[Samba] SAMBA 4.20 - function level upgrade

Tomáš Havlín thavlin at spel.cz
Tue Apr 9 08:05:02 UTC 2024 

Hello,

samba-tool domain level show
Forest function level: (Windows) 2012 R2
Domain function level: (Windows) 2012 R2
Lowest function level of a DC: (Windows) 2016

samba 4.20.0-2

smb.conf
ad dc functional level = 2016

https://wiki.samba.org/index.php/Samba_Features_added/changed#NEW_FEATURES/CHANGES
section AD DC support for Authentication Silos and Authentication 
Policies

direcly copied from console
[root at vorvan ~]# samba-tool domain schemaupgrade --schema=2019
Temporarily overriding 'dsdb:schema update allowed' setting
Applying Sch70.ldf updates...
Unable to find attribute msDS-DeviceMDMStatus in the schema
5 changes applied
Applying Sch71.ldf updates...
7 changes applied
Applying Sch72.ldf updates...
5 changes applied
Applying Sch73.ldf updates...
5 changes applied
Applying Sch74.ldf updates...
../../source4/dsdb/schema/schema_init.c:816: name == NULL in 
CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
dsdb_schema_set_el_from_ldb_msg_dups() WERR_INVALID_PARAMETER
Exception: (1, 'operations error at 
../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
Encountered while trying to apply the following LDIF
----------------------------------------------------
dn: CN=ms-DS-Key-Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
changetype: add
objectClass: classSchema
ldapDisplayName: msDS-KeyCredential
adminDisplayName: msDS-KeyCredential
adminDescription: An instance of this class contains key material.
governsId: 1.2.840.113556.1.5.297
objectClassCategory: 1
rdnAttId: cn
schemaIdGuid:: Q1Uf7i58akeLP+EfSvbEmA==
defaultSecurityDescriptor: 
D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
defaultHidingValue: FALSE
showInAdvancedViewOnly: TRUE
systemOnly: FALSE
systemFlags: 16
instanceType: 4
subClassOf: top
systemPossSuperiors: container
systemMustContain: 1.2.840.113556.1.4.2315
systemMayContain: msDS-KeyMaterial
systemMayContain: msDS-KeyUsage
systemMayContain: msDS-KeyPrincipal
systemMayContain: msDS-DeviceDN
systemMayContain: msDS-ComputerSID
systemMayContain: msDS-CustomKeyInformation
systemMayContain: msDS-KeyApproximateLastLogonTimeStamp

Exception: (1, 'operations error at 
../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
Error encountered, aborting schema upgrade
ERROR: Failed to upgrade schema

thank you
THAV


------ Původní zpráva ------
Od "Andrew Bartlett" <abartlet at samba.org>
Komu "Tomáš Havlín" <thavlin at spel.cz>; "Tomáš Havlín via samba" 
<samba at lists.samba.org>
Datum 09.04.2024 9:45:00
Předmět Re: Re[2]: [Samba] SAMBA 4.20 - function level upgrade

>On Mon, 2024-04-08 at 08:03 +0000, Tomáš Havlín wrote:
>>Hello,
>>
>>I am sorry for my answer. I have already upgraded level domain and
>>
>>forest level 2012_R2 and function level to 2016 via ad dc functional
>>
>>level = 2016. Then I tried to follow instructions from wiki to upgrade
>>
>>to version of funtion level to 2016, but schema upgrade ends with error
>>
>>
>>
>>Exception: (1, 'operations error at
>>
>>../../source4/dsdb/samba/ldb_modules/resolve_oids.c:674')
>>
>>Error encountered, aborting schema upgrade
>>
>>ERROR: Failed to upgrade schema
>
>Was this text copied directly from your failing host?  I ask cecause 
>someone has 'spell corrected' samdb -> samba in that path, and line 674 
>is empty in the Samba 4.20.0 released sources.
>
>Can you please confirm the exact command given and the version of Samba 
>you are running where you see this failure?
>
>Thanks,
>
>Andrew Bartlett
>
>--
>Andrew Bartlett (he/him)       https://samba.org/~abartlet/
>Samba Team Member (since 2001) https://samba.org
>Samba Team Lead                https://catalyst.net.nz/services/samba
>Catalyst.Net Ltd
>
>Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group 
>company
>
>Samba Development and Support: https://catalyst.net.nz/services/samba
>
>Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list