Fabio Fantoni
2023-Aug-28 10:43 UTC
[Samba] Crash on "samba-tool domain level raise --domain-level=2016 --forest-level=2016"
Il 25/08/2023 14:26, Rowland Penny via samba ha scritto:> On Fri, 25 Aug 2023 14:10:13 +0200 > Sebastian Neustein via samba <samba at lists.samba.org> wrote: > >> Have you tried doing it step by step: first raise domain level and >> after that raising the forest level? >> > An MR as been opened about this: > > https://gitlab.com/samba-team/samba/-/merge_requests/3237 > > Seems someone is reading the list. > > Rowland > >Thanks to Joseph Sutton for the fix, applied manually and tested, this issue is solved but now gave another error. This time I tried to raise to level 2012_R2 instead (for try to add of windows 2012R2 before):> samba-tool domain schemaupgrade --schema=2019 > samba-tool domain functionalprep --function-level=2012_R2these was without errors but the level raise still failed with another error:> samba-tool domain level raise --domain-level=2012_R2 > --forest-level=2012_R2 > ERROR: Domain function level can't be higher than the lowest function > level of a DC!also tried with only domain and only forest:> samba-tool domain level raise --domain-level=2012_R2 > ERROR: Domain function level can't be higher than the lowest function > level of a DC! > samba-tool domain level raise --forest-level=2012_R2 > ERROR: Forest function level can't be higher than the domain function > level(s). Please raise it/them first!the latest is normal the error FWIK but the first and second I don't understand the cause, is only one samba DC (this is where I'm running operations from) no error on db (I executed also before the raise test)> samba-tool dbcheck --cross-ncs > Checking 3993 objects > Checked 3993 objects (0 errors)here some conf files if needed:> less /etc/samba/smb.conf > # Global parameters > [global] > ??????? netbios name = D12DC > ??????? realm = M2R.LOCAL > ??????? server role = active directory domain controller > ??????? workgroup = M2R > ??????? dns forwarder = 8.8.8.8 > ??????? # for nextcloud > ??????? ldap server require strong auth = no > > [sysvol] > ??????? path = /var/lib/samba/sysvol > ??????? read only = No > > [netlogon] > ??????? path = /var/lib/samba/sysvol/m2r.local/scripts > ??????? read only = No > less /etc/resolv.conf > domain M2R.LOCAL > search M2R.LOCAL > nameserver 127.0.0.1 > nameserver 8.8.8.8 > less /etc/hosts > 127.0.0.1?????? localhost > 192.168.1.202?? d12dc.m2r.local d12dc > > # The following lines are desirable for IPv6 capable hosts > ::1???? localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > less /etc/krb5.conf > [libdefaults] > ??????? default_realm = M2R.LOCAL > ??????? dns_lookup_realm = false > ??????? dns_lookup_kdc = true > > [realms] > M2R.LOCAL = { > ??????? default_domain = m2r.local > } > > [domain_realm] > ??????? D12DC = M2R.LOCALtried also the FL 2016 and same issue> samba-tool domain functionalprep --function-level=2016 > Temporarily overriding 'dsdb:schema update allowed' setting > Skip Forest Update 11: 27a03717-5963-48fc-ba6f-69faa33e70ed > Skip Forest Update 54: 134428a8-0043-48a6-bcda-63310d9ec4dd > Skip Forest Update 79: 21ae657c-6649-43c4-bbb3-7f184fdf58c1 > Skip Forest Update 80: dca8f425-baae-47cd-b424-e3f6c76ed08b > Skip Forest Update 81: a662b036-dbbe-4166-b4ba-21abea17f9cc > Skip Forest Update 82: 9d17b863-18c3-497d-9bde-45ddb95fcb65 > Skip Forest Update 83: 11c39bed-4bee-45f5-b195-8da0e05b573a > Skip Forest Update 84: 4664e973-cb20-4def-b3d5-559d6fe123e0 > Skip Forest Update 85: 2972d92d-a07a-44ac-9cb0-bf243356f345 > Skip Forest Update 86: 09a49cb3-6c54-4b83-ab20-8370838ba149 > Skip Forest Update 87: 77283e65-ce02-4dc3-8c1e-bf99b22527c2 > Skip Forest Update 88: 0afb7f53-96bd-404b-a659-89e65c269420 > Skip Forest Update 89: c7f717ef-fdbe-4b4b-8dfc-fa8b839fbcfa > Skip Forest Update 90: 00232167-f3a4-43c6-b503-9acb7a81b01c > Skip Forest Update 91: 73a9515b-511c-44d2-822b-444a33d3bd33 > Skip Forest Update 92: e0c60003-2ed7-4fd3-8659-7655a7e79397 > Skip Forest Update 93: ed0c8cca-80ab-4b6b-ac5a-59b1d317e11f > Skip Forest Update 94: