[Samba] Problem switching to BIND9_DLZ

Achim Gottinger achim at ag-web.biz
Fri Nov 13 06:11:50 UTC 2015 

Hi,

I try to switch from internal DNS to bind9 on an samba-ad-dc (sernet 
4.1.23 on debian wheezy).
I try to run

samba_upgradedns --dns-backend=BIND9_DLZ

and get an python error pointing to 
/usr/lib/python2.7/dist-packages/samba/provision/__init__.py line 271

Reading domain information
Traceback (most recent call last):
   File "/usr/sbin/samba_upgradedns", line 261, in <module>
     paths, lp.configfile, lp)
   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
line 271, in find_provision_key_parameters
     names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
IndexError: list index out of range


That is the names.policyid line in below snippet

-----------------------------------
     res7 = samdb.search(expression="(displayName=Default Domain Policy)",
                         base="CN=Policies,CN=System," + basedn,
                         scope=ldb.SCOPE_ONELEVEL, 
attrs=["cn","displayName"])
     names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
     # dc policy guid
     res8 = samdb.search(expression="(displayName=Default Domain 
Controllers Policy)",
                             base="CN=Policies,CN=System," + basedn,
                             scope=ldb.SCOPE_ONELEVEL,
                             attrs=["cn","displayName"])
     if len(res8) == 1:
         names.policyid_dc = 
str(res8[0]["cn"]).replace("{","").replace("}","")
     else:
         names.policyid_dc = None
-----------------------------------

When I compare the branch in question System.Policies.[basedn] with 
another server which migrated fine using above comman i find
these entries on the working server with the correct displayName:

CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=Default Domain 
Policy
CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=Default Domain 
Controllers Policy

On the server with the migration failing i find entries with the same 
id's but different displayName values.

CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=[my domain name]
CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=domain

Looking into GPO management it seems i renamed these two policies a 
while ago. There are no GPO related issues here with them renamed.
I wonder if it is safe to use None for names.policyid as well like it is 
used for names.policyid_dc if not found.

if len(res7) == 1:
         names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
     else:
         names.policyid = None

Server is in production so i ask here before testing (of course after an 
snapshot of that vm).

Thanks in advance
achim~

More information about the samba mailing list