UNCLASSIFIED Hi Rowland No tombstonelifetime. Do I need to upgrade the schema? The current schema is 30 (Windows 2003). When I try to update the schema, I get the following error: Applying Sch31.ldf updates... Exception [Errno 2] No such file or directory I downloaded sch31.ldf and tried to apply that. samba-tool domain schemaupgrade --ldf-file=sch31.ldf --base-dir=/home/user/work/ldif Unable to find attribute 1.2.840.113556.1.6.13.3.2 in the schema. Exception: unable to parse LDIF string at first chunk Not sure if I'm barking up the wrong tree. Cheers Russell -----Original Message----- From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland penny via samba Sent: Wednesday, 12 June, 2019 5:57 p.m. To: sambalist Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED] On 12/06/2019 08:36, Thamm, Russell wrote:> UNCLASSIFIED > > Sorry to be a bloody pest, but I've hit a new problem. > > I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server. > > Everything seemed to be working OK for several days, so I upgraded to 4.8.12. > > All seems OK except samba-tool dbcheck gives an error > > [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' > File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 142, in run > check_expired_tombstones=selftest_check_expired_tombstones) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 200, in __init__ > self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) >OK, it seems to be saying that you do not have a 'tombstoneLifetime' attribute, try running this on the DC: ldbsearch --cross-ncs -H ldap://julius -b 'CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=ssunit050,DC=local' -s base -U Administrator It should display the entire AD object, is 'tombstoneLifetime' amongst the output ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
On 13/06/2019 08:33, Thamm, Russell wrote:> UNCLASSIFIED > > Hi Rowland > > No tombstonelifetime. > > Do I need to upgrade the schema? The current schema is 30 (Windows 2003). > > When I try to update the schema, I get the following error: > > Applying Sch31.ldf updates... > Exception [Errno 2] No such file or directory > > I downloaded sch31.ldf and tried to apply that. > > samba-tool domain schemaupgrade --ldf-file=sch31.ldf --base-dir=/home/user/work/ldif > > Unable to find attribute 1.2.840.113556.1.6.13.3.2 in the schema. > Exception: unable to parse LDIF string at first chunk > > Not sure if I'm barking up the wrong tree.Right tree, possibly wrong bark ;-) Have a look here: https://lists.samba.org/archive/samba/2015-December/196883.html> > Cheers > Russell > > UNCLASSIFIED > > Sorry to be a bloody pest, but I've hit a new problem. > > I shutdown the 2003 server & seized the roles. I then upgraded to samba 4.7.12. and demoted the 2003 server.I totally missed that you started with 2003, which uses schema 31, Samba uses 47> > Everything seemed to be working OK for several days, so I upgraded to 4.8.12. > > > IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.I love things like the above, why do people add things like that ? they are totally unenforceable ;-) Rowland
On Thu, 2019-06-13 at 07:33 +0000, Thamm, Russell via samba wrote:> UNCLASSIFIED > > Hi Rowland > > No tombstonelifetime.Just fill it in as 180 I think. A bug fix just landed: https://bugzilla.samba.org/show_bug.cgi?id=13967> Do I need to upgrade the schema? The current schema is 30 (Windows > 2003).I don't think so.> When I try to update the schema, I get the following error: > > Applying Sch31.ldf updates... > Exception [Errno 2] No such file or directoryOdd. But unrelated.> I downloaded sch31.ldf and tried to apply that. > > samba-tool domain schemaupgrade --ldf-file=sch31.ldf --base- > dir=/home/user/work/ldif > > Unable to find attribute 1.2.840.113556.1.6.13.3.2 in the schema. > Exception: unable to parse LDIF string at first chunk > > Not sure if I'm barking up the wrong tree.Probably :-) I hope this helps, Andrew Bartlett> Cheers > Russell > > -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of > Rowland penny via samba > Sent: Wednesday, 12 June, 2019 5:57 p.m. > To: sambalist > Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED] > > On 12/06/2019 08:36, Thamm, Russell wrote: > > UNCLASSIFIED > > > > Sorry to be a bloody pest, but I've hit a new problem. > > > > I shutdown the 2003 server & seized the roles. I then upgraded to > > samba 4.7.12. and demoted the 2003 server. > > > > Everything seemed to be working OK for several days, so I upgraded > > to 4.8.12. > > > > All seems OK except samba-tool dbcheck gives an error > > > > [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs > > ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such > > element' > > File "/usr/local/samba/lib64/python2.7/site- > > packages/samba/netcmd/__init__.py", line 177, in _run > > return self.run(*args, **kwargs) > > File "/usr/local/samba/lib64/python2.7/site- > > packages/samba/netcmd/dbcheck.py", line 142, in run > > check_expired_tombstones=selftest_check_expired_tombstones) > > File "/usr/local/samba/lib64/python2.7/site- > > packages/samba/dbchecker.py", line 200, in __init__ > > self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) > > > > OK, it seems to be saying that you do not have a 'tombstoneLifetime' > attribute, try running this on the DC: > > ldbsearch --cross-ncs -H ldap://julius -b 'CN=Directory > Service,CN=Windows > NT,CN=Services,CN=Configuration,DC=ssunit050,DC=local' -s base -U > Administrator > > It should display the entire AD object, is 'tombstoneLifetime' > amongst the output ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > IMPORTANT: This email remains the property of the Department of > Defence and is subject to the jurisdiction of section 70 of the > Crimes Act 1914. If you have received this email in error, you are > requested to contact the sender and delete the email. >-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba