Rowland penny wrote on 3/18/16 12:58 PM:> On 18/03/16 19:27, Robert Moulton wrote: >> Rowland penny wrote on 3/18/16 11:48 AM: >>> On 18/03/16 18:19, Robert Moulton wrote: >>>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed >>>> something odd. When I run 'samba-tool fsmo show' I get an error: >>>> >>>> # samba-tool fsmo show >>>> ERROR(ldb): uncaught exception - No such Base DN: >>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>> File >>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", >>>> >>>> line 175, in _run >>>> return self.run(*args, **kwargs) >>>> File >>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>> line 395, in run >>>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn) >>>> File >>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>> line 40, in get_fsmo_roleowner >>>> scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"]) >>>> >>>> And 'ldbsearch' verifies that DomainDnsZones is missing: >>>> >>>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb >>>> '(fsmoroleowner=*)' | grep 'dn:' >>>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>> dn: DC=biostat,DC=washington,DC=edu >>>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu >>>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu >>>> >>>> What might explain this anomaly, and more importantly, what should be >>>> done to address it? >>>> >>>> thanks, >>>> -r >>>> >>> >>> OK, as for how did you get to here, how was the domain provisioned ?? >> >> Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP >> backend. > > I don't suppose you can remember the actual command you ran to upgrade ?I remember: samba-tool domain classicupgrade --dbdir=/var/tmp/dbdir/ --use-xattrs=yes --realm=biostat.washington.edu --dns-backend=BIND9_FLATFILE --option="interfaces=lo eth0" --option="bind interfaces only=yes" /var/tmp/dbdir/smb.conf (output is appended below)> >> >>> You are actually missing two fsmo roleowners, your ldbsearch should >>> return these as well as the other 5: >>> >>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>> dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >>> >>> Do the 'DNs' exist ? >>> >>> try this: >>> >>> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>> '(cn=Infrastructure)' >>> >>> Does it return anything ? >>> >> >> uh-oh, no such base dn ... >> >> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >> '(cn=Infrastructure)' >> search error - No such Base DN: >> DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >> >>> Run it again, but replace 'DC=DomainDnsZones' with 'DC=ForestDnsZones', >>> does this return anything ? >> >> ... and again: >> >> [root at porter ~]# ldbsearch --cross-ncs -H >> /usr/local/samba/private/sam.ldb -b >> 'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >> '(cn=Infrastructure)' >> search error - No such Base DN: >> DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >> >> should they be added with ldbadd? > > It is not as simple as that, You probably have a lot more missing. > > When you ran the upgrade command, did you cut and paste it from the wiki > ? If so, you may have missed half the command line. I have just looked > at the wiki page and altered it so it shows all the command. > > I have never been in this position, so I am unsure if you can add the > DNS objects to AD and if you can, I do not know how. > > Rowland >> >>> If the objects exist, then you need to add the fsmo roleowners with >>> ldbmodify >>> >>> You need to create an ldif >>> >>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>> changetype: modify >>> add: fSMORoleOwner >>> fSMORoleOwner: CN=NTDS >>> Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu >>> >>> >>> >>> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones >>> >>> Rowland >>> >>> >>> > ># /usr/local/samba/bin/samba-tool domain classicupgrade --dbdir=/var/tmp/dbdir/ --use-xattrs=yes --realm=biostat.washington.edu --dns-backend=BIND9_FLATFILE --option="interfaces=lo eth0" --option="bind interfaces only=yes" /var/tmp/dbdir/smb.conf Reading smb.conf Provisioning Exporting account policy Exporting groups Exporting users Ignoring group memberships of 'root' S-1-5-21-1900679799-3721262086-4005390970-1001: Unable to enumerate group memberships, (-1073741596,This error indicates that the requested operation cannot be completed due to a catastrophic media failure or an on-disk data structure corruption.) Skipping wellknown rid=500 (for username=Administrator) Next rid = 23307 Exporting posix attributes Reading WINS database Cannot open wins database, Ignoring: [Errno 2] No such file or directory: '/var/tmp/dbdir/wins.dat' Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=biostat,DC=washington,DC=edu Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups Setting