[Samba] SAMBA 4.20 - function level upgrade
Andrew Bartlett
abartlet at samba.org
Thu Apr 11 10:14:11 UTC 2024
Thanks, that looks like success to me.
Perhaps mail SerNet and let them know?
Andrew Bartlett
On Thu, 2024-04-11 at 08:51 +0000, Tomáš Havlín via samba wrote:
> Hello,please check my progress
> I did it on the same virtual Centos 9 to avoid posibilities of
> differencies between original and new installed linux- backup
> /var/lib/samba storage- uninstalled sernet-samba- installed samba
> 4.20.0 from tar source code- location default /usr/local/samba-
> replaced files from /var/lib/samba to /usr/local/samba (to right
> location)- started samba - done- checked situation:[root at vorvan etc]#
> samba-tool domain level showDomain and forest function level for
> domain 'DC=raisa,DC=intra'Forest function level: (Windows) 2012
> R2Domain function level: (Windows) 2012 R2Lowest function level of a
> DC: (Windows) 2016- tried to do upgrade - no errorssamba-tool domain
> schemaupgrade --schema=2019samba-tool domain functionalprep --
> function-level=2016samba-tool domain level raise --domain-level=2016
> --forest-level=2016- checked new state[root at vorvan etc]# samba-tool
> domain level showDomain and forest function level for domain
> 'DC=raisa,DC=intra'Forest function level: (Windows) 2016Domain
> function level: (Windows) 2016Lowest function level of a DC:
> (Windows) 2016- and schema[root at vorvan etc]# ldbsearch -H
> /usr/local/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=RAISA,dc=INTRA' -s base objectVersion#
> record 1dn:
> CN=Schema,CN=Configuration,DC=raisa,DC=intraobjectVersion: 88
> sooo, ti looks like troubles with sernet packages
> regardsTHAV
>
>
>
>
> ------ Původní zpráva ------Od "Andrew Bartlett via samba" <
> samba at lists.samba.org>Komu "Tomáš Havlín" <thavlin at spel.cz>; "Andrew
> Bartlett via samba" <samba at lists.samba.org>Datum 11.04.2024
> 7:10:36Předmět Re: [Samba] SAMBA 4.20 - function level upgrade
> > Thanks for getting back to me. Sadly I've not had the time today
> > toattempt the reproduction.Can you, just to save me time, double-
> > check if this happens on a serverwith the Samba 4.20 being a just
> > from-our-tarball Samba and show thelogs that gives?Thanks,Andrew
> > BartlettOn Wed, 2024-04-10 at 10:04 +0000, Tomáš Havlín via samba
> > wrote:
> > > HelloI will try give you best answer what I can. - alma linux 9,
> > > fresh installation, for testing only in virtualbox- packages from
> > > Sernet, installad via YUM from oficial repo- installed version
> > > 4.18 (same on original linux)- moved backup from original server,
> > > /var/lib/samba + /etc/krb, /etc/default/samba, /etc/samba-
> > > original domain created if I remember on 4.15 or 4.16, then
> > > schema upgrade to 2012, on 4.18- upgraded to version 4.20
> > > thank youTHAV
> > > ------ Původní zpráva ------Od "Andrew Bartlett via samba"
> > > <samba at lists.samba.org>Komu "Tomáš Havlín" <thavlin at spel.cz>;
> > > "Tomáš Havlín via samba" <samba at lists.samba.org>Datum 10.04.2024
> > > 10:54:55Předmět Re: [Samba] SAMBA 4.20 - function level upgrade >
> > > Thanks for the extra details. I do intend to dig into this for >
> > > you, itis very strange, but to do that I need some more
> > > details:Can > I get (again, if I've missed it) a history of this
> > > domain > (whatversion did you start with, what schema upgrades
> > > have happened > in thepast) so I can try and reproduce?Also, can
> > > you confirm where > you got your Samba package, if there areany
> > > other bits of any Samba > version on your system, and the details
> > > forthe sources of that > package.The reason I ask is that things
> > > in the logs just don't line > up withwhat I see in the git
> > > tag.For example, not only do the > resolve_oids.c references look
> > > odd, I justcan't see how Samba > 4.20.0 can print this
> > > line:dsdb_schema_set_el_from_ldb_msg_dups() >
> > > WERR_INVALID_PARAMETERThanks,Andrew BartlettOn Tue, 2024-04-09 at
> > > > 08:05 +0000, Tomáš Havlín wrote: > > Hello, samba-tool domain
> > > level showForest function level: > > (Windows) 2012 R2 Domain
> > > function level: (Windows) 2012 R2 Lowest > > function level of a
> > > DC: (Windows) 2016 > > samba 4.20.0-2 smb.confad dc functional
> > > level = 2016 > >
> > > https://wiki.samba.org/index.php/Samba_Features_added/changed#NEW_FEATURES/CHANGESsection
> > > > > AD DC support for Authentication Silos and Authentication >
> > > > Policies direcly copied from console[root at vorvan ~]# samba-tool
> > > > > domain schemaupgrade --schema=2019 Temporarily overriding > >
> > > 'dsdb:schema update allowed' setting Applying Sch70.ldf > >
> > > updates... Unable to find attribute msDS-DeviceMDMStatus in the >
> > > > schema 5 changes applied Applying Sch71.ldf updates... 7
> > > changes > > applied Applying Sch72.ldf updates... 5 changes
> > > applied Applying > > Sch73.ldf updates... 5 changes applied
> > > Applying Sch74.ldf > > updates...
> > > ../../source4/dsdb/schema/schema_init.c:816: name == > > NULL in
> > > CN=ms- DS-Key- > >
> > > Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra > >
> > > dsdb_schema_set_el_from_ldb_msg_dups() WERR_INVALID_PARAMETER > >
> > > Exception: (1, 'operations error at > >
> > > ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674') > >
> > > Encountered while trying to apply the following LDIF ------------
> > > > > ---------------------------------------- dn: CN=ms-DS-Key- >
> > > > Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra > >
> > > changetype: add objectClass: classSchema ldapDisplayName: msDS- >
> > > > KeyCredential adminDisplayName: msDS-KeyCredential > >
> > > adminDescription: An instance of this class contains key > >
> > > material. governsId: 1.2.840.113556.1.5.297 objectClassCategory:
> > > > > 1 rdnAttId: cn schemaIdGuid:: Q1Uf7i58akeLP+EfSvbEmA== > >
> > > defaultSecurityDescriptor: > >
> > > D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOW
> > > > > DSDD TSW;;;SY) defaultHidingValue: FALSE
> > > showInAdvancedViewOnly: > > TRUE systemOnly: FALSE systemFlags:
> > > 16 instanceType: 4 > > subClassOf: top systemPossSuperiors:
> > > container systemMustContain: > > 1.2.840.113556.1.4.2315
> > > systemMayContain: msDS-KeyMaterial > > systemMayContain: msDS-
> > > KeyUsage systemMayContain: msDS- > > KeyPrincipal
> > > systemMayContain: msDS-DeviceDN systemMayContain: > > msDS-
> > > ComputerSID systemMayContain: msDS-CustomKeyInformation > >
> > > systemMayContain: msDS-KeyApproximateLastLogonTimeStamp >
> > > > Exception: (1, 'operations error at > >
> > > ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674') Error >
> > > > encountered, aborting schema upgrade ERROR: Failed to upgrade >
> > > > schema > > thank youTHAV > > > > > > > > > > ------ Původní
> > > zpráva ------ > > Od "Andrew Bartlett" <abartlet at samba.org> >
> > > > Komu "Tomáš Havlín" <thavlin at spel.cz>; "Tomáš Havlín via
> > > samba" > > <samba at lists.samba.org> > > Datum 09.04.2024 9:45:00
> > > > > Předmět Re: Re[2]: [Samba] SAMBA 4.20 - function level
> > > upgrade > > > On Mon, 2024-04-08 at 08:03 +0000, Tomáš Havlín
> > > wrote: > > > > Hello, > > I am sorry for my answer. I have
> > > already upgraded > > level domain > > and > > forest level
> > > 2012_R2 and function level > > to 2016 via ad dc > > functional >
> > > > level = 2016. Then I tried > > to follow instructions from wiki
> > > to > > upgrade > > to version of > > funtion level to 2016, but
> > > schema upgrade ends with > > error > > > > > > > > Exception: (1,
> > > 'operations error at > > > >
> > > ../../source4/dsdb/samba/ldb_modules/resolve_oids.c:674') > > > >
> > > Error encountered, aborting schema upgrade > > ERROR: Failed to >
> > > > upgrade schema > > Was this text copied directly from your > >
> > > failing host? I ask > cecause someone has 'spell corrected' > >
> > > samdb -> samba in that path, > and line 674 is empty in the Samba
> > > > > 4.20.0 released sources. > > Can you please confirm the exact
> > > > > command given and the version of > Samba you are running
> > > where > > you see this failure? > > Thanks, > > Andrew Bartlett >
> > > > -- > > > Andrew Bartlett (he/him)
> > > https://samba.org/~abartlet/Samba
> > > > > > Team Member (since 2001) https://samba.orgSamba Team >
> > > Lead > > > https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
> > > > Proudly > > developing Samba for Catalyst.Net Ltd - a Catalyst
> > > IT group > > > company > Samba Development and Support: > > >
> > > https://catalyst.net.nz/services/samba
> > > > > > Catalyst IT - Expert Open Source Solutions > --Andrew
> > > Bartlett (he/him) https://samba.org/~abartlet/Samba
> > > > Team Member (since 2001) https://samba.orgSamba Team > Lead >
> > > https://catalyst.net.nz/services/sambaCatalyst.Net LtdProudly >
> > > developing Samba for Catalyst.Net Ltd - a Catalyst IT >
> > > groupcompanySamba Development and Support: >
> > > https://catalyst.net.nz/services/samba
> > > > Catalyst IT - Expert Open Source Solutions--To unsubscribe
> > > from > this list go to the following URL and read
> > > theinstructions: > https://lists.samba.org/mailman/options/samba
> > --Andrew Bartlett (he/him) https://samba.org/~abartlet/
> > Samba Team Member (since 2001) https://samba.org
> > Samba Team Lead
> > https://catalyst.net.nz/services/samba
> > Catalyst.Net Ltd
> >
> > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT
> > groupcompany
> > Samba Development and Support:
> > https://catalyst.net.nz/services/samba
> >
> > Catalyst IT - Expert Open Source Solutions
> >
> >
> > --To unsubscribe from this list go to the following URL and read
> > theinstructions: https://lists.samba.org/mailman/options/samba
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions
More information about the samba
mailing list