samba - Dec 2015 - Was not found in the schema 'msDS-SupportedEncryptionTypes'

Ok it seems like you are in the exact same situation I was.
So here are the files in a tgz.
Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
according to your configuration.
you can do this with something like :
perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *

Then you will have to run ldbadd and ldbmodify in the correct order to upgrade
your
schema to version 47 like this :
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch32.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch32mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch33.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch33mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-2.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch35.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch35mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch36.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch36mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch37.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch37mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch38mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch39.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch39mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-2.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch41mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch42mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-2.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-3.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-4.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch44.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch44mod.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-1.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-2.ldf
ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-3.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch46mod.ldf
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch47mod.ldf

Don't forget to first try in a test environment.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 11:28:11
Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'

Good day!
Thank you for your attention, follow the process and led to this result:

ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN = 
Configuration, DC = MYDOMAIN" -s base objectVersion
# 1 record
dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
objectVersion: 31

# Returned 1 records
# 1 entries
# 0 referrals


How can we proceed ?

Thanks


Em 30-12-2015 07:54, Christophe Borivant escreveu:
> Hello Carlos,
>
> I had the same problem as you.
> To solve the problem, I just modified the files I needed from adprep in
order to be able
> to run ldbadd and ldbmodify.
>
> Can you run something like this to check your schema version ?
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Rowland penny" <rpenny at samba.org>, "samba"
<samba at lists.samba.org>
> Envoyé: Mardi 29 Décembre 2015 21:43:03
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> I will do that for now Thank you very much, I am grateful.
>
> Em 29-12-2015 18:26, Rowland penny escreveu:
>> There are various way of adding an attribute, you could do it with
>> ldbmodify or ldbedit, or if you feel more comfortable with a gui, you
>> could install ADUC on a windows machine and use this to add the
>> attribute, or you could install ldap account manager (LAM) on the DC
>> and use this to add the attribute.
>>
>> Pick one and search the internet for how to do it, you will learn more
>> doing it this way, rather than me telling you how to do it, step by
>> step. If after choosing a method, you have problems, this I will
>> attempt to help you with.
>

Okay, I'm already riding the test base ...
thank you
Leveraging believe may be related, when access peo UDCA part of Domains 
Controller, I can think of error and logs appears:

[12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb 
wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC = 
Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of

It seems to be another missing attribute ....


Em 30-12-2015 08:53, Christophe Borivant escreveu:
> Ok it seems like you are in the exact same situation I was.
> So here are the files in a tgz.
> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
> according to your configuration.
> you can do this with something like :
> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>
> Then you will have to run ldbadd and ldbmodify in the correct order to
upgrade your
> schema to version 47 like this :
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch32.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch33.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-2.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch35.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch36.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch37.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch38mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch39.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-2.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch41mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch42mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-2.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-3.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-4.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch44.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-2.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-3.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch46mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>
> Don't forget to first try in a test environment.
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 11:28:11
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> Good day!
> Thank you for your attention, follow the process and led to this result:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN >
Configuration, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 31
>
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
>
> How can we proceed ?
>
> Thanks
>
>
> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>> Hello Carlos,
>>
>> I had the same problem as you.
>> To solve the problem, I just modified the files I needed from adprep in
order to be able
>> to run ldbadd and ldbmodify.
>>
>> Can you run something like this to check your schema version ?
>>
>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> I will do that for now Thank you very much, I am grateful.
>>
>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>> There are various way of adding an attribute, you could do it with
>>> ldbmodify or ldbedit, or if you feel more comfortable with a gui,
you
>>> could install ADUC on a windows machine and use this to add the
>>> attribute, or you could install ldap account manager (LAM) on the
DC
>>> and use this to add the attribute.
>>>
>>> Pick one and search the internet for how to do it, you will learn
more
>>> doing it this way, rather than me telling you how to do it, step by
>>> step. If after choosing a method, you have problems, this I will
>>> attempt to help you with.
> >

msDS-isRODC is introduced in version 32 of the schema.
This is the problem I faced.
You can have a look to
https://lists.samba.org/archive/samba/2015-August/193258.html.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 12:05:27
Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'

Okay, I'm already riding the test base ...
thank you
Leveraging believe may be related, when access peo UDCA part of Domains 
Controller, I can think of error and logs appears:

[12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb 
wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC = 
Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of

It seems to be another missing attribute ....


Em 30-12-2015 08:53, Christophe Borivant escreveu:
> Ok it seems like you are in the exact same situation I was.
> So here are the files in a tgz.
> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
> according to your configuration.
> you can do this with something like :
> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>
> Then you will have to run ldbadd and ldbmodify in the correct order to
upgrade your
> schema to version 47 like this :
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch32.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch33.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch34-2.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch35.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch36.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch37.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch38mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch39.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch40-2.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch41mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch42mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-2.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-3.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch43-4.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch44.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44mod.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-1.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-2.ldf
> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch45-3.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch46mod.ldf
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>
> Don't forget to first try in a test environment.
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 11:28:11
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> Good day!
> Thank you for your attention, follow the process and led to this result:
>
> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN >
Configuration, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 31
>
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
>
> How can we proceed ?
>
> Thanks
>
>
> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>> Hello Carlos,
>>
>> I had the same problem as you.
>> To solve the problem, I just modified the files I needed from adprep in
order to be able
>> to run ldbadd and ldbmodify.
>>
>> Can you run something like this to check your schema version ?
>>
>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> I will do that for now Thank you very much, I am grateful.
>>
>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>> There are various way of adding an attribute, you could do it with
>>> ldbmodify or ldbedit, or if you feel more comfortable with a gui,
you
>>> could install ADUC on a windows machine and use this to add the
>>> attribute, or you could install ldap account manager (LAM) on the
DC
>>> and use this to add the attribute.
>>>
>>> Pick one and search the internet for how to do it, you will learn
more
>>> doing it this way, rather than me telling you how to do it, step by
>>> step. If after choosing a method, you have problems, this I will
>>> attempt to help you with.
> >