[Samba] [SOLVED] Re: Problem switching to BIND9_DLZ

Fri Nov 13 07:00:59 UTC 2015


Am 13.11.2015 um 07:11 schrieb Achim Gottinger:
> Hi,
>
> I try to switch from internal DNS to bind9 on an samba-ad-dc (sernet 
> 4.1.23 on debian wheezy).
> I try to run
>
> samba_upgradedns --dns-backend=BIND9_DLZ
>
> and get an python error pointing to 
> /usr/lib/python2.7/dist-packages/samba/provision/__init__.py line 271
>
> Reading domain information
> Traceback (most recent call last):
>   File "/usr/sbin/samba_upgradedns", line 261, in <module>
>     paths, lp.configfile, lp)
>   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", 
> line 271, in find_provision_key_parameters
>     names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
> IndexError: list index out of range
>
>
> That is the names.policyid line in below snippet
>
> -----------------------------------
>     res7 = samdb.search(expression="(displayName=Default Domain Policy)",
>                         base="CN=Policies,CN=System," + basedn,
>                         scope=ldb.SCOPE_ONELEVEL, 
> attrs=["cn","displayName"])
>     names.policyid = str(res7[0]["cn"]).replace("{","").replace("}","")
>     # dc policy guid
>     res8 = samdb.search(expression="(displayName=Default Domain 
> Controllers Policy)",
>                             base="CN=Policies,CN=System," + basedn,
>                             scope=ldb.SCOPE_ONELEVEL,
>                             attrs=["cn","displayName"])
>     if len(res8) == 1:
>         names.policyid_dc = 
> str(res8[0]["cn"]).replace("{","").replace("}","")
>     else:
>         names.policyid_dc = None
> -----------------------------------
>
> When I compare the branch in question System.Policies.[basedn] with 
> another server which migrated fine using above comman i find
> these entries on the working server with the correct displayName:
>
> CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=Default 
> Domain Policy
> CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=Default 
> Domain Controllers Policy
>
> On the server with the migration failing i find entries with the same 
> id's but different displayName values.
>
> CN={31B2F340-016D-11D2-945F-00C04FB984F9} -> displayName=[my domain name]
> CN={6AC1786C-016F-11D2-945F-00C04FB984F9} -> displayName=domain
>
> Looking into GPO management it seems i renamed these two policies a 
> while ago. There are no GPO related issues here with them renamed.
> I wonder if it is safe to use None for names.policyid as well like it 
> is used for names.policyid_dc if not found.
>
> if len(res7) == 1:
>         names.policyid = 
> str(res7[0]["cn"]).replace("{","").replace("}","")
>     else:
>         names.policyid = None
>
> Server is in production so i ask here before testing (of course after 
> an snapshot of that vm).
>
> Thanks in advance
> achim~
I circumvented the issue by renaming the GPO to "Default Domain Policy" 
run the script and rename the GPO back.