Extending Samba 4 schema for OSX GPO support

Aubrey Ekstrom aekstrom at proclivitysystems.com
Mon Nov 29 15:37:11 MST 2010 

Hi Kamen,

Thanks for the reply! Sorry, my bad... I totally forgot to clean first <BLUSH>. 

This time I even ran rm -r on /usr/local/samba before the install just to be sure everything was fresh.

So that worked great as far "make quicktest" showing no errors, and after make install and provisioning steps, Samba 4 passes DNS, Authentication and Kerberos tests. Then I ran ldbmodify and imported the file you sent me this morning... and I still get the same errors :^/. The add attributes and add classes import fine, but it still doesn't like the modify statements:

user at pdc:/usr/local/samba/bin$ sudo /usr/local/samba/bin/ldbmodify -H pdc.xxx.xxx  --user=XXX/administrator%xxxxx /home/psadmin/apple-mods.ldif 
ERR: (No such object) "No such object (32)" on DN 
ERR: (No such object) "No such object (32)" on DN 
ERR: (No such object) "No such object (32)" on DN CN=User,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
ERR: (No such object) "No such object (32)" on DN CN=Computer,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
ERR: (No such object) "No such object (32)" on DN CN=Group,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
Modified 46 records with 5 failures

The first 2 errors refer to these statements at the end of the add attributes and add classes sections in the ldif:

dn: 
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1

the other 3 errors are for the auxiliaryClass modify statements at the end of the file (same as before):

# Add the new class to the user object
dn: CN=User,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-user
-

# Add the new class to the computer object
dn: CN=Computer,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-computer
-

# Add the new class to the group object
dn: CN=Group,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-group
-

I am definitely running the latest Samba4 from GIT:
 
user at pdc:/usr/local/samba/bin$ ../sbin/samba --version
Version 4.0.0alpha14-GIT-800a76d

I am assuming that I need those auxilaryClasses for this to work (otherwise why does Apple include them?). I am not so sure about needing the 2 "add: schemaUpdateNow" statements (since it appears the attributes and classes get added), but again I don't understand why I am getting these errors and you are not.

It's late in the day here now, so I will play with this a little more on my own, and return to it in earnest tomorrow.

Thanks again for all the help (and patience).

Cheers, 


Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

----- Original Message -----
From: "Kamen Mazdrashki" <kamenim at samba.org>
To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
Sent: Monday, November 29, 2010 3:29:27 PM
Subject: Re: Extending Samba 4 schema for OSX GPO support

Hi Aubrey,

On Mon, Nov 29, 2010 at 19:47, Aubrey Ekstrom
<aekstrom at proclivitysystems.com> wrote:
> Hi Karmen,
>
> I did a "git pull" to get the latest source for Samba 4, which appeared to work fine. Generated the config scripts and ran configure.developer in the Source4 directory. All seemed OK. Ran make. No errors... but when I run "make quicktest" I get many errors (200+), many of which look like this:
>
> ldb: module version mismatch in ../dsdb/samdb/ldb_modules/dsdb_cache.c : ldb_version=0.9.19 module_version=0.9.18
> ldb: failed to initialise module /home/psadmin/samba-master/source4/bin/modules/ldb/dsdb_cache.so : Unavailable
> Traceback (most recent call last):
>  File "./setup/provision", line 262, in <module>
>    useeadb=eadb, next_rid=opts.next_rid, lp=lp)
>  File "bin/python/samba/provision/__init__.py", line 1521, in provision
>    schemadn=names.schemadn)
>  File "bin/python/samba/schema.py", line 81, in __init__
>    self.ldb = SamDB(global_schema=False, am_rodc=False)
> MemoryError
> Unable to provision:
> NSS_WRAPPER_PASSWD="/home/psadmin/samba-master/source4/st/dc/etc/passwd" NSS_WRAPPER_GROUP="/home/psadmin/samba-master/source4/st/dc/etc/group" ./setup/provision --configfile=/home/psadmin/samba-master/source4/st/dc/etc/smb.conf --host-name=localdc --host-ip=127.0.0.1 --quiet --domain=SAMBADOMAIN --realm=SAMBA.EXAMPLE.COM --adminpass=locDCpass1 --krbtgtpass=krbtgtlocDCpass1 --machinepass=machinelocDCpass1 --root=root --server-role="domain controller" --function-level="2008"
> PROVISIONING DC...testsuite: samba4.rpc.echo on ncacn_ip_tcp with sign and --option=ntlmssp_client:ntlm2=no --option=torture:quick=yes(dc)
> no output for name[samba4.rpc.echo on ncacn_ip_tcp with sign and --option=ntlmssp_client:ntlm2=no --option=torture:quick=yes(dc)]
> ERROR: Testsuite[samba4.rpc.echo on ncacn_ip_tcp with sign and --option=ntlmssp_client:ntlm2=no --option=torture:quick=yes(dc)]
> REASON: unable to set up environment dc - exiting
>
> It looks like  the first line "ldb: module version mismatch in ../dsdb/samdb/ldb_modules/dsdb_cache.c : ldb_version=0.9.19 module_version=0.9.18" may be the main issue? Not sure if that is the only problem or the main problem or what to do to fix it. I do know I did not get any errors with "make quicktest" with the version I am currently using. Any advise is appreciated. Thanks!
>

I've never had such a problem. But what I think you should do is to
rebuild again:
$ make distclean
$./configure.developer
$ make -j

It seems you have a dsdb_cache.so module, and there is no such module anymore
(ironically, Tridge has deleted it just a few hours after your
previous checkout) :)

-- 
Cheers,
Kamen
---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.

More information about the samba-technical mailing list