[Samba] samba_upgradedns: No such Base DN
Rowland Penny
rpenny at samba.org
Fri Nov 4 11:20:10 UTC 2022
On 04/11/2022 09:35, Lorenzo Milesi wrote:
>> The 'DnsAdmins' group is a system group, so by your definition, it
>> should be in 'CN=Users'
>
> And it is!
>
> But the upgradedns tool uses the users' base DN so it's looking in the wrong place
OK, looking at the code, samba_upgradedns does this:
# Check for DNS accounts and create them if required
try:
msg = ldbs.sam.search(base=domaindn, scope=ldb.SCOPE_DEFAULT,
expression='(sAMAccountName=DnsAdmins)',
attrs=['objectSid'])
dnsadmins_sid = ndr_unpack(security.dom_sid,
msg[0]['objectSid'][0])
except IndexError:
logger.info("Adding DNS accounts")
add_dns_accounts(ldbs.sam, domaindn)
dnsadmins_sid = get_dnsadmins_sid(ldbs.sam, domaindn)
else:
logger.info("DNS accounts already exist")
Which means, check if DnsAdmins exists, create it if it doesn't,
otherwise report it does exist.
Your error was from get_dnsadmins_sid in sambadns.py, the code for this is:
def get_dnsadmins_sid(samdb, domaindn):
base_dn = "CN=DnsAdmins,%s" % samdb.get_wellknown_dn(ldb.Dn(samdb,
domaindn),
DS_GUID_USERS_CONTAINER)
res = samdb.search(base=base_dn, scope=ldb.SCOPE_BASE,
attrs=["objectSid"])
dnsadmins_sid = ndr_unpack(security.dom_sid, res[0]["objectSid"][0])
return dnsadmins_sid
and yours is returning the 'dn' as:
CN=DnsAdmins,OU=DOMusers,DC=wdc,DC=domain,DC=it
On my system (where everything is in CN=Users), the wellknown DN is
found in:
dn: DC=samdom,DC=example,DC=com
wellKnownObjects:
B:32:A9D1CA15768811D1ADED00C04FD8D5CD:CN=Users,DC=samdom,DC=example,DC=com
It would appear that it is the 'A9D1CA15768811D1ADED00C04FD8D5CD' string
that is relevant, so can you check under the 'dn' DC=wdc,DC=domain,DC=it
in AD and see if it there ?
To me, it looks like it is all or nothing, you have ALL the users and
groups in your new OU or none. Another option would be to change the
search to just search AD for DnsAdmins (All AD names are exclusive).
Rowland
More information about the samba
mailing list