up self join Setting acl on sysvol skipped Adding DNS accounts Creating CN=MicrosoftDNS,CN=System,DC=biostat,DC=washington,DC=edu rndc: 'freeze' failed: not found rndc: 'unfreeze' failed: not found See /usr/local/samba/private/named.conf for an example configuration include file for BIND and /usr/local/samba/private/named.txt for further documentation required for secure DNS updates Setting up sam.ldb rootDSE marking as synchronized Fixing provision GUIDs A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Setting up fake yp server settings Once the above files are installed, your Samba4 server will be ready to use Server Role: active directory domain controller Hostname: marzen NetBIOS Domain: BIOSTAT DNS Domain: biostat.washington.edu DOMAIN SID: S-1-5-21-1900679799-3721262086-4005390970 Importing WINS database Importing Account policy Importing idmap database Cannot open idmap database, Ignoring: [Errno 2] No such file or directory Adding groups Importing groups Group already exists sid=S-1-5-21-1900679799-3721262086-4005390970-512, groupname=Domain Admins existing_groupname=Domain Admins, Ignoring. Group already exists sid=S-1-5-21-1900679799-3721262086-4005390970-515, groupname=Domain Computers existing_groupname=Domain Computers, Ignoring. Group already exists sid=S-1-5-21-1900679799-3721262086-4005390970-514, groupname=Domain Guests existing_groupname=Domain Guests, Ignoring. Group already exists sid=S-1-5-21-1900679799-3721262086-4005390970-513, groupname=Domain Users existing_groupname=Domain Users, Ignoring. Group already exists sid=S-1-5-32-544, groupname=Administrators existing_groupname=Administrators, Ignoring. Group already exists sid=S-1-5-32-545, groupname=Users existing_groupname=Users, Ignoring. Committing 'add groups' transaction to disk Adding users Importing users User root has been kept in the directory, it should be removed in favour of the Administrator user Committing 'add users' transaction to disk Adding users to groups Committing 'add users to groups' transaction to disk Setting password for administrator Administrator password has been set to password of user 'root'
See inline comments On 18/03/16 20:11, Robert Moulton wrote:> Rowland penny wrote on 3/18/16 12:58 PM: >> On 18/03/16 19:27, Robert Moulton wrote: >>> Rowland penny wrote on 3/18/16 11:48 AM: >>>> On 18/03/16 18:19, Robert Moulton wrote: >>>>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed >>>>> something odd. When I run 'samba-tool fsmo show' I get an error: >>>>> >>>>> # samba-tool fsmo show >>>>> ERROR(ldb): uncaught exception - No such Base DN: >>>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>>> File >>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", >>>>> >>>>> >>>>> line 175, in _run >>>>> return self.run(*args, **kwargs) >>>>> File >>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>>> >>>>> line 395, in run >>>>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn) >>>>> File >>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>>> >>>>> line 40, in get_fsmo_roleowner >>>>> scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"]) >>>>> >>>>> And 'ldbsearch' verifies that DomainDnsZones is missing: >>>>> >>>>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb >>>>> '(fsmoroleowner=*)' | grep 'dn:' >>>>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>>> dn: DC=biostat,DC=washington,DC=edu >>>>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu >>>>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu >>>>> >>>>> What might explain this anomaly, and more importantly, what should be >>>>> done to address it? >>>>> >>>>> thanks, >>>>> -r >>>>> >>>> >>>> OK, as for how did you get to here, how was the domain provisioned ?? >>> >>> Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP >>> backend. >> >> I don't suppose you can remember the actual command you ran to upgrade ? > > I remember: > > samba-tool domain classicupgrade --dbdir=/var/tmp/dbdir/ > --use-xattrs=yes --realm=biostat.washington.edu > --dns-backend=BIND9_FLATFILE --option="interfaces=lo eth0" > --option="bind interfaces only=yes" /var/tmp/dbdir/smb.conf >And there is your problem, --dns-backend=BIND9_FLATFILE Flatfiles do not store their info in AD Please tell me that this domain is only a test domain and you can re-run the upgrade with '--dns-backend=BIND9_DLZ' or '--dns-backend=SAMBA_INTERNAL' Rowland> (output is appended below) > >> >>> >>>> You are actually missing two fsmo roleowners, your ldbsearch should >>>> return these as well as the other 5: >>>> >>>> dn: >>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>> dn: >>>> CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >>>> >>>> Do the 'DNs' exist ? >>>> >>>> try this: >>>> >>>> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >>>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>>> '(cn=Infrastructure)' >>>> >>>> Does it return anything ? >>>> >>> >>> uh-oh, no such base dn ... >>> >>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>> '(cn=Infrastructure)' >>> search error - No such Base DN: >>> DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>> >>>> Run it again, but replace 'DC=DomainDnsZones' with >>>> 'DC=ForestDnsZones', >>>> does this return anything ? >>> >>> ... and again: >>> >>> [root at porter ~]# ldbsearch --cross-ncs -H >>> /usr/local/samba/private/sam.ldb -b >>> 'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>> '(cn=Infrastructure)' >>> search error - No such Base DN: >>> DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >>> >>> should they be added with ldbadd? >> >> It is not as simple as that, You probably have a lot more missing. >> >> When you ran the upgrade command, did you cut and paste it from the wiki >> ? If so, you may have missed half the command line. I have just looked >> at the wiki page and altered it so it shows all the command. >> >> I have never been in this position, so I am unsure if you can add the >> DNS objects to AD and if you can, I do not know how. >> >> Rowland >>> >>>> If the objects exist, then you need to add the fsmo roleowners with >>>> ldbmodify >>>> >>>> You need to create an ldif >>>> >>>> dn: >>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>> changetype: modify >>>> add: fSMORoleOwner >>>> fSMORoleOwner: CN=NTDS >>>> Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>> >>>> >>>> >>>> >>>> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones >>>> >>>> Rowland >>>> >>>> >>>> >> >> > > # /usr/local/samba/bin/samba-tool domain classicupgrade > --dbdir=/var/tmp/dbdir/ --use-xattrs=yes > --realm=biostat.washington.edu --dns-backend=BIND9_FLATFILE > --option="interfaces=lo eth0" --option="bind interfaces only=yes" > /var/tmp/dbdir/smb.conf > Reading smb.conf > Provisioning > Exporting account policy > Exporting groups > Exporting users > Ignoring group memberships of 'root' > S-1-5-21-1900679799-3721262086-4005390970-1001: Unable to enumerate > group memberships, (-1073741596,This error indicates that the > requested operation cannot be completed due to a catastrophic media > failure or an on-disk data structure corruption.) > Skipping wellknown rid=500 (for username=Administrator) > Next rid = 23307 > Exporting posix attributes > Reading WINS database > Cannot open wins database, Ignoring: [Errno 2] No such file or > directory: '/var/tmp/dbdir/wins.dat' > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Adding DomainDN: DC=biostat,DC=washington,DC=edu > Adding configuration container > Setting up sam.ldb schema > Setting up sam.ldb configuration data > Setting up display specifiers > Modifying display specifiers > Adding users container > Modifying users container > Adding computers container > Modifying computers container > Setting up sam.ldb data > Setting up well known security principals > Setting up sam.ldb users and groups > Setting up self join > Setting acl on sysvol skipped > Adding DNS accounts > Creating CN=MicrosoftDNS,CN=System,DC=biostat,DC=washington,DC=edu > rndc: 'freeze' failed: not found > rndc: 'unfreeze' failed: not found > See /usr/local/samba/private/named.conf for an example configuration > include file for BIND > and /usr/local/samba/private/named.txt for further documentation > required for secure DNS updates > Setting up sam.ldb rootDSE marking as synchronized > Fixing provision GUIDs > A Kerberos configuration suitable for Samba 4 has been generated at > /usr/local/samba/private/krb5.conf > Setting up fake yp server settings > Once the above files are installed, your Samba4 server will be ready > to use > Server Role: active directory domain controller > Hostname: marzen > NetBIOS Domain: BIOSTAT > DNS Domain: biostat.washington.edu > DOMAIN SID: S-1-5-21-1900679799-3721262086-4005390970 > Importing WINS database > Importing Account policy > Importing idmap database > Cannot open idmap database, Ignoring: [Errno 2] No such file or directory > Adding groups > Importing groups > Group already exists > sid=S-1-5-21-1900679799-3721262086-4005390970-512, groupname=Domain > Admins existing_groupname=Domain Admins, Ignoring. > Group already exists > sid=S-1-5-21-1900679799-3721262086-4005390970-515, groupname=Domain > Computers existing_groupname=Domain Computers, Ignoring. > Group already exists > sid=S-1-5-21-1900679799-3721262086-4005390970-514, groupname=Domain > Guests existing_groupname=Domain Guests, Ignoring. > Group already exists > sid=S-1-5-21-1900679799-3721262086-4005390970-513, groupname=Domain > Users existing_groupname=Domain Users, Ignoring. > Group already exists sid=S-1-5-32-544, groupname=Administrators > existing_groupname=Administrators, Ignoring. > Group already exists sid=S-1-5-32-545, groupname=Users > existing_groupname=Users, Ignoring. > Committing 'add groups' transaction to disk > Adding users > Importing users > User root has been kept in the directory, it should be removed in > favour of the Administrator user > Committing 'add users' transaction to disk > Adding users to groups > Committing 'add users to groups' transaction to disk > Setting password for administrator > Administrator password has been set to password of user 'root'
