[Samba] Problem switching to BIND9_DLZ
Achim Gottinger
achim at ag-web.biz
Fri Nov 13 06:11:50 UTC 2015
Hi,
I try to switch from internal DNS to bind9 on an samba-ad-dc (sernet
4.1.23 on debian wheezy).
I try to run
samba_upgradedns --dns-backend=BIND9_DLZ
and get an python error pointing to
/usr/lib/python2.7/dist-packages/samba/provision/__init__.py line 271
Reading domain information
Traceback (most recent call last):
File "/usr/sbin/samba_upgradedns", line 261, in <module>
paths, lp.configfile, lp)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 271, in find_provision_key_parameters
names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
IndexError: list index out of range
That is the names.policyid line in below snippet
-----------------------------------
res7 = samdb.search(expression="(displayName=Default Domain Policy)",
base="CN=Policies,CN=System," + basedn,
scope=ldb.SCOPE_ONELEVEL,
attrs=["cn","displayName"])
names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
# dc policy guid
res8 = samdb.search(expression="(displayName=Default Domain
Controllers Policy)",
base="CN=Policies,CN=System," + basedn,
scope=ldb.SCOPE_ONELEVEL,
attrs=["cn","displayName"])
if len(res8) == 1:
names.policyid_dc =
str(res8[0]["cn"]).replace("{","").replace("}","")
else:
names.policyid_dc = None
-----------------------------------
When I compare the branch in question System.Policies.[basedn] with
another server which migrated fine using above comman i find
these entries on the working server with the correct displayName:
CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=Default Domain
Policy
CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=Default Domain
Controllers Policy
On the server with the migration failing i find entries with the same
id's but different displayName values.
CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=[my domain name]
CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=domain
Looking into GPO management it seems i renamed these two policies a
while ago. There are no GPO related issues here with them renamed.
I wonder if it is safe to use None for names.policyid as well like it is
used for names.policyid_dc if not found.
if len(res7) == 1:
names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
else:
names.policyid = None
Server is in production so i ask here before testing (of course after an
snapshot of that vm).
Thanks in advance
achim~
More information about the samba
mailing list