[Samba] Windows 11 24H2, Samba 4.21.3 AD DC and domain users cannot log in
Virgo Pärna
virgo.parna at mail.ee
Sat Jan 25 18:44:24 UTC 2025
Domain itself is really old (and dc has been same install for long
time). Originally was installed as NT domain, that was upgraded to AD,
when Windows dropped NT domain support.
I now discovered, that there are lot of schema upgrades not done... I
was able to upgrade schema to 2012 version. But after that
samba-tool domain schemaupgrade --schema=2016 -v
fails with
Applying Sch78.ldf updates...
Exception: (21, "objectclass_attrs: attribute 'systemFlags' on entry
'CN=Privileged Access Management Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=*****' contains at least one invalid
value!")
Encountered while trying to apply the following LDIF
----------------------------------------------------
dn: CN=Privileged Access Management Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=*****
changetype: modify
replace: systemFlags
systemFlags: 2348810240
-
Exception: (21, "objectclass_attrs: attribute 'systemFlags' on entry
'CN=Privileged Access Management Feature,CN=Optional
Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=*****' contains at least one invalid
value!")
Error encountered, aborting schema upgrade
ERROR: Failed to upgrade schema
--
Virgo Pärna
virgo.parna at mail.ee
More information about the samba
mailing list