Thanks for getting back to me. Sadly I've not had the time today to
attempt the reproduction.
Can you, just to save me time, double-check if this happens on a server
with the Samba 4.20 being a just from-our-tarball Samba and show the
logs that gives?
Thanks,
Andrew Bartlett
On Wed, 2024-04-10 at 10:04 +0000, Tom?? Havl?n via samba
wrote:> HelloI will try give you best answer what I can.
> - alma linux 9, fresh installation, for testing only in virtualbox-
> packages from Sernet, installad via YUM from oficial repo- installed
> version 4.18 (same on original linux)- moved backup from original
> server, /var/lib/samba + /etc/krb, /etc/default/samba, /etc/samba-
> original domain created if I remember on 4.15 or 4.16, then schema
> upgrade to 2012, on 4.18- upgraded to version 4.20
>
> thank youTHAV
>
> ------ P?vodn? zpr?va ------Od "Andrew Bartlett via samba" <
> samba at lists.samba.org>Komu "Tom?? Havl?n" <thavlin at
spel.cz>; "Tom??
> Havl?n via samba" <samba at lists.samba.org>Datum 10.04.2024
> 10:54:55P?edm?t Re: [Samba] SAMBA 4.20 - function level upgrade
> > Thanks for the extra details. I do intend to dig into this for
> > you, itis very strange, but to do that I need some more details:Can
> > I get (again, if I've missed it) a history of this domain
> > (whatversion did you start with, what schema upgrades have happened
> > in thepast) so I can try and reproduce?Also, can you confirm where
> > you got your Samba package, if there areany other bits of any Samba
> > version on your system, and the details forthe sources of that
> > package.The reason I ask is that things in the logs just don't
line
> > up withwhat I see in the git tag.For example, not only do the
> > resolve_oids.c references look odd, I justcan't see how Samba
> > 4.20.0 can print this line:dsdb_schema_set_el_from_ldb_msg_dups()
> > WERR_INVALID_PARAMETERThanks,Andrew BartlettOn Tue, 2024-04-09 at
> > 08:05 +0000, Tom?? Havl?n wrote:
> > > Hello, samba-tool domain level showForest function level:
> > > (Windows) 2012 R2 Domain function level: (Windows) 2012 R2 Lowest
> > > function level of a DC: (Windows) 2016
> > > samba 4.20.0-2 smb.confad dc functional level = 2016
> > >
https://wiki.samba.org/index.php/Samba_Features_added/changed#NEW_FEATURES/CHANGESsection
> > > AD DC support for Authentication Silos and Authentication
> > > Policies direcly copied from console[root at vorvan ~]#
samba-tool
> > > domain schemaupgrade --schema=2019 Temporarily overriding
> > > 'dsdb:schema update allowed' setting Applying Sch70.ldf
> > > updates... Unable to find attribute msDS-DeviceMDMStatus in the
> > > schema 5 changes applied Applying Sch71.ldf updates... 7 changes
> > > applied Applying Sch72.ldf updates... 5 changes applied Applying
> > > Sch73.ldf updates... 5 changes applied Applying Sch74.ldf
> > > updates... ../../source4/dsdb/schema/schema_init.c:816: name
=> > > NULL in CN=ms- DS-Key-
> > > Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
> > > dsdb_schema_set_el_from_ldb_msg_dups() WERR_INVALID_PARAMETER
> > > Exception: (1, 'operations error at
> > > ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
> > > Encountered while trying to apply the following LDIF ------------
> > > ---------------------------------------- dn: CN=ms-DS-Key-
> > > Credential,CN=Schema,CN=Configuration,DC=raisa,DC=intra
> > > changetype: add objectClass: classSchema ldapDisplayName: msDS-
> > > KeyCredential adminDisplayName: msDS-KeyCredential
> > > adminDescription: An instance of this class contains key
> > > material. governsId: 1.2.840.113556.1.5.297 objectClassCategory:
> > > 1 rdnAttId: cn schemaIdGuid:: Q1Uf7i58akeLP+EfSvbEmA=> >
> defaultSecurityDescriptor:
> > > D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;EA)(A;;RPWPCRCCDCLCLORCWOW
> > > DSDD TSW;;;SY) defaultHidingValue: FALSE showInAdvancedViewOnly:
> > > TRUE systemOnly: FALSE systemFlags: 16 instanceType: 4
> > > subClassOf: top systemPossSuperiors: container systemMustContain:
> > > 1.2.840.113556.1.4.2315 systemMayContain: msDS-KeyMaterial
> > > systemMayContain: msDS-KeyUsage systemMayContain: msDS-
> > > KeyPrincipal systemMayContain: msDS-DeviceDN systemMayContain:
> > > msDS-ComputerSID systemMayContain: msDS-CustomKeyInformation
> > > systemMayContain: msDS-KeyApproximateLastLogonTimeStamp
> > > Exception: (1, 'operations error at
> > > ../../source4/dsdb/samdb/ldb_modules/resolve_oids.c:674')
Error
> > > encountered, aborting schema upgrade ERROR: Failed to upgrade
> > > schema
> > > thank youTHAV
> > >
> > >
> > >
> > >
> > > ------ P?vodn? zpr?va ------
> > > Od "Andrew Bartlett" <abartlet at samba.org>
> > > Komu "Tom?? Havl?n" <thavlin at spel.cz>;
"Tom?? Havl?n via samba"
> > > <samba at lists.samba.org>
> > > Datum 09.04.2024 9:45:00
> > > P?edm?t Re: Re[2]: [Samba] SAMBA 4.20 - function level upgrade
> > > > On Mon, 2024-04-08 at 08:03 +0000, Tom?? Havl?n wrote: >
>
> > > Hello, > > I am sorry for my answer. I have already
upgraded
> > > level domain > > and > > forest level 2012_R2 and
function level
> > > to 2016 via ad dc > > functional > > level = 2016.
Then I tried
> > > to follow instructions from wiki to > > upgrade > >
to version of
> > > funtion level to 2016, but schema upgrade ends with > >
error > >
> > > > > > > Exception: (1, 'operations error at >
>
> > > ../../source4/dsdb/samba/ldb_modules/resolve_oids.c:674')
> >
> > > Error encountered, aborting schema upgrade > > ERROR:
Failed to
> > > upgrade schema > > Was this text copied directly from your
> > > failing host? I ask > cecause someone has 'spell
corrected'
> > > samdb -> samba in that path, > and line 674 is empty in the
Samba
> > > 4.20.0 released sources. > > Can you please confirm the
exact
> > > command given and the version of > Samba you are running where
> > > you see this failure? > > Thanks, > > Andrew Bartlett
> > -- >
> > > Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba
> > > > Team Member (since 2001) https://samba.orgSamba Team >
Lead >
> > > https://catalyst.net.nz/services/sambaCatalyst.Net Ltd >
Proudly
> > > developing Samba for Catalyst.Net Ltd - a Catalyst IT group >
> > > company > Samba Development and Support: >
> > > https://catalyst.net.nz/services/samba
> > > > Catalyst IT - Expert Open Source Solutions
> > --Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba
> > Team Member (since 2001) https://samba.orgSamba Team
> > Lead
> > https://catalyst.net.nz/services/sambaCatalyst.Net LtdProudly
> > developing Samba for Catalyst.Net Ltd - a Catalyst IT
> > groupcompanySamba Development and Support:
> > https://catalyst.net.nz/services/samba
> > Catalyst IT - Expert Open Source Solutions--To unsubscribe from
> > this list go to the following URL and read theinstructions:
> > https://lists.samba.org/mailman/options/samba
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead https://catalyst.net.nz/services/samba
Catalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions