"No such user" after restore configuration on new hardware

[michele]

I used backup/restore configuration on 4.1 installation.
First i made a backup configuration of a working 4.1 Zentyal Domain Controller/Gateway/Dhcp/Dns Server.
Second i made a new installation on a new machine of a 4.1 Zentyal with same modules as old machine.
Third i used restore configuration and everything was OK except for users: trying "id user" from terminal i got "no such user".
All Users are present on LDAP but i can't assign them permissions on folders (like /home/user).
Could someone explain me howto give local folder permissions to ldap users?
Thanks.

[expertgeeks]

Ok, I've just done this in a VM to check it out for you

Go to Users and Computers > LDAP Settings > Uncheck 'Enable PAM'. Save changes. Re-check 'Enable PAM' & save changes. This should recreate the local users for you.. at least, it worked for me. You can then migrate the user folders from backups and chown the user folders. Good luck !

[michele]

Thanks expertgeeks, i tried and tried again to disable/enable PAM on LDAP Settings, but "id user" still give me "no such user".
Am I missing something?
Any ideas?
Thanks.

[expertgeeks]

Did you get any errors during the restore process ?

[michele]

No errors during restore process.
Ldap users are all present and i can authenticate from a Windows machine.
I only miss /home/users folders that i copied from a duplicity backup but i can't give them permissions because i miss local users.

[expertgeeks]

Can you post up the entries in /var/log/zentyal/zentyal.log that relate to enabling/disabling PAM ? I'm hoping there's some errors listed that could help identify why the local users aren't being created.

[michele]

Thanks expert geeks, I don't know if can ben related to my problem, but i tried and i had this error (before i tried samba-tool natal sysvolreset without errors):

sudo samba-tool ntacl sysvolcheck
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[sysvol]"
ldb_wrap open of idmap.ldb
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/vibrobloc.it/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 249, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1726, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1677, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1624, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

What does it mean? What can i do?

I'll post zentyal.log in a next message.

[expertgeeks]

I don't think so, as I get the same error message in the VM I set up (shown below) and I have been able to restore the local user accounts too. I still get the error when running sysvolcheck following a sysvolreset and also after re-applying recursive ACLs in the zentyal GUI.

Code: [Select]

ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/<DOMAIN>/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object

I agree that doesn't look good! On the machine I backed up this error doesn't appear, although when running sysvolcheck I do get;

Code: [Select]

ERROR(<type 'exceptions.TypeError'>): uncaught exception - (61, 'No data available')
Perhaps one of the mods can comment on this, should this be happening after restoring a system ? jbahillo can you chime in here please?