Dominic Evans
2013-Feb-20 16:41 UTC
[Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the
domain, allow full replication to take place and then transferred all
the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from
the domain.
Everything has been working well. Today I upgraded from samba 4.0.0 to
4.0.3 and ran samba_upgradeprovision --full. Initially this was
failing in update_present throwing an exception when attempting to
modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which
didn't exist. I was able to get the upgradeprovision to run to
completion by removing these from the deltas
i.e.,
delta.remove('msDS-SupportedEncryptionTypes')
delta.remove('msDS-NcType')
Everything seems to be up-and-running again at 4.0.3, so it went well.
However, if these attributes are missing - a) shouldn't I get these
attributes added? b) why don't these show up as missing attributes on
the samba-tool dbcheck?
Gregory Sloop
2013-Feb-20 17:09 UTC
[Samba] samba_upgradeprovision and msDS-SupportedEncryptionTypes / msDS-NcType
DE> Originally I had a Win 2003 DC. I added a samba 4.0.0 DC to the
DE> domain, allow full replication to take place and then transferred all
DE> the roles to the samba 4.0.0 dc. Finally I removed the Windows DC from
DE> the domain.
DE> Everything has been working well. Today I upgraded from samba 4.0.0 to
DE> 4.0.3 and ran samba_upgradeprovision --full. Initially this was
DE> failing in update_present throwing an exception when attempting to
DE> modify msDS-NcType and msDS-SupportedEncryptionTypes attributes which
DE> didn't exist. I was able to get the upgradeprovision to run to
DE> completion by removing these from the deltas
DE> i.e.,
DE> delta.remove('msDS-SupportedEncryptionTypes')
DE> delta.remove('msDS-NcType')
DE> Everything seems to be up-and-running again at 4.0.3, so it went well.
DE> However, if these attributes are missing - a) shouldn't I get these
DE> attributes added? b) why don't these show up as missing attributes on
DE> the samba-tool dbcheck?
I can't help you at all, but over the last week or so, Andrew Bartlett
has mentioned, IIRC, that the upgradeprovision should not be run to
upgrade a 4.0.x box to 4.0.3.
Essentially, as I understand it, the code is only working properly for
alpha version upgrades, and it was too dangerous to recommend for use
for a production version [4.0.x].
Hopefully someone else will chime in here that knows more than I.
Just thought if you hadn't seen those messages - that might explain
the source of the problems you have.
-Greg
Possibly Parallel Threads
- Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs
- Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses
- Was not found in the schema 'msDS-SupportedEncryptionTypes'
- Was not found in the schema 'msDS-SupportedEncryptionTypes'
- Was not found in the schema 'msDS-SupportedEncryptionTypes'