S4: upgrade provision problems

Matthieu Patou mat at samba.org
Tue Oct 26 07:46:25 MDT 2010

Hi trever,
On 19/10/2010 16:49, Trever L. Adams wrote:
>   Just as a side note doing: upgradeprovision --debugall --resetfileacl
> alone messes up (causes to not have any valid tickets) private/dns.keytab.
> This needs to be fixed. I just caught it and had to restore two provisions.
I have a couple of patches that fix the dns empty keytab pb that you 
met, it's in my repo (address in my signature) in the branch 

You'll need to run it with --full as it needs to change the samdb to 
remove the old dns account. You'll also need to adapt your bind config 
as you'll be instructed during upgradeprovision.
Then you can do one more run with just --resetfileacl so that we can 
have a look at your "unable to set file acl" problem.

Note: you can copy your provision on another workstation so that you can 
test it safely, you can also just put it in another folder (ie. 
in this case you need to do the following:

* create the destination folder
* cp -a /usr/local/samba/etc <dest>
* cp -a /usr/local/samba/private <dest>
* cp -a /usr/local/samba/locks/sysvol <dest>
* edit your new smb.conf and add/change the following parameters:
     * private dir = <dest>/private
     * lock dir = <dest>
     * in the netlogon section, change path to 
     * in the sysvol section, change path to <dest>/sysvol/

if any other parameter refer to /usr/local/samba (or the default place 
where your provision is) please update it also accordingly if any doubt 
please ask us.

At this moment you can quietly without any risk run upgradeprovision on 
your copy (you  have to supply the -s <dest/etc/smb.conf>)  without 
messing your production.


Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary

More information about the samba-technical mailing list