samba - Sep 2019 - AD Schema Upgrade

Hi

 

I wonder if anyone can help.

 

I am trying to upgrade the schema version.  Current environment:

Two domain controllers both running samba 4.7.6 - Ubuntu package

Version: objectVersion: 44 (server 2008)

 

According to samba docs, 'samba-tool domain schemaupgrade' only works
from
2008 R2 version 47.  For earlier it says: 'the ldf files must be manually
sourced from the Windows adprep tool and run with the --ldf-file= option'

 

Any recommendations / suggestions on how to do that?  Right now there's no
windows DC on the network.

 

Thank you

> Em 9 de set de 2019, ?(s) 11:39, Max Serafini via samba <samba at
lists.samba.org> escreveu:
> 
> Hi
> 
> I wonder if anyone can help.
> 
> I am trying to upgrade the schema version.  Current environment:
> 
> Two domain controllers both running samba 4.7.6 - Ubuntu package
> 
> Version: objectVersion: 44 (server 2008)
> 
> According to samba docs, 'samba-tool domain schemaupgrade' only
works from
> 2008 R2 version 47.  For earlier it says: 'the ldf files must be
manually
> sourced from the Windows adprep tool and run with the --ldf-file=
option'
> 
> Any recommendations / suggestions on how to do that?  Right now there's
no
> windows DC on the network.
Hi Max!

Not a schema expert by any definition and not sure what you?re trying to
add/modify, but I do it using .ldif files with ldb-tools ('apt install
ldb-tools' if you don?t have it):

ldbadd -H /var/lib/samba/private/sam.ldb [filename].ldif
--option="dsdb:schema update allowed"=true
ldbmodify -H /var/lib/samba/private/sam.ldb mod [filename].ldif
--option="dsdb:schema update allowed?=true

I strongly recommend you test this on a same spec fresh/test DC before applying
on production and mandatory ?you should upgrade your samba? since 4.7 is EOL. :)

Hope it helps.

Andr??.

Not sure if this reply got anywhere.

Hi Andre

Thanks for your suggestion.
I thought the only way to upgrade was to use adpred form a Windows box. 
I'll definitely give it a go.

It would be nice to upgrade but that's the version that ships with 18.04 
lts.  The convenience of using a package manager.



-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Andre 
Kirchhoff via samba
Sent: Tuesday, September 10, 2019 10:35 AM
To: samba at lists.samba.org
Subject: Re: [Samba] AD Schema Upgrade

Hi Max!

Not a schema expert by any definition and not sure what you?re trying to 
add/modify, but I do it using .ldif files with ldb-tools ('apt install 
ldb-tools' if you don?t have it):

ldbadd -H /var/lib/samba/private/sam.ldb 
[filename].ldif --option="dsdb:schema update allowed"=true ldbmodify
-H
/var/lib/samba/private/sam.ldb mod [filename].ldif --option="dsdb:schema 
update allowed?=true

I strongly recommend you test this on a same spec fresh/test DC before 
applying on production and mandatory ?you should upgrade your samba? since 
4.7 is EOL. :)

Hope it helps.

Andr??.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba