Dominic Evans
2013-Feb-20 16:41 UTC
[Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the domain, allow full replication to take place and then transferred all the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from the domain. Everything has been working well. Today I upgraded from samba 4.0.0 to 4.0.3 and ran samba_upgradeprovision --full. Initially this was failing in update_present throwing an exception when attempting to modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which didn't exist. I was able to get the upgradeprovision to run to completion by removing these from the deltas i.e., delta.remove('msDS-SupportedEncryptionTypes') delta.remove('msDS-NcType') Everything seems to be up-and-running again at 4.0.3, so it went well. However, if these attributes are missing - a) shouldn't I get these attributes added? b) why don't these show up as missing attributes on the samba-tool dbcheck?
Gregory Sloop
2013-Feb-20 17:09 UTC
[Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
DE> Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the DE> domain, allow full replication to take place and then transferred all DE> the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from DE> the domain. DE> Everything has been working well. Today I upgraded from samba 4.0.0 to DE> 4.0.3 and ran samba_upgradeprovision --full. Initially this was DE> failing in update_present throwing an exception when attempting to DE> modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which DE> didn't exist. I was able to get the upgradeprovision to run to DE> completion by removing these from the deltas DE> i.e., DE> delta.remove('msDS-SupportedEncryptionTypes') DE> delta.remove('msDS-NcType') DE> Everything seems to be up-and-running again at 4.0.3, so it went well. DE> However, if these attributes are missing - a) shouldn't I get these DE> attributes added? b) why don't these show up as missing attributes on DE> the samba-tool dbcheck? I can't help you at all, but over the last week or so, Andrew Bartlett has mentioned, IIRC, that the upgradeprovision should not be run to upgrade a 4.0.x box to 4.0.3. Essentially, as I understand it, the code is only working properly for alpha version upgrades, and it was too dangerous to recommend for use for a production version [4.0.x]. Hopefully someone else will chime in here that knows more than I. Just thought if you hadn't seen those messages - that might explain the source of the problems you have. -Greg
Reasonably Related Threads
- Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs
- Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses
- Was not found in the schema 'msDS-SupportedEncryptionTypes'
- Was not found in the schema 'msDS-SupportedEncryptionTypes'
- Was not found in the schema 'msDS-SupportedEncryptionTypes'