[Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
Christophe Borivant
cborivant at devinlec.com
Wed Dec 30 14:28:37 UTC 2015
You should run :
ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com" -s base possSuperiors
If the result is :
# record 1
dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
possSuperiors: container
possSuperiors: domainDNS
possSuperiors: nisMap
Then it's OK, the script tried to add a value to a multi-value attribute. But the value was already there.
If your schema version is 46, then you need to run :
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch47mod.ldf
---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)
Devinlec - Groupe Leclerc
--------------------------------------------
----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 12:33:05
Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
OK, ii see this then thank you
.
Executed the process ldbadd / ldbmodify and me only generated an error
ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update
schema allowed = true' sch40mod.ldf
ERR: (Attribute or value exists) "attribute 'possSuperiors': value # 0
on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC =
Internal, DC = MYDOMAIN' already exists" on DN CN =
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at
block before line 54
Then performed:
ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN =
Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
# 1 record
dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
objectVersion: 46
# Returned 1 records
# 1 entries
# 0 referrals
Em 30-12-2015 09:15, Christophe Borivant escreveu:
> msDS-isRODC is introduced in version 32 of the schema.
> This is the problem I faced.
> You can have a look to https://lists.samba.org/archive/samba/2015-August/193258.html.
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:05:27
> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>
> Okay, I'm already riding the test base ...
> thank you
> Leveraging believe may be related, when access peo UDCA part of Domains
> Controller, I can think of error and logs appears:
>
> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC =
> Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>
> It seems to be another missing attribute ....
>
>
> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>> Ok it seems like you are in the exact same situation I was.
>> So here are the files in a tgz.
>> Once uncompressed, you'll have to change each occurance of "DC=MYDOMAIN,DC=com"
>> according to your configuration.
>> you can do this with something like :
>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>
>> Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your
>> schema to version 47 like this :
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-2.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch38mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-2.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch41mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch42mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-2.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-3.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-4.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-2.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-3.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch46mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch47mod.ldf
>>
>> Don't forget to first try in a test environment.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>>
>> Good day!
>> Thank you for your attention, follow the process and led to this result:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN =
>> Configuration, DC = MYDOMAIN" -s base objectVersion
>> # 1 record
>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>> objectVersion: 31
>>
>> # Returned 1 records
>> # 1 entries
>> # 0 referrals
>>
>>
>> How can we proceed ?
>>
>> Thanks
>>
>>
>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>> Hello Carlos,
>>>
>>> I had the same problem as you.
>>> To solve the problem, I just modified the files I needed from adprep in order to be able
>>> to run ldbadd and ldbmodify.
>>>
>>> Can you run something like this to check your schema version ?
>>>
>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base objectVersion
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>>> À: "Rowland penny" <rpenny at samba.org>, "samba" <samba at lists.samba.org>
>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>>>
>>> I will do that for now Thank you very much, I am grateful.
>>>
>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>> There are various way of adding an attribute, you could do it with
>>>> ldbmodify or ldbedit, or if you feel more comfortable with a gui, you
>>>> could install ADUC on a windows machine and use this to add the
>>>> attribute, or you could install ldap account manager (LAM) on the DC
>>>> and use this to add the attribute.
>>>>
>>>> Pick one and search the internet for how to do it, you will learn more
>>>> doing it this way, rather than me telling you how to do it, step by
>>>> step. If after choosing a method, you have problems, this I will
>>>> attempt to help you with.
More information about the samba
mailing list