[Samba] Problem joining domain [SEC=UNCLASSIFIED]

Thamm, Russell Russell.Thamm at dst.defence.gov.au
Thu Jun 13 07:33:42 UTC 2019 

UNCLASSIFIED

Hi Rowland

No tombstonelifetime.

Do I need to upgrade the schema? The current schema is 30 (Windows 2003).

When I try to update the schema, I get the following error:

Applying Sch31.ldf updates...
Exception [Errno 2] No such file or directory 

I downloaded sch31.ldf and tried to apply that.

samba-tool domain schemaupgrade --ldf-file=sch31.ldf --base-dir=/home/user/work/ldif

Unable to find attribute 1.2.840.113556.1.6.13.3.2 in the schema. 
Exception: unable to parse LDIF string at first chunk

Not sure if I'm barking up the wrong tree.

Cheers
Russell

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba
Sent: Wednesday, 12 June, 2019 5:57 p.m.
To: sambalist
Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED]

On 12/06/2019 08:36, Thamm, Russell wrote:
> UNCLASSIFIED
>
> Sorry to be a bloody pest, but I've hit a new problem.
>
> I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server.
>
> Everything seemed to be working OK for several days, so I upgraded to 4.8.12.
>
> All seems OK except  samba-tool dbcheck gives an error
>
> [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
>    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 142, in run
>      check_expired_tombstones=selftest_check_expired_tombstones)
>    File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 200, in __init__
>      self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])
>
OK, it seems to be saying that you do not have a 'tombstoneLifetime' 
attribute, try running this on the DC:

ldbsearch --cross-ncs -H ldap://julius -b 'CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ssunit050,DC=local' -s base -U Administrator

It should display the entire AD object, is 'tombstoneLifetime' amongst the output ?

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.

More information about the samba mailing list