[Samba] Problem joining domain [SEC=UNCLASSIFIED]

Thamm, Russell Russell.Thamm at dst.defence.gov.au
Wed Jun 12 07:36:35 UTC 2019


Sorry to be a bloody pest, but I've hit a new problem.

I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server.

Everything seemed to be working OK for several days, so I upgraded to 4.8.12.

All seems OK except  samba-tool dbcheck gives an error

[root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 142, in run
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 200, in __init__
    self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])

dbcheck ran fine before the upgrade

Any ideas on how to fix this?

My smb.conf is:

# Global parameters
	workgroup = SSUNIT050
	realm = SSUNIT050.local
	netbios name = JULIUS
	server role = active directory domain controller
	server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, s3fs [netlogon]
	path = /usr/local/samba/var/locks/sysvol/ssunit050.local/scripts
	read only = No

	path = /usr/local/samba/var/locks/sysvol
	read only = No

All versions of samba were built without any build settings.

This is the only DC on the network.


-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba
Sent: Wednesday, 5 June, 2019 5:15 p.m.
To: sambalist
Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED]

On 05/06/2019 08:18, Thamm, Russell wrote:
> I built another PC using Centos7 and samba 4.1.7.
> This got further but gave a segmentation fault. On successive runs, I
> got: Your filesystem or build does not support posix ACLs, which s3f3 
> requires. (This is BS)
What filesystem as this ?
> So I tried the next version that I had downloaded 4.3.3. With this I was able to successfully join the domain.
> I am thinking to:
> 1) seize roles with samba 3.3 server

I do hope you meant '4.3.3' ;-)

I would try to transfer them first, then seize if this fails (add --force to the seize command)

> 2) shutdown 2003 server
> 3) join domain with samba 4.10 server

I wouldn't do that, there was a bug that left you with a non-operating DC

This is where I would 'walk' up the minor versions 4.3.3 -> 4.7.x -> 4.8.x -> 4.10.x

> 4) transfer roles to samba 4.10 server
> 5) demote samba 3.3 server (this PC is a loaner)
> Is there any benefit in walking up the versions from 3.3 to 4.8.x before seizing the roles?
> When you say "walk up the versions", do you mean 4.4, 4.5, 4.6, 4.7, 4.8?

I hope my explanation above answers those questions.


> Cheers
> Russell

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.

More information about the samba mailing list