b6a6c19a-afc9-476b-8994-61f5b14b3f05 > Skip Forest Update 95: defc28cd-6cb6-4479-8bcb-aabfb41e9713 > Skip Forest Update 96: d6bd96d4-e66b-4a38-9c6b-e976ff58c56d > Skip Forest Update 97: bb8efc40-3090-4fa2-8a3f-7cd1d380e695 > Skip Forest Update 98: 2d6abe1b-4326-489e-920c-76d5337d2dc5 > Skip Forest Update 99: 6b13dfb5-cecc-4fb8-b28d-0505cea24175 > Skip Forest Update 100: 92e73422-c68b-46c9-b0d5-b55f9c741410 > Skip Forest Update 101: c0ad80b4-8e84-4cc4-9163-2f84649bcc42 > Skip Forest Update 102: 992fe1d0-6591-4f24-a163-c820fcb7f308 > Skip Forest Update 103: ede85f96-7061-47bf-b11b-0c0d999595b5 > Skip Forest Update 104: ee0f3271-eb51-414a-bdac-8f9ba6397a39 > Skip Forest Update 105: 587d52e0-507e-440e-9d67-e6129f33bb68 > Skip Forest Update 106: ce24f0f6-237e-43d6-ac04-1e918ab04aac > Skip Forest Update 107: 7f77d431-dd6a-434f-ae4d-ce82928e498f > Skip Forest Update 108: ba14e1f6-7cd1-4739-804f-57d0ea74edf4 > Skip Forest Update 109: 156ffa2a-e07c-46fb-a5c4-fbd84a4e5cce > Skip Forest Update 110: 7771d7dd-2231-4470-aa74-84a6f56fc3b6 > Skip Forest Update 111: 49b2ae86-839a-4ea0-81fe-9171c1b98e83 > Skip Forest Update 112: 1b1de989-57ec-4e96-b933-8279a8119da4 > Skip Forest Update 113: 281c63f0-2c9a-4cce-9256-a238c23c0db9 > Skip Forest Update 114: 4c47881a-f15a-4f6c-9f49-2742f7a11f4b > Skip Forest Update 115: 2aea2dc6-d1d3-4f0c-9994-66c1da21de0f > Skip Forest Update 116: ae78240c-43b9-499e-ae65-2b6e0f0e202a > Skip Forest Update 117: 261b5bba-3438-4d5c-a3e9-7b871e5f57f0 > Skip Forest Update 118: 3fb79c05-8ea1-438c-8c7a-81f213aa61c2 > Skip Forest Update 119: 0b2be39a-d463-4c23-8290-32186759d3b1 > Skip Forest Update 120: f0842b44-bc03-46a1-a860-006e8527fccd > Skip Forest Update 121: 93efec15-4dd9-4850-bc86-a1f2c8e2ebb9 > Skip Forest Update 122: 9e108d96-672f-40f0-b6bd-69ee1f0b7ac4 > Skip Forest Update 123: 1e269508-f862-4c4a-b01f-420d26c4ff8c > Skip Forest Update 125: e1ab17ed-5efb-4691-ad2d-0424592c5755 > Skip Forest Update 126: 0e848bd4-7c70-48f2-b8fc-00fbaa82e360 > Skip Forest Update 127: 016f23f7-077d-41fa-a356-de7cfdb01797 > Skip Forest Update 128: 49c140db-2de3-44c2-a99a-bab2e6d2ba81 > Skip Forest Update 129: e0b11c80-62c5-47f7-ad0d-3734a71b8312 > Skip Forest Update 130: 2ada1a2d-b02f-4731-b4fe-59f955e24f71 > Skip Forest Update 131: b83818c1-01a6-4f39-91b7-a3bb581c3ae3 > Skip Forest Update 132: bbbb9db0-4009-4368-8c40-6674e980d3c3 > Skip Forest Update 133: f754861c-3692-4a7b-b2c2-d0fa28ed0b0b > Skip Forest Update 134: d32f499f-3026-4af0-a5bd-13fe5a331bd2 > Skip Forest Update 135: 38618886-98ee-4e42-8cf1-d9a2cd9edf8b > Applied Forest Update 136: 328092fb-16e7-4453-9ab8-7592db56e9c4 > Applied Forest Update 137: 3a1c887f-df0a-489f-b3f2-2d0409095f6e > Applied Forest Update 138: 232e831f-f988-4444-8e3e-8a352e2fd411 > Applied Forest Update 139: ddddcf0c-bec9-4a5a-ae86-3cfe6cc6e110 > Applied Forest Update 140: a0a45aac-5550-42df-bb6a-3cc5c46b52f2 > Applied Forest Update 141: 3e7645f3-3ea5-4567-b35a-87630449c70c > Applied Forest Update 142: e634067b-e2c4-4d79-b6e8-73c619324d5e > Skip Domain Update 75: 5e1574f6-55df-493e-a671-aaeffca6a100 > Skip Domain Update 76: d262aae8-41f7-48ed-9f35-56bbb677573d > Skip Domain Update 77: 82112ba0-7e4c-4a44-89d9-d46c9612bf91 > Skip Domain Update 78: c3c927a6-cc1d-47c0-966b-be8f9b63d991 > Skip Domain Update 79: 54afcfb9-637a-4251-9f47-4d50e7021211 > Skip Domain Update 80: f4728883-84dd-483c-9897-274f2ebcf11e > Skip Domain Update 81: ff4f9d27-7157-4cb0-80a9-5d6f2b14c8ff > Applied Domain Update 82: 83c53da7-427e-47a4-a07a-a324598b88f7 > Applied Domain Update 83: c81fc9cc-0130-4fd1-b272-634d74818133 > Applied Domain Update 84: e5f9e791-d96d-4fc9-93c9-d53e1dc439ba > Applied Domain Update 85: e6d5fd00-385d-4e65-b02d-9da3493ed850 > Applied Domain Update 86: 3a6b3fbf-3168-4312-a10d-dd5b3393952d > Applied Domain Update 87: 7f950403-0ab3-47f9-9730-5d7b0269f9bd > Applied Domain Update 88: 434bb40d-dbc9-4fe7-81d4-d57229f7b080 > Applied Domain Update 89: a0c238ba-9e30-4ee6-80a6-43f731e9a5cd > samba-tool domain level raise --domain-level=2016 --forest-level=2016 > ERROR: Domain function level can't be higher than the lowest function > level of a DC!if you need more informations tell me and I'll post them thanks for any reply and sorry for my bad english -- Questa email ? stata esaminata alla ricerca di virus dal software antivirus Avast. www.avast.com
