[Samba] Error Upgrading Schema

Matthew Delfino Samba List mdelfino.list.samba at KNOCKinc.com
Fri Nov 20 17:23:37 UTC 2020 

Thanks for trying to help as best as you can Rowland and Andrew.

To anyone searching the list archives who might be in a similar pickle in the future, I'm leaving this thread for now. I may attempt to upgrade my schema manually with the files in /usr/share/samba/setup/adprep/WindowsServerDocs/ as a starting point, as Rowland suggests. But - with a company with around 125 users or so - I may explore my options for rebuilding my entire domain on a new set of DCs that have not yet been patched with custom schema. Although disruptive, I feel like the latter option may be the safest in terms of error tolerance, and may also benefit from being a (more) well-worn path for admins trying to solve a variety of problems with their older Samba implementations.

I suspect there's a slightly better than nil chance that the script may be improved to more elegantly tolerate custom schema updates to the very attributes it attempts to change. But I'm not going to count on this and IMHO neither should you. My current version is 4.11.15.

Appreciatively,
Matthew


On 2020.11.20, 10:41 AM, "samba on behalf of Rowland penny via samba" <samba-bounces at lists.samba.org on behalf of samba at lists.samba.org> wrote:

    On 20/11/2020 15:46, Matthew Delfino Samba List wrote:
    > Rowland,
    >
    > I had the same thought. When I do that and try again, I get this message:
    >
    >   # samba-tool domain schemaupgrade
    >   Temporarily overriding 'dsdb:schema update allowed' setting
    >   Patched Sch49.ldf using /usr/share/samba/setup/adprep/WindowsServerDocs/Sch49.ldf.diff
    >   Exception in patch: b'patching file Sch50.ldf\nHunk #2 succeeded at 209 (offset -35 lines).\n'
    >   b'patch: **** unexpected end of file in patch\n'
    >   ERROR: Failed to upgrade schema
    >
    > I feel like it's got to be some small syntax oversight on my part...
    >
    possibly, but I think it might still be a patching problem 🙁

    The script produces an ldif, which then gets patched to suit Samba, but
    if you have altered either (or both), then the patch will not match what
    it is trying to patch (wrong line numbers). If this is the case, then it
    might just be easier to manually create the ldifs from Schema-updates,
    then manually patch the required ldifs using the *.diff files, remove
    the attributes & objectclasses already in AD, then add the ldifs one by
    one with ldbmodify.

    Rowland



    --
    To unsubscribe from this list go to the following URL and read the
    instructions:  https://lists.samba.org/mailman/options/samba

© 2020 KNOCK, inc. All rights reserved. KNOCK, inc, is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.

More information about the samba mailing list