samba - Dec 2015 - Was not found in the schema 'msDS-SupportedEncryptionTypes'

You should run :
ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com"
-s base possSuperiors

If the result is :
# record 1
dn:
CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
possSuperiors: container
possSuperiors: domainDNS
possSuperiors: nisMap

Then it's OK, the script tried to add a value to a multi-value attribute.
But the value was already there.

If your schema version is 46, then you need to run :
ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema update
allowed=true" sch47mod.ldf

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 12:33:05
Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'

OK, ii see this then thank you
.
Executed the process ldbadd / ldbmodify and me only generated an error

ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update 
schema allowed = true' sch40mod.ldf
ERR: (Attribute or value exists) "attribute 'possSuperiors': value
# 0
on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = 
Internal, DC = MYDOMAIN' already exists" on DN CN = 
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at 
block before line 54

Then performed:

ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN = 
Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
# 1 record
dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
objectVersion: 46
# Returned 1 records
# 1 entries
# 0 referrals

Em 30-12-2015 09:15, Christophe Borivant escreveu:
> msDS-isRODC is introduced in version 32 of the schema.
> This is the problem I faced.
> You can have a look to
https://lists.samba.org/archive/samba/2015-August/193258.html.
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:05:27
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> Okay, I'm already riding the test base ...
> thank you
> Leveraging believe may be related, when access peo UDCA part of Domains
> Controller, I can think of error and logs appears:
>
> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC >
Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>
> It seems to be another missing attribute ....
>
>
> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>> Ok it seems like you are in the exact same situation I was.
>> So here are the files in a tgz.
>> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
>> according to your configuration.
>> you can do this with something like :
>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>
>> Then you will have to run ldbadd and ldbmodify in the correct order to
upgrade your
>> schema to version 47 like this :
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-2.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch38mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-2.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch41mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch42mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-2.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-3.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-4.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44mod.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-1.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-2.ldf
>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-3.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch46mod.ldf
>> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>>
>> Don't forget to first try in a test environment.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> Good day!
>> Thank you for your attention, follow the process and led to this
result:
>>
>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema, CN
>> Configuration, DC = MYDOMAIN" -s base objectVersion
>> # 1 record
>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>> objectVersion: 31
>>
>> # Returned 1 records
>> # 1 entries
>> # 0 referrals
>>
>>
>> How can we proceed ?
>>
>> Thanks
>>
>>
>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>> Hello Carlos,
>>>
>>> I had the same problem as you.
>>> To solve the problem, I just modified the files I needed from
adprep in order to be able
>>> to run ldbadd and ldbmodify.
>>>
>>> Can you run something like this to check your schema version ?
>>>
>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>
>>> I will do that for now Thank you very much, I am grateful.
>>>
>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>> There are various way of adding an attribute, you could do it
with
>>>> ldbmodify or ldbedit, or if you feel more comfortable with a
gui, you
>>>> could install ADUC on a windows machine and use this to add the
>>>> attribute, or you could install ldap account manager (LAM) on
the DC
>>>> and use this to add the attribute.
>>>>
>>>> Pick one and search the internet for how to do it, you will
learn more
>>>> doing it this way, rather than me telling you how to do it,
step by
>>>> step. If after choosing a method, you have problems, this I
will
>>>> attempt to help you with.

Hello!

Command output mainly seemed OK.

ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = 
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOMAIN" 
-s base possSuperiors
# 1 record
dn: CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = 
Internal, DC = MYDOMAIN
possSuperiors: domainDNS
possSuperiors: nismap
possSuperiors: container

# Returned 1 records
# 1 entries
# 0 referrals

But when running ldbmodify

ldbmodify -H /var/lib/samba/private/sam.ldb --option = "DSDB: schema 
update allowed = true" sch47mod.ldf

ERR: (Attribute or value exists) "attribute 'systemMayContain':
value #
0 on 'CN = NTDS-DSA, CN = Schema, CN = Configuration, DC = MYDOMAIN' 
already exists" on DN CN = NTDS-DSA, CN = Schema, CN = Configuration, DC 
= MYDOMAIN at block before line 6
Modify failed after processing 0 records

The one problem with leaving the schema in 46 and not 47?

