[Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
Christophe Borivant
cborivant at devinlec.com
Wed Dec 30 15:04:49 UTC 2015
msDS-Enabled-Feature is 1.2.840.113556.1.4.2061
Can you run :
ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com" -s base systemMayContain
and check if msDS-EnabledFeature id in the list ?
If this is ok, then you can edit sch47mod.ldf and delete the first block and try to rerun it.
---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)
Devinlec - Groupe Leclerc
--------------------------------------------
----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 15:47:35
Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
Hello!
Command output mainly seemed OK.
ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN =
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOMAIN"
-s base possSuperiors
# 1 record
dn: CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC =
Internal, DC = MYDOMAIN
possSuperiors: domainDNS
possSuperiors: nismap
possSuperiors: container
# Returned 1 records
# 1 entries
# 0 referrals
But when running ldbmodify
ldbmodify -H /var/lib/samba/private/sam.ldb --option = "DSDB: schema
update allowed = true" sch47mod.ldf
ERR: (Attribute or value exists) "attribute 'systemMayContain': value #
0 on 'CN = NTDS-DSA, CN = Schema, CN = Configuration, DC = MYDOMAIN'
already exists" on DN CN = NTDS-DSA, CN = Schema, CN = Configuration, DC
= MYDOMAIN at block before line 6
Modify failed after processing 0 records
The one problem with leaving the schema in 46 and not 47?
Thanks
Em 30-12-2015 12:28, Christophe Borivant escreveu:
> You should run :
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com" -s base possSuperiors
>
> If the result is :
> # record 1
> dn: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
> possSuperiors: container
> possSuperiors: domainDNS
> possSuperiors: nisMap
>
> Then it's OK, the script tried to add a value to a multi-value attribute. But the value was already there.
>
> If your schema version is 46, then you need to run :
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch47mod.ldf
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:33:05
> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>
> OK, ii see this then thank you
> .
> Executed the process ldbadd / ldbmodify and me only generated an error
>
> ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update
> schema allowed = true' sch40mod.ldf
> ERR: (Attribute or value exists) "attribute 'possSuperiors': value # 0
> on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC =
> Internal, DC = MYDOMAIN' already exists" on DN CN =
> msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at
> block before line 54
>
> Then performed:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN =
> Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 46
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
> Em 30-12-2015 09:15, Christophe Borivant escreveu:
>> msDS-isRODC is introduced in version 32 of the schema.
>> This is the problem I faced.
>> You can have a look to https://lists.samba.org/archive/samba/2015-August/193258.html.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 12:05:27
>> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>>
>> Okay, I'm already riding the test base ...
>> thank you
>> Leveraging believe may be related, when access peo UDCA part of Domains
>> Controller, I can think of error and logs appears:
>>
>> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
>> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC =
>> Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>>
>> It seems to be another missing attribute ....
>>
>>
>> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>>> Ok it seems like you are in the exact same situation I was.
>>> So here are the files in a tgz.
>>> Once uncompressed, you'll have to change each occurance of "DC=MYDOMAIN,DC=com"
>>> according to your configuration.
>>> you can do this with something like :
>>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>>
>>> Then you will have to run ldbadd and ldbmodify in the correct order to upgrade your
>>> schema to version 47 like this :
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch32mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch33mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch34mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch35mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch36mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch37mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch38mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch39mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch40mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch41mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch42mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-3.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43-4.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch43mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch44mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45-3.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch45mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch46mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update allowed=true" sch47mod.ldf
>>>
>>> Don't forget to first try in a test environment.
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>>> À: "Christophe BORIVANT" <cborivant at devinlec.com>, "samba" <samba at lists.samba.org>
>>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>>> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>>>
>>> Good day!
>>> Thank you for your attention, follow the process and led to this result:
>>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN =
>>> Configuration, DC = MYDOMAIN" -s base objectVersion
>>> # 1 record
>>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>>> objectVersion: 31
>>>
>>> # Returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>>
>>> How can we proceed ?
>>>
>>> Thanks
>>>
>>>
>>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>>> Hello Carlos,
>>>>
>>>> I had the same problem as you.
>>>> To solve the problem, I just modified the files I needed from adprep in order to be able
>>>> to run ldbadd and ldbmodify.
>>>>
>>>> Can you run something like this to check your schema version ?
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base objectVersion
>>>>
>>>> ---------------------------------------------
>>>> Christophe Borivant
>>>> Responsable d'exploitation informatique
>>>> +33 5 62 20 71 71 (Poste 503)
>>>>
>>>> Devinlec - Groupe Leclerc
>>>> --------------------------------------------
>>>>
>>>> ----- Mail original -----
>>>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>>>> À: "Rowland penny" <rpenny at samba.org>, "samba" <samba at lists.samba.org>
>>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>>> Objet: Re: [Samba] Was not found in the schema 'msDS-SupportedEncryptionTypes'
>>>>
>>>> I will do that for now Thank you very much, I am grateful.
>>>>
>>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>>> There are various way of adding an attribute, you could do it with
>>>>> ldbmodify or ldbedit, or if you feel more comfortable with a gui, you
>>>>> could install ADUC on a windows machine and use this to add the
>>>>> attribute, or you could install ldap account manager (LAM) on the DC
>>>>> and use this to add the attribute.
>>>>>
>>>>> Pick one and search the internet for how to do it, you will learn more
>>>>> doing it this way, rather than me telling you how to do it, step by
>>>>> step. If after choosing a method, you have problems, this I will
>>>>> attempt to help you with.
More information about the samba
mailing list