Rowland penny wrote on 3/18/16 1:19 PM:> See inline comments > > > On 18/03/16 20:11, Robert Moulton wrote: >> Rowland penny wrote on 3/18/16 12:58 PM: >>> On 18/03/16 19:27, Robert Moulton wrote: >>>> Rowland penny wrote on 3/18/16 11:48 AM: >>>>> On 18/03/16 18:19, Robert Moulton wrote: >>>>>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed >>>>>> something odd. When I run 'samba-tool fsmo show' I get an error: >>>>>> >>>>>> # samba-tool fsmo show >>>>>> ERROR(ldb): uncaught exception - No such Base DN: >>>>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>>>> File >>>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", >>>>>> >>>>>> >>>>>> line 175, in _run >>>>>> return self.run(*args, **kwargs) >>>>>> File >>>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>>>> >>>>>> line 395, in run >>>>>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn) >>>>>> File >>>>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", >>>>>> >>>>>> line 40, in get_fsmo_roleowner >>>>>> scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"]) >>>>>> >>>>>> And 'ldbsearch' verifies that DomainDnsZones is missing: >>>>>> >>>>>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb >>>>>> '(fsmoroleowner=*)' | grep 'dn:' >>>>>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>>>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>>>> dn: DC=biostat,DC=washington,DC=edu >>>>>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu >>>>>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu >>>>>> >>>>>> What might explain this anomaly, and more importantly, what should be >>>>>> done to address it? >>>>>> >>>>>> thanks, >>>>>> -r >>>>>> >>>>> >>>>> OK, as for how did you get to here, how was the domain provisioned ?? >>>> >>>> Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP >>>> backend. >>> >>> I don't suppose you can remember the actual command you ran to upgrade ? >> >> I remember: >> >> samba-tool domain classicupgrade --dbdir=/var/tmp/dbdir/ >> --use-xattrs=yes --realm=biostat.washington.edu >> --dns-backend=BIND9_FLATFILE --option="interfaces=lo eth0" >> --option="bind interfaces only=yes" /var/tmp/dbdir/smb.conf >> > > And there is your problem, --dns-backend=BIND9_FLATFILE > > Flatfiles do not store their info in AD > > Please tell me that this domain is only a test domain and you can re-run > the upgrade with '--dns-backend=BIND9_DLZ' or > '--dns-backend=SAMBA_INTERNAL' > > RowlandIt's a production domain. We run our own DNS and tried BIND9_DLZ but our DNS setup is complicated enough that we ended up resorting to flatfile, manually updating our BIND zone files as needed. We know it isn't ideal but we haven't encountered any problems until now. Couldn't we simply add the missing DNs (along with corresponding DNS records, if necessary)?>> (output is appended below) >> >>> >>>> >>>>> You are actually missing two fsmo roleowners, your ldbsearch should >>>>> return these as well as the other 5: >>>>> >>>>> dn: >>>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>>> dn: >>>>> CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >>>>> >>>>> Do the 'DNs' exist ? >>>>> >>>>> try this: >>>>> >>>>> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >>>>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>>>> '(cn=Infrastructure)' >>>>> >>>>> Does it return anything ? >>>>> >>>> >>>> uh-oh, no such base dn ... >>>> >>>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b >>>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>>> '(cn=Infrastructure)' >>>> search error - No such Base DN: >>>> DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>> >>>>> Run it again, but replace 'DC=DomainDnsZones' with >>>>> 'DC=ForestDnsZones', >>>>> does this return anything ? >>>> >>>> ... and again: >>>> >>>> [root at porter ~]# ldbsearch --cross-ncs -H >>>> /usr/local/samba/private/sam.ldb -b >>>> 'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub >>>> '(cn=Infrastructure)' >>>> search error - No such Base DN: >>>> DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu >>>> >>>> should they be added with ldbadd? >>> >>> It is not as simple as that, You probably have a lot more missing. >>> >>> When you ran the upgrade command, did you cut and paste it from the wiki >>> ? If so, you may have missed half the command line. I have just looked >>> at the wiki page and altered it so it shows all the command. >>> >>> I have never been in this position, so I am unsure if you can add the >>> DNS objects to AD and if you can, I do not know how. >>> >>> Rowland >>>> >>>>> If the objects exist, then you need to add the fsmo roleowners with >>>>> ldbmodify >>>>> >>>>> You need to create an ldif >>>>> >>>>> dn: >>>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu >>>>> changetype: modify >>>>> add: fSMORoleOwner >>>>> fSMORoleOwner: CN=NTDS >>>>> Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu >>>>> >>>>> >>>>> >>>>> >>>>> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones >>>>> >>>>> Rowland >>>>> >>>>> >>>>> >>> >>> >> >> # /usr/local/samba/bin/samba-tool domain classicupgrade >> --dbdir=/var/tmp/dbdir/ --use-xattrs=yes >> --realm=biostat.washington.edu --dns-backend=BIND9_FLATFILE >> --option="interfaces=lo eth0" --option="bind interfaces only=yes" >> /var/tmp/dbdir/smb.conf >> Reading smb.conf >> Provisioning >> Exporting account policy >> Exporting groups >> Exporting users >> Ignoring group memberships of 'root' >> S-1-5-21-1900679799-3721262086-4005390970-1001: Unable to enumerate >> group memberships, (-1073741596,This error indicates that the >> requested operation cannot be completed due to a catastrophic media >> failure or an on-disk data structure corruption.) >> Skipping wellknown rid=500 (for username=Administrator) >> Next rid = 23307 >> Exporting posix attributes >> Reading WINS database >> Cannot open wins database, Ignoring: [Errno 2] No such file or >> directory: '/var/tmp/dbdir/wins.dat' >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up share.ldb >> Setting up secrets.ldb >> Setting up the registry >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> Adding DomainDN: DC=biostat,DC=washington,DC=edu >> Adding configuration container >> Setting up sam.ldb schema >> Setting up sam.ldb configuration data >> Setting up display specifiers >> Modifying display specifiers >> Adding users container >> Modifying users container >> Adding computers container >> Modifying computers container >> Setting up sam.ldb data >> Setting up well known security principals >> Setting up sam.ldb users and groups >> Setting up self join >> Setting acl on sysvol skipped >> Adding DNS accounts >> Creating CN=MicrosoftDNS,CN=System,DC=biostat,DC=washington,DC=edu >> rndc: 'freeze' failed: not found >> rndc: 'unfreeze' failed: not found >> See /usr/local/samba/private/named.conf for an example configuration >> include file for BIND >> and /usr/local/samba/private/named.txt for further documentation >> required for secure DNS updates >> Setting up sam.ldb rootDSE marking as synchronized >> Fixing provision GUIDs >> A Kerberos configuration suitable for Samba 4 has been generated at >> /usr/local/samba/private/krb5.conf >> Setting up fake yp server settings >> Once the above files are installed, your Samba4 server will be ready >> to use >> Server Role: active directory domain controller >> Hostname: marzen >> NetBIOS Domain: BIOSTAT >> DNS Domain: biostat.washington.edu >> DOMAIN SID: S-1-5-21-1900679799-3721262086-4005390970 >> Importing WINS database >> Importing Account policy >> Importing idmap database >> Cannot open idmap database, Ignoring: [Errno 2] No such file or directory >> Adding groups >> Importing groups >> Group already exists >> sid=S-1-5-21-1900679799-3721262086-4005390970-512, groupname=Domain >> Admins existing_groupname=Domain Admins, Ignoring. >> Group already exists >> sid=S-1-5-21-1900679799-3721262086-4005390970-515, groupname=Domain >> Computers existing_groupname=Domain Computers, Ignoring. >> Group already exists >> sid=S-1-5-21-1900679799-3721262086-4005390970-514, groupname=Domain >> Guests existing_groupname=Domain Guests, Ignoring. >> Group already exists >> sid=S-1-5-21-1900679799-3721262086-4005390970-513, groupname=Domain >> Users existing_groupname=Domain Users, Ignoring. >> Group already exists sid=S-1-5-32-544, groupname=Administrators >> existing_groupname=Administrators, Ignoring. >> Group already exists sid=S-1-5-32-545, groupname=Users >> existing_groupname=Users, Ignoring. >> Committing 'add groups' transaction to disk >> Adding users >> Importing users >> User root has been kept in the directory, it should be removed in >> favour of the Administrator user >> Committing 'add users' transaction to disk >> Adding users to groups >> Committing 'add users to groups' transaction to disk >> Setting password for administrator >> Administrator password has been set to password of user 'root' > >