Thanks



Em 30-12-2015 12:28, Christophe Borivant escreveu:
> You should run :
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com"
-s base possSuperiors
>
> If the result is :
> # record 1
> dn:
CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
> possSuperiors: container
> possSuperiors: domainDNS
> possSuperiors: nisMap
>
> Then it's OK, the script tried to add a value to a multi-value
attribute. But the value was already there.
>
> If your schema version is 46, then you need to run :
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:33:05
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> OK, ii see this then thank you
> .
> Executed the process ldbadd / ldbmodify and me only generated an error
>
> ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update
> schema allowed = true' sch40mod.ldf
> ERR: (Attribute or value exists) "attribute 'possSuperiors':
value # 0
> on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC
> Internal, DC = MYDOMAIN' already exists" on DN CN >
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at
> block before line 54
>
> Then performed:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN >
Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 46
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
> Em 30-12-2015 09:15, Christophe Borivant escreveu:
>> msDS-isRODC is introduced in version 32 of the schema.
>> This is the problem I faced.
>> You can have a look to
https://lists.samba.org/archive/samba/2015-August/193258.html.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 12:05:27
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> Okay, I'm already riding the test base ...
>> thank you
>> Leveraging believe may be related, when access peo UDCA part of Domains
>> Controller, I can think of error and logs appears:
>>
>> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
>> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC
>> Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>>
>> It seems to be another missing attribute ....
>>
>>
>> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>>> Ok it seems like you are in the exact same situation I was.
>>> So here are the files in a tgz.
>>> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
>>> according to your configuration.
>>> you can do this with something like :
>>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>>
>>> Then you will have to run ldbadd and ldbmodify in the correct order
to upgrade your
>>> schema to version 47 like this :
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch32mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch33mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch34mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch35mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch36mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch37mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch38mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch39mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch40mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch41mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch42mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-3.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-4.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch43mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch44mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-3.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch45mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch46mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch47mod.ldf
>>>
>>> Don't forget to first try in a test environment.
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>> À: "Christophe BORIVANT" <cborivant at
devinlec.com>, "samba" <samba at lists.samba.org>
>>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>
>>> Good day!
>>> Thank you for your attention, follow the process and led to this
result:
>>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema,
CN >>> Configuration, DC = MYDOMAIN" -s base objectVersion
>>> # 1 record
>>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>>> objectVersion: 31
>>>
>>> # Returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>>
>>> How can we proceed ?
>>>
>>> Thanks
>>>
>>>
>>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>>> Hello Carlos,
>>>>
>>>> I had the same problem as you.
>>>> To solve the problem, I just modified the files I needed from
adprep in order to be able
>>>> to run ldbadd and ldbmodify.
>>>>
>>>> Can you run something like this to check your schema version ?
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>>>
>>>> ---------------------------------------------
>>>> Christophe Borivant
>>>> Responsable d'exploitation informatique
>>>> +33 5 62 20 71 71 (Poste 503)
>>>>
>>>> Devinlec - Groupe Leclerc
>>>> --------------------------------------------
>>>>
>>>> ----- Mail original -----
>>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>>
>>>> I will do that for now Thank you very much, I am grateful.
>>>>
>>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>>> There are various way of adding an attribute, you could do
it with
>>>>> ldbmodify or ldbedit, or if you feel more comfortable with
a gui, you
>>>>> could install ADUC on a windows machine and use this to add
the
>>>>> attribute, or you could install ldap account manager (LAM)
on the DC
>>>>> and use this to add the attribute.
>>>>>
>>>>> Pick one and search the internet for how to do it, you will
learn more
>>>>> doing it this way, rather than me telling you how to do it,
step by
>>>>> step. If after choosing a method, you have problems, this I
will
>>>>> attempt to help you with.

No, the sch47mod.ldf just seems not being run.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 15:47:35
Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'

Hello!

Command output mainly seemed OK.

ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = 
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOMAIN" 
-s base possSuperiors
# 1 record
dn: CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = 
Internal, DC = MYDOMAIN
possSuperiors: domainDNS
possSuperiors: nismap
possSuperiors: container

# Returned 1 records
# 1 entries
# 0 referrals

But when running ldbmodify

ldbmodify -H /var/lib/samba/private/sam.ldb --option = "DSDB: schema 
update allowed = true" sch47mod.ldf

ERR: (Attribute or value exists) "attribute 'systemMayContain':
value #
0 on 'CN = NTDS-DSA, CN = Schema, CN = Configuration, DC = MYDOMAIN' 
already exists" on DN CN = NTDS-DSA, CN = Schema, CN = Configuration, DC 
= MYDOMAIN at block before line 6
Modify failed after processing 0 records

The one problem with leaving the schema in 46 and not 47?

