UNCLASSIFIED Sorry to be a bloody pest, but I've hit a new problem. I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server. Everything seemed to be working OK for several days, so I upgraded to 4.8.12. All seems OK except samba-tool dbcheck gives an error [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 142, in run check_expired_tombstones=selftest_check_expired_tombstones) File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 200, in __init__ self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) dbcheck ran fine before the upgrade Any ideas on how to fix this? My smb.conf is: # Global parameters [global] workgroup = SSUNIT050 realm = SSUNIT050.local netbios name = JULIUS server role = active directory domain controller server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, dns, s3fs [netlogon] path = /usr/local/samba/var/locks/sysvol/ssunit050.local/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No All versions of samba were built without any build settings. This is the only DC on the network. Cheers Russell -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba Sent: Wednesday, 5 June, 2019 5:15 p.m. To: sambalist Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED] On 05/06/2019 08:18, Thamm, Russell wrote:> UNCLASSIFIED > > I built another PC using Centos7 and samba 4.1.7. > > This got further but gave a segmentation fault. On successive runs, I > got: Your filesystem or build does not support posix ACLs, which s3f3 > requires. (This is BS)What filesystem as this ?> > So I tried the next version that I had downloaded 4.3.3. With this I was able to successfully join the domain. > > I am thinking to: > > 1) seize roles with samba 3.3 serverI do hope you meant '4.3.3' ;-) I would try to transfer them first, then seize if this fails (add --force to the seize command)> 2) shutdown 2003 server > 3) join domain with samba 4.10 serverI wouldn't do that, there was a bug that left you with a non-operating DC This is where I would 'walk' up the minor versions 4.3.3 -> 4.7.x -> 4.8.x -> 4.10.x> 4) transfer roles to samba 4.10 server > 5) demote samba 3.3 server (this PC is a loaner) > > Is there any benefit in walking up the versions from 3.3 to 4.8.x before seizing the roles? > > When you say "walk up the versions", do you mean 4.4, 4.5, 4.6, 4.7, 4.8?I hope my explanation above answers those questions. Rowland> > Cheers > Russell > > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
On 12/06/2019 08:36, Thamm, Russell wrote:> UNCLASSIFIED > > Sorry to be a bloody pest, but I've hit a new problem. > > I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server. > > Everything seemed to be working OK for several days, so I upgraded to 4.8.12. > > All seems OK except samba-tool dbcheck gives an error > > [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' > File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 142, in run > check_expired_tombstones=selftest_check_expired_tombstones) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 200, in __init__ > self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) >OK, it seems to be saying that you do not have a 'tombstoneLifetime' attribute, try running this on the DC: ldbsearch --cross-ncs -H ldap://julius -b 'CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ssunit050,DC=local' -s base -U Administrator It should display the entire AD object, is 'tombstoneLifetime' amongst the output ? Rowland
I migth be picky in thise things, but setting this things correct from start helps avoiding problems. I suggest you make a small adjustment to your smb.conf. Change : realm = SSUNIT050.local To realm = SSUNIT050.LOCAL Realms always in caps, or it might bit you somewhere else and these things are often hard to find. (Note, unrelated to the problem in this case) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Thamm, Russell via samba > Verzonden: woensdag 12 juni 2019 9:37 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED] > > UNCLASSIFIED > > Sorry to be a bloody pest, but I've hit a new problem. > > I shutdown the 2003 server & seized the roles. I then > upgraded to samba 4.7.12. and demoted the 2003 server. > > Everything seemed to be working OK for several days, so I > upgraded to 4.8.12. > > All seems OK except samba-tool dbcheck gives an error > > [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No > such element' > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/_ > _init__.py", line 177, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/d > bcheck.py", line 142, in run > check_expired_tombstones=selftest_check_expired_tombstones) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecke > r.py", line 200, in __init__ > self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) > > dbcheck ran fine before the upgrade > > Any ideas on how to fix this? > > My smb.conf is: > > # Global parameters > [global] > workgroup = SSUNIT050 > realm = SSUNIT050.local > netbios name = JULIUS > server role = active directory domain controller > server services = rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbind, ntp_signd, kcc, dnsupdate, dns, s3fs [netlogon] > path = /usr/local/samba/var/locks/sysvol/ssunit050.local/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > > All versions of samba were built without any build settings. > > This is the only DC on the network. > > Cheers > Russell > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf > Of Rowland penny via samba > Sent: Wednesday, 5 June, 2019 5:15 p.m. > To: sambalist > Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED] > > On 05/06/2019 08:18, Thamm, Russell wrote: > > UNCLASSIFIED > > > > I built another PC using Centos7 and samba 4.1.7. > > > > This got further but gave a segmentation fault. On > successive runs, I > > got: Your filesystem or build does not support posix ACLs, > which s3f3 > > requires. (This is BS) > What filesystem as this ? > > > > So I tried the next version that I had downloaded 4.3.3. > With this I was able to successfully join the domain. > > > > I am thinking to: > > > > 1) seize roles with samba 3.3 server > > I do hope you meant '4.3.3' ;-) > > I would try to transfer them first, then seize if this fails > (add --force to the seize command) > > > 2) shutdown 2003 server > > 3) join domain with samba 4.10 server > > I wouldn't do that, there was a bug that left you with a > non-operating DC > > This is where I would 'walk' up the minor versions 4.3.3 -> > 4.7.x -> 4.8.x -> 4.10.x > > > 4) transfer roles to samba 4.10 server > > 5) demote samba 3.3 server (this PC is a loaner) > > > > Is there any benefit in walking up the versions from 3.3 to > 4.8.x before seizing the roles? > > > > When you say "walk up the versions", do you mean 4.4, 4.5, > 4.6, 4.7, 4.8? > > I hope my explanation above answers those questions. > > Rowland > > > > > Cheers > > Russell > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > IMPORTANT: This email remains the property of the Department > of Defence and is subject to the jurisdiction of section 70 > of the Crimes Act 1914. If you have received this email in > error, you are requested to contact the sender and delete the email. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >