[Samba] Error Upgrading Schema

Matthew Delfino Samba List mdelfino.list.samba at KNOCKinc.com
Fri Nov 20 02:13:59 UTC 2020 

Thank you, Andrew!

This evening I attempted the upgrade. I first carefully commented out each of the attributes from the Schema-Updates.md file. I then saved the file and ran the following command, which gave me the subsequent output:

(as root)

  # samba-tool domain schemaupgrade
  Temporarily overriding 'dsdb:schema update allowed' setting
  Patched Sch49.ldf using /usr/share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
  Exception in patch: b'patching file Sch50.ldf\nHunk #2 succeeded at 207 (offset -37 lines).\nHunk #3 FAILED at 277.\n1 out of 3 hunks FAILED -- saving rejects to file Sch50.ldf.rej\n'
  b''
  ERROR: Failed to upgrade schema

I had hoped there was a Sch50.ldf.rej in the working directory, or in the same folder wherein Schema-Updates.md makes its home. Unfortunately, there was nothing there. A find for any file by that name revealed nothing as well.

I read this output to tell me that the schema upgrade went through Sch49.ldf.diff without issue, but ran into some kind of problem in Sch50.ldf.diff OR... there appears to be a section in Schema-Updates.md for Sch50.ldf: line 3120 " ### <a name="BKMK_Sch50"></a>Sch50.ldf" and something about the syntax below that line is going bad? Indeed, I do have some attributes in that section commented out:

  CN=ms-DS-Primary-Computer,CN=Schema,CN=Configuration,DC=X
  CN=ms-DS-Is-Primary-Computer-For,CN=Schema,CN=Configuration,DC=X
  CN=ms-DS-Value-Type-Reference,CN=Schema,CN=Configuration,DC=X
  CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X

(The comment character I am using is a hash tag "#", by the way).

And one of those attributes is described in the Sch50.ldf.diff file as well (CN=ms-DS-Value-Type-Reference-BL,CN=Schema,CN=Configuration,DC=X).

Do you have any ideas as to what I may have done wrong or forgot?

Thank you again for any time you can spare to assist me in upgrading my schema.

Appreciatively,
Matthew


On 2020.11.18, 5:34 PM, "Andrew Bartlett" <abartlet at samba.org> wrote:

    On Wed, 2020-11-18 at 23:12 +0000, Matthew Delfino Samba List via samba
    wrote:
    >
    > There is only one thing that concerns me: One of the attributes
    > specified in the Samba script has a parameter whose value directly
    > contradicts the value specified in my old ldif file:
    >

    Well done with the analysis!

    >
    > In Samba script:
    >
    >   dn: CN=ms-DS-Claim-Shares-Possible-Values-
    > With,CN=Schema,CN=Configuration,DC=X
    >
    >   isSingleValued: FALSE
    >
    >
    >
    > In my ldif file:
    >
    >   dn: cn=ms-DS-Claim-Shares-Possible-Values-
    > With,cn=Schema,cn=Configuration,dc=X
    >
    >   isSingleValued: TRUE
    >
    >
    >
    > If left unaltered, I wonder if this condition is going to lead to
    > mayhem?
    >

    Not until we implement whatever uses that (probably Windows 2012 R2
    Functional level) and only if you want to have more than one of that
    thing.

    >
    > Having said all of that, if I simply comment out all these attributes
    > I found, I suspect the schema upgrade may complete. If I'm right and
    > the syntax differences noted above are unimportant, and the
    > parameters that were missing from my ldif don't matter, I am left
    > only with the "isSingleValued" difference in "ms-DS-Claim-Shares-
    > Possible-Values-With".
    >
    >
    >
    > Do you think this is going to come back to bite me? Is there some
    > "legal" way to alter that parameter's value?
    >

    Yes, just alter it like any other attribute, but with the option set to
    allow schema changes (see the schema page).

    >
    > As usual, I appreciate you and any time you will kindly take to
    > consider and answer my question.

    You seem to be understanding the issue and solution well.

    Andrew Bartlett

    --
    Andrew Bartlett                       https://samba.org/~abartlet/
    Authentication Developer, Samba Team  https://samba.org
    Samba Developer, Catalyst IT
    https://catalyst.net.nz/services/samba




© 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.

More information about the samba mailing list