[Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'

Christophe Borivant cborivant at devinlec.com
Wed Dec 30 10:53:35 UTC 2015 

Ok it seems like you are in the exact same situation I was.
So here are the files in a tgz.
Once uncompressed, you'll have to change each occurance of "DC=MYDOMAIN,DC=com"
according to your configuration.
you can do this with something like :
perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *

Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your
schema to version 47 like this :
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-2.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch38mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-2.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch41mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch42mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-2.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-3.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-4.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-2.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-3.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch46mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch47mod.ldf

Don't forget to first try in a test environment.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 11:28:11
Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'

Good day!
Thank you for your attention, follow the process and led to this result:

ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN = 
Configuration, DC = MYDOMAIN" -s base objectVersion
# 1 record
dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
objectVersion: 31

# Returned 1 records
# 1 entries
# 0 referrals


How can we proceed ?

Thanks


Em 30-12-2015 07:54, Christophe Borivant escreveu:
> Hello Carlos,
>
> I had the same problem as you.
> To solve the problem, I just modified the files I needed from adprep in order to be able
> to run ldbadd and ldbmodify.
>
> Can you run something like this to check your schema version ?
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base objectVersion
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Rowland penny" <rpenny at samba.org>, "samba" <samba at lists.samba.org>
> Envoyé: Mardi 29 Décembre 2015 21:43:03
> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>
> I will do that for now Thank you very much, I am grateful.
>
> Em 29-12-2015 18:26, Rowland penny escreveu:
>> There are various way of adding an attribute, you could do it with
>> ldbmodify or ldbedit, or if you feel more comfortable with a gui, you
>> could install ADUC on a windows machine and use this to add the
>> attribute, or you could install ldap account manager (LAM) on the DC
>> and use this to add the attribute.
>>
>> Pick one and search the internet for how to do it, you will learn more
>> doing it this way, rather than me telling you how to do it, step by
>> step. If after choosing a method, you have problems, this I will
>> attempt to help you with.
>

More information about the samba mailing list