUsToLDB - Loading Zentyal OUS into samba database
2013/10/06 15:04:45 INFO> LDB.pm:374 EBox::LDB::ldapUsersToLdb - Loading Zentyal users into samba database
2013/10/06 15:04:57 DEBUG> LDB.pm:384 EBox::LDB::ldapUsersToLdb - Unable to to find the container for 'uid=http-zentyal1,ou=Kerberos,dc=mydomain,dc=com' in Samba at /usr/share/perl5/EBox/LDB.pm line 384
EBox::LDB::ldapUsersToLdb('EBox::LDB=HASH(0x68f42d8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 566
EBox::Samba::Provision::provisionDC('EBox::Samba::Provision=HASH(0x64310d0)', 10.0.0.11) called at /usr/share/perl5/EBox/Samba/Provision.pm line 339
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x64310d0)') called at /usr/share/perl5/EBox/Samba.pm line 1038
EBox::Samba::_setConf('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Base.pm line 977
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Service.pm line 960
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/Module/Base.pm line 232
EBox::Module::Base::save('EBox::Samba=HASH(0x44defd0)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 642
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x2234238)', 'progress', 'EBox::ProgressIndicator=HASH(0x2227dc0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x2233e60)', 'progress', 'EBox::ProgressIndicator=HASH(0x2227dc0)') called at /usr/share/zentyal/global-action line 39
2013/10/06 15:04:57 DEBUG> Provision.pm:579 EBox::Samba::Provision::__ANON__ - 1

What can I do to force samba to have access to the Kerberos container so it can complete it's provisioning?

[BrettonWoods]

I would have a look at the alternative ldap on port 390.

Sorry to mention webmin ldap browser but its handy.

Check the structure firstly see if it exists or maybe its a different DC.

[djankowski]

I have.  It totally exists, which is why I am completely confused.  I also setup a fresh 3.2 server in a VM, and compared the two entries, and they match. The DC is proper as well...The only thing I can think of is to remove the http-<servercame> user from the __USERS__ group using an LDAP tool and see if I get it all provisioned

[BrettonWoods]

I don't like to start digging that much as my paranoia always starts to make me think any further events could be the cause.

Its your server but it it was me, there would be two options. A... support contract. B... Use the full backup and rebuild a clean server.

I don't want to say delete as not how zentyal sync keberos. Kerb and the keytabs are Samba focused and you might be right that the whole OU of kerb is trying to be recreated but already exist due to the dual ldap.

But what deleting will do dunno haven't dived that deep.

[djankowski]

I finally came to terms with what i had to do to fix my issue.  I installed a fresh 3.2 in a VM, and set it up exactly as my current setup is.  Once I tested that every thing on that was working, I backed up the config, and restored it onto my live server.  The only post restore task was reassigning proper ownership of the personal home directories, since they were different uids.  I am happy.