Dear all.
I currently have a Centos7 box running Samba 4.6.5. I would like to
increase functional level to latest one. For this reason I created
another box (Ubuntu 22.04) with 4.18.9.
The plan was to define Ubuntu box as an additional AD server. Once have
replica of the AD, move FSMO from Centos to Ubuntu, demote the Centos
server and finally increase functional level.
On Ubuntu, checked resolv.conf settings, krb5.conf settings.
Creation of Kerberos ticket with kinit fine, using domain administrator
account. Checked with klist.
Finally launched domain join request (samba-tool domain join AD_NAME
-U"administrator")
It seems that all runs fine but finally I got an error and a rollback is
done on AD database. The error appears to be:
ERROR(runtime): uncaught exception - (8442,
'WERR_DS_DRA_INTERNAL_ERROR')
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/__init__.py",
line 230, in _run
??? return self.run(*args, **kwargs)
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/domain.py",
line 733, in run
??? join_DC(logger=logger, server=server, creds=creds, lp=lp,
domain=domain,
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
1598, in join_DC
??? ctx.do_join()
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
1488, in do_join
??? ctx.join_replicate()
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
1031, in join_replicate
??? repl.replicate(nc, source_dsa_invocation_id,
? File
"/usr/local/samba/lib/python3.10/site-packages/samba/drs_utils.py",
line 358, in replicate
??? (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
req_level, req)
Ok. Tried second way: move step forward the current4.6.5 release to new
ones (up to 4.9.0 that includes samba-tool domain backup facilities) but
the first step (from 4.6.5 to 4.8.0) fails. The make and make install
seems to run fine but when I try to perform a dbcheck (done without
issues when running 4.6.5) it throws
ERROR(ldb): uncaught exception - operations error at
../source4/dsdb/samdb/ldb_modules/rootdse.c:516
? File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
??? return self.run(*args, **kwargs)
? File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py",
line 135, in run
reset_well_known_acls=reset_well_known_acls)
? File
"/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py",
line 95, in __init__
??? self.ntds_dsa = ldb.Dn(samdb, samdb.get_dsServiceName())
? File
"/usr/local/samba/lib64/python2.7/site-packages/samba/samdb.py",
line 943, in get_dsServiceName
??? res = self.search(base="", scope=ldb.SCOPE_BASE,
attrs=["dsServiceName"])
Previous to the make install I stopped the service and created a backup
copy for the whole directories /usr/local/samba/var and
/usr/local/samba/private as a AD backup.
Can anyone tell me why any of two ways worked for me?
Fortunately I created an snapshot so easy to rollback.
Any help will be appreciated.
--
Este correo electr?nico ha sido analizado en busca de virus por el software
antivirus de Avast.
www.avast.com
On Sun, 2024-03-03 at 21:28 +0100, Josep Maria Gorro via samba wrote:> Dear all. > I currently have a Centos7 box running Samba 4.6.5. I would like to > increase functional level to latest one. For this reason I created > another box (Ubuntu 22.04) with 4.18.9.The plan was to define Ubuntu > box as an additional AD server. Once have replica of the AD, move > FSMO from Centos to Ubuntu, demote the Centos server and finally > increase functional level. > On Ubuntu, checked resolv.conf settings, krb5.conf settings.Creation > of Kerberos ticket with kinit fine, using domain administrator > account. Checked with klist.Finally launched domain join request > (samba-tool domain join AD_NAME -U"administrator")It seems that all > runs fine but finally I got an error and a rollback is done on AD > database. The error appears to be: > ERROR(runtime): uncaught exception - > (8442, 'WERR_DS_DRA_INTERNAL_ERROR') FileI would turn up the log level on the client and server and see what the error is.> "/usr/local/samba/lib/python3.10/site- > packages/samba/netcmd/__init__.py", line 230, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python3.10/site- > packages/samba/netcmd/domain.py", line 733, in run > join_DC(logger=logger, server=server, creds=creds, > lp=lp, domain=domain, > File "/usr/local/samba/lib/python3.10/site- > packages/samba/join.py", line 1598, in join_DC > ctx.do_join() File "/usr/local/samba/lib/python3.10/site- > packages/samba/join.py", line 1488, in do_join > ctx.join_replicate() > File "/usr/local/samba/lib/python3.10/site- > packages/samba/join.py", line 1031, in join_replicate > repl.replicate(nc, source_dsa_invocation_id, > File "/usr/local/samba/lib/python3.10/site- > packages/samba/drs_utils.py", line 358, in replicate > (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, > req) > Ok. Tried second way: move step forward the current4.6.5 release to > new ones (up to 4.9.0 that includes samba-tool domain backup > facilities) but the first step (from 4.6.5 to 4.8.0) fails. The make > and make install seems to run fine but when I try to perform a > dbcheck (done without issues when running 4.6.5) it throws > ERROR(ldb): uncaught exception - operations error > at ../source4/dsdb/samdb/ldb_modules/rootdse.c:516You should get the source for that version and look at that line to understand more what the problem could be. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
On Sunday, March 3, 2024 8:29 PM Josep Maria Gorro wrote:> Finally launched domain join request (samba-tool domain join AD_NAME > -U"administrator")You have missed off the type of join: you need to state "DC" after the domain name. See the help for the samba-tool command. HTH, spindles7