Thanks



Em 30-12-2015 12:28, Christophe Borivant escreveu:
> You should run :
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com"
-s base possSuperiors
>
> If the result is :
> # record 1
> dn:
CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
> possSuperiors: container
> possSuperiors: domainDNS
> possSuperiors: nisMap
>
> Then it's OK, the script tried to add a value to a multi-value
attribute. But the value was already there.
>
> If your schema version is 46, then you need to run :
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:33:05
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> OK, ii see this then thank you
> .
> Executed the process ldbadd / ldbmodify and me only generated an error
>
> ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update
> schema allowed = true' sch40mod.ldf
> ERR: (Attribute or value exists) "attribute 'possSuperiors':
value # 0
> on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC
> Internal, DC = MYDOMAIN' already exists" on DN CN >
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at
> block before line 54
>
> Then performed:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN >
Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 46
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
> Em 30-12-2015 09:15, Christophe Borivant escreveu:
>> msDS-isRODC is introduced in version 32 of the schema.
>> This is the problem I faced.
>> You can have a look to
https://lists.samba.org/archive/samba/2015-August/193258.html.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 12:05:27
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> Okay, I'm already riding the test base ...
>> thank you
>> Leveraging believe may be related, when access peo UDCA part of Domains
>> Controller, I can think of error and logs appears:
>>
>> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
>> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC
>> Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>>
>> It seems to be another missing attribute ....
>>
>>
>> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>>> Ok it seems like you are in the exact same situation I was.
>>> So here are the files in a tgz.
>>> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
>>> according to your configuration.
>>> you can do this with something like :
>>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>>
>>> Then you will have to run ldbadd and ldbmodify in the correct order
to upgrade your
>>> schema to version 47 like this :
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch32mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch33mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch34mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch35mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch36mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch37mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch38mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch39mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch40mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch41mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch42mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-3.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-4.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch43mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch44mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-3.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch45mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch46mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch47mod.ldf
>>>
>>> Don't forget to first try in a test environment.
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>> À: "Christophe BORIVANT" <cborivant at
devinlec.com>, "samba" <samba at lists.samba.org>
>>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>
>>> Good day!
>>> Thank you for your attention, follow the process and led to this
result:
>>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema,
CN >>> Configuration, DC = MYDOMAIN" -s base objectVersion
>>> # 1 record
>>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>>> objectVersion: 31
>>>
>>> # Returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>>
>>> How can we proceed ?
>>>
>>> Thanks
>>>
>>>
>>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>>> Hello Carlos,
>>>>
>>>> I had the same problem as you.
>>>> To solve the problem, I just modified the files I needed from
adprep in order to be able
>>>> to run ldbadd and ldbmodify.
>>>>
>>>> Can you run something like this to check your schema version ?
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>>>
>>>> ---------------------------------------------
>>>> Christophe Borivant
>>>> Responsable d'exploitation informatique
>>>> +33 5 62 20 71 71 (Poste 503)
>>>>
>>>> Devinlec - Groupe Leclerc
>>>> --------------------------------------------
>>>>
>>>> ----- Mail original -----
>>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>>
>>>> I will do that for now Thank you very much, I am grateful.
>>>>
>>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>>> There are various way of adding an attribute, you could do
it with
>>>>> ldbmodify or ldbedit, or if you feel more comfortable with
a gui, you
>>>>> could install ADUC on a windows machine and use this to add
the
>>>>> attribute, or you could install ldap account manager (LAM)
on the DC
>>>>> and use this to add the attribute.
>>>>>
>>>>> Pick one and search the internet for how to do it, you will
learn more
>>>>> doing it this way, rather than me telling you how to do it,
step by
>>>>> step. If after choosing a method, you have problems, this I
will
>>>>> attempt to help you with.

msDS-Enabled-Feature is 1.2.840.113556.1.4.2061

Can you run :
ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com" -s
base systemMayContain
and check if msDS-EnabledFeature id in the list ?

If this is ok, then you can edit sch47mod.ldf and delete the first block and try
to rerun it.

---------------------------------------------
Christophe Borivant
Responsable d'exploitation informatique
+33 5 62 20 71 71 (Poste 503)

Devinlec - Groupe Leclerc
--------------------------------------------

----- Mail original -----
De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
Envoyé: Mercredi 30 Décembre 2015 15:47:35
Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'

Hello!

Command output mainly seemed OK.

ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = 
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOMAIN" 
-s base possSuperiors
# 1 record
dn: CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = 
Internal, DC = MYDOMAIN
possSuperiors: domainDNS
possSuperiors: nismap
possSuperiors: container

# Returned 1 records
# 1 entries
# 0 referrals

But when running ldbmodify

ldbmodify -H /var/lib/samba/private/sam.ldb --option = "DSDB: schema 
update allowed = true" sch47mod.ldf

ERR: (Attribute or value exists) "attribute 'systemMayContain':
value #
0 on 'CN = NTDS-DSA, CN = Schema, CN = Configuration, DC = MYDOMAIN' 
already exists" on DN CN = NTDS-DSA, CN = Schema, CN = Configuration, DC 
= MYDOMAIN at block before line 6
Modify failed after processing 0 records

The one problem with leaving the schema in 46 and not 47?

Thanks



Em 30-12-2015 12:28, Christophe Borivant escreveu:
> You should run :
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=com"
-s base possSuperiors
>
> If the result is :
> # record 1
> dn:
CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,DC=DEVINLECLECLERC,DC=com
> possSuperiors: container
> possSuperiors: domainDNS
> possSuperiors: nisMap
>
> Then it's OK, the script tried to add a value to a multi-value
attribute. But the value was already there.
>
> If your schema version is 46, then you need to run :
> ldbmodify -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch47mod.ldf
>
> ---------------------------------------------
> Christophe Borivant
> Responsable d'exploitation informatique
> +33 5 62 20 71 71 (Poste 503)
>
> Devinlec - Groupe Leclerc
> --------------------------------------------
>
> ----- Mail original -----
> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
> Envoyé: Mercredi 30 Décembre 2015 12:33:05
> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>
> OK, ii see this then thank you
> .
> Executed the process ldbadd / ldbmodify and me only generated an error
>
> ldbmodify -H /var/lib/samba/private/sam.ldb '--option = DSDB: update
> schema allowed = true' sch40mod.ldf
> ERR: (Attribute or value exists) "attribute 'possSuperiors':
value # 0
> on 'CN = msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC
> Internal, DC = MYDOMAIN' already exists" on DN CN >
msSFU-30-Mail-Aliases, CN = Schema, CN = Configuration, DC = MYDOAIN at
> block before line 54
>
> Then performed:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN >
Configuration, DC = Internal, DC = MYDOMAIN" -s base objectVersion
> # 1 record
> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
> objectVersion: 46
> # Returned 1 records
> # 1 entries
> # 0 referrals
>
> Em 30-12-2015 09:15, Christophe Borivant escreveu:
>> msDS-isRODC is introduced in version 32 of the schema.
>> This is the problem I faced.
>> You can have a look to
https://lists.samba.org/archive/samba/2015-August/193258.html.
>>
>> ---------------------------------------------
>> Christophe Borivant
>> Responsable d'exploitation informatique
>> +33 5 62 20 71 71 (Poste 503)
>>
>> Devinlec - Groupe Leclerc
>> --------------------------------------------
>>
>> ----- Mail original -----
>> De: "Carlos A. P. Cunha" <carlos.hollow at gmail.com>
>> À: "Christophe BORIVANT" <cborivant at devinlec.com>,
"samba" <samba at lists.samba.org>
>> Envoyé: Mercredi 30 Décembre 2015 12:05:27
>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>
>> Okay, I'm already riding the test base ...
>> thank you
>> Leveraging believe may be related, when access peo UDCA part of Domains
>> Controller, I can think of error and logs appears:
>>
>> [12/30/2015 08: 55: 52.277383, 0] ../lib/ldb-samba/ldb wrap.c: 72 (ldb
>> wrap debug) ldb: acl_read: CN = DC-LINUX, OU = Domain Controllers, DC
>> Internal, DC = MYDOMAIN can not find attr [msDS-isRODC] in schema of
>>
>> It seems to be another missing attribute ....
>>
>>
>> Em 30-12-2015 08:53, Christophe Borivant escreveu:
>>> Ok it seems like you are in the exact same situation I was.
>>> So here are the files in a tgz.
>>> Once uncompressed, you'll have to change each occurance of
"DC=MYDOMAIN,DC=com"
>>> according to your configuration.
>>> you can do this with something like :
>>> perl -pi -e 's/DC=MYDOMAIN,DC=com/DC=Carlos,DC=com/g' *
>>>
>>> Then you will have to run ldbadd and ldbmodify in the correct order
to upgrade your
>>> schema to version 47 like this :
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch32.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch32mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch33.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch33mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch34-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch34mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch35.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch35mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch36.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch36mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch37.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch37mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch38mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch39.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch39mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch40-2.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch40mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch41mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch42mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-3.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch43-4.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch43mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch44.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch44mod.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-1.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-2.ldf
>>> ldbadd -H /var/lib/samba/private/sam.ldb --option="dsdb:schema
update allowed=true" sch45-3.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch45mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch46mod.ldf
>>> ldbmodify -H /var/lib/samba/private/sam.ldb
--option="dsdb:schema update allowed=true" sch47mod.ldf
>>>
>>> Don't forget to first try in a test environment.
>>>
>>> ---------------------------------------------
>>> Christophe Borivant
>>> Responsable d'exploitation informatique
>>> +33 5 62 20 71 71 (Poste 503)
>>>
>>> Devinlec - Groupe Leclerc
>>> --------------------------------------------
>>>
>>> ----- Mail original -----
>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>> À: "Christophe BORIVANT" <cborivant at
devinlec.com>, "samba" <samba at lists.samba.org>
>>> Envoyé: Mercredi 30 Décembre 2015 11:28:11
>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>
>>> Good day!
>>> Thank you for your attention, follow the process and led to this
result:
>>>
>>> ldbsearch -H /usr/local/samba/private/sam.ldb -b "CN = Schema,
CN >>> Configuration, DC = MYDOMAIN" -s base objectVersion
>>> # 1 record
>>> dn: CN = Schema, CN = Configuration, DC = MYDOMAIN
>>> objectVersion: 31
>>>
>>> # Returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>>
>>> How can we proceed ?
>>>
>>> Thanks
>>>
>>>
>>> Em 30-12-2015 07:54, Christophe Borivant escreveu:
>>>> Hello Carlos,
>>>>
>>>> I had the same problem as you.
>>>> To solve the problem, I just modified the files I needed from
adprep in order to be able
>>>> to run ldbadd and ldbmodify.
>>>>
>>>> Can you run something like this to check your schema version ?
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb -b
"CN=Schema,CN=Configuration,DC=YOURDOMAIN,DC=com" -s base
objectVersion
>>>>
>>>> ---------------------------------------------
>>>> Christophe Borivant
>>>> Responsable d'exploitation informatique
>>>> +33 5 62 20 71 71 (Poste 503)
>>>>
>>>> Devinlec - Groupe Leclerc
>>>> --------------------------------------------
>>>>
>>>> ----- Mail original -----
>>>> De: "Carlos A. P. Cunha" <carlos.hollow at
gmail.com>
>>>> À: "Rowland penny" <rpenny at samba.org>,
"samba" <samba at lists.samba.org>
>>>> Envoyé: Mardi 29 Décembre 2015 21:43:03
>>>> Objet: Re: [Samba] Was not found in the schema
'msDS-SupportedEncryptionTypes'
>>>>
>>>> I will do that for now Thank you very much, I am grateful.
>>>>
>>>> Em 29-12-2015 18:26, Rowland penny escreveu:
>>>>> There are various way of adding an attribute, you could do
it with
>>>>> ldbmodify or ldbedit, or if you feel more comfortable with
a gui, you
>>>>> could install ADUC on a windows machine and use this to add
the
>>>>> attribute, or you could install ldap account manager (LAM)
on the DC
>>>>> and use this to add the attribute.
>>>>>
>>>>> Pick one and search the internet for how to do it, you will
learn more
>>>>> doing it this way, rather than me telling you how to do it,
step by
>>>>> step. If after choosing a method, you have problems, this I
will
>>>>> attempt to help you with.

Hello!
# I edited the file

cat sch47mod.ldif

#increase object version
dn: CN = Schema, CN = Configuration, DC = Internal, DC = mastersonda, DC 
= com, DC = us
changetype: modify
replace: objectVersion
objectVersion: 47
-
and ran the ldbmodify
And now this version and 47

ldbsearch -H /var/lib/samba/private/sam.ldb -b "CN = Schema, CN = 
Configuration, DC = MYDOMAIN" -s base objectVersion
# 1 record
dn: CN = Schema, CN = Configuration, DC = Internal, DC = mastersonda, DC 
= com, DC = us
objectVersion: 47
# Returned 1 records
# 1 entries
# 0 referrals

I think my problem resolved??

Thank you for your help my friend again.

Em 30-12-2015 15:18, Christophe Borivant escreveu:
> By second block I mean the now first block.
> you need to keep the last one because this is the one who update the schema
version