Rowland Penny
2023-Aug-28 10:57 UTC
[Samba] Crash on "samba-tool domain level raise --domain-level=2016 --forest-level=2016"
On Mon, 28 Aug 2023 12:43:24 +0200 Fabio Fantoni <fabio.fantoni at m2r.biz> wrote:> here some conf files if needed:> > less /etc/resolv.conf > > domain M2R.LOCAL > > search M2R.LOCAL > > nameserver 127.0.0.1 > > nameserver 8.8.8.8Just some comments on your resolv.conf: domain and search are mutually exclusive, last one wins, you only need 'search' you should use the DCs ipaddress, not 127.0.0.1 , so the correct first nameserver line should be: nameserver 192.168.1.202 I hope that '.local' is just sanitisation for the correct TLD, if it really is '.local', then I suggest you turn off Bonjour and Avahi everywhere on your network, '.local' is reserved for mdns. Rowland
Andrew Bartlett
2023-Aug-28 19:33 UTC
[Samba] Crash on "samba-tool domain level raise --domain-level=2016 --forest-level=2016"
On Mon, 2023-08-28 at 12:43 +0200, Fabio Fantoni via samba wrote:> Il 25/08/2023 14:26, Rowland Penny via samba ha scritto: > > On Fri, 25 Aug 2023 14:10:13 +0200 > > Sebastian Neustein via samba < > > samba at lists.samba.org > > > wrote: > > > > > Have you tried doing it step by step: first raise domain level > > > and > > > after that raising the forest level? > > > > > > > An MR as been opened about this: > > > > https://gitlab.com/samba-team/samba/-/merge_requests/3237 > > > > > > Seems someone is reading the list. > > > > Rowland > > > > > > Thanks to Joseph Sutton for the fix, applied manually and tested, > this > issue is solved but now gave another error. > > This time I tried to raise to level 2012_R2 instead (for try to add > of > windows 2012R2 before): > > > samba-tool domain schemaupgrade --schema=2019 > > samba-tool domain functionalprep --function-level=2012_R2 > > these was without errors but the level raise still failed with > another > error: > > > samba-tool domain level raise --domain-level=2012_R2 > > --forest-level=2012_R2 > > ERROR: Domain function level can't be higher than the lowest > > function > > level of a DC! > > also tried with only domain and only forest: > > > samba-tool domain level raise --domain-level=2012_R2 > > ERROR: Domain function level can't be higher than the lowest > > function > > level of a DC! > > samba-tool domain level raise --forest-level=2012_R2 > > ERROR: Forest function level can't be higher than the domain > > function > > level(s). Please raise it/them first! > > the latest is normal the error FWIK but the first and second I don't > understand the cause, is only one samba DC (this is where I'm > running > operations from)Samba doesn?t "support" a FL higher than 2008R2, even in Samba 4.19, but there is a preview of Windows 2012, 2012R2 and 2016 support in this release. As per the WHATSNEW, you need to set "ad dc functional level = 2012_R2" in the smb.conf of each DC, and on the next startup (or running this command) it will update the record of the DC's own functional level in the database, and allow this to proceed.> no error on db (I executed also before the raise test) > > > samba-tool dbcheck --cross-ncs > > Checking 3993 objects > > Checked 3993 objects (0 errors) > > here some conf files if needed:Thanks. This shows the parameter isn't set.> > less /etc/samba/smb.conf > > # Global parameters > > [global] > > netbios name = D12DC > > realm = M2R.LOCAL > > server role = active directory domain controller > > workgroup = M2R > > dns forwarder = 8.8.8.8 > > # for nextcloud > > ldap server require strong auth = no > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > [netlogon] > > path = /var/lib/samba/sysvol/m2r.local/scripts > > read only = NoThanks so much for giving Samba pre-releases a good test. It is clear our tools could better report their errors and guide users on how to resolve the issues. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions