[Samba] SAMBA 4.20 - function level upgrade

Andrew Bartlett abartlet at samba.org
Wed Apr 10 08:54:55 UTC 2024 

Thanks for the extra details.  I do intend to dig into this for you, it
is very strange, but to do that I need some more details:
Can I get (again, if I've missed it) a history of this domain (what
version did you start with, what schema upgrades have happened in the
past) so I can try and reproduce?
Also, can you confirm where you got your Samba package, if there are
any other bits of any Samba version on your system, and the details for
the sources of that package.
The reason I ask is that things in the logs just don't line up with
what I see in the git tag. 
For example, not only do the resolve_oids.c references look odd, I just
can't see how Samba 4.20.0 can print this line:
dsdb_schema_set_el_from_ldb_msg_dups() WERR_INVALID_PARAMETER
Thanks,
Andrew Bartlett
On Tue, 2024-04-09 at 08:05 +0000, Tomáš Havlín wrote:
> Hello,
> samba-tool domain level showForest function level: (Windows) 2012 R2
> Domain function level: (Windows) 2012 R2
> Lowest function level of a DC: (Windows) 2016
> 
> samba 4.20.0-2
> smb.confad dc functional level = 2016
> https://wiki.samba.org/index.php/Samba_Features_added/changed#NEW_FEATURES/CHANGESsection AD DC support for Authentication Silos and Authentication
> Policies
> direcly copied from console[root at vorvan ~]# samba-tool domain
> schemaupgrade --schema=2019
> Temporarily overriding 'dsdb:schema update allowed' setting
> Applying Sch70.ldf updates...
> Unable to find attribute msDS-DeviceMDMStatus in the schema
> 5 changes applied
> Applying Sch71.ldf updates...
> 7 changes applied
> Applying Sch72.ldf updates...
> 5 changes applied
> Applying Sch73.ldf updates...
> 5 changes applied
> Applying Sch74.ldf updates...
> ../../source4/dsdb/schema/schema_init.c:816: name == NULL in CN=ms-
> DS-Key-Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
> dsdb_schema_set_el_from_ldb_msg_dups() WERR_INVALID_PARAMETER
> Exception: (1, 'operations error at
> ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
> Encountered while trying to apply the following LDIF
> ----------------------------------------------------
> dn: CN=ms-DS-Key-
> Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
> changetype: add
> objectClass: classSchema
> ldapDisplayName: msDS-KeyCredential
> adminDisplayName: msDS-KeyCredential
> adminDescription: An instance of this class contains key material.
> governsId: 1.2.840.113556.1.5.297
> objectClassCategory: 1
> rdnAttId: cn
> schemaIdGuid:: Q1Uf7i58akeLP+EfSvbEmA==
> defaultSecurityDescriptor:
> D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOWDSDD
> TSW;;;SY)
> defaultHidingValue: FALSE
> showInAdvancedViewOnly: TRUE
> systemOnly: FALSE
> systemFlags: 16
> instanceType: 4
> subClassOf: top
> systemPossSuperiors: container
> systemMustContain: 1.2.840.113556.1.4.2315
> systemMayContain: msDS-KeyMaterial
> systemMayContain: msDS-KeyUsage
> systemMayContain: msDS-KeyPrincipal
> systemMayContain: msDS-DeviceDN
> systemMayContain: msDS-ComputerSID
> systemMayContain: msDS-CustomKeyInformation
> systemMayContain: msDS-KeyApproximateLastLogonTimeStamp
> 
> Exception: (1, 'operations error at
> ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
> Error encountered, aborting schema upgrade
> ERROR: Failed to upgrade schema
> 
> thank youTHAV
> 
> 
> 
> 
> 
> ------ Původní zpráva ------
> 
> Od "Andrew Bartlett" <abartlet at samba.org>
> 
> Komu "Tomáš Havlín" <thavlin at spel.cz>; "Tomáš Havlín via samba" <
> samba at lists.samba.org>
> 
> Datum 09.04.2024 9:45:00
> 
> Předmět Re: Re[2]: [Samba] SAMBA 4.20 - function level upgrade
> 
> > On Mon, 2024-04-08 at 08:03 +0000, Tomáš Havlín wrote:
> > > Hello,
> > > I am sorry for my answer. I have already upgraded level domain
> > > and 
> > > forest level 2012_R2 and function level to 2016 via ad dc
> > > functional 
> > > level = 2016. Then I tried to follow instructions from wiki to
> > > upgrade 
> > > to version of funtion level to 2016, but schema upgrade ends with
> > > error
> > > 
> > > 
> > > Exception: (1, 'operations error at 
> > > ../../source4/dsdb/samba/ldb_modules/resolve_oids.c:674')
> > > Error encountered, aborting schema upgrade
> > > ERROR: Failed to upgrade schema
> > 
> > Was this text copied directly from your failing host?  I ask
> > cecause someone has 'spell corrected' samdb -> samba in that path,
> > and line 674 is empty in the Samba 4.20.0 released sources.
> > 
> > Can you please confirm the exact command given and the version of
> > Samba you are running where you see this failure?
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba
> > Team Member (since 2001) https://samba.orgSamba Team
> > Lead                
> > https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
> > Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
> > company
> > Samba Development and Support: 
> > https://catalyst.net.nz/services/samba
> > Catalyst IT - Expert Open Source Solutions
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list