Web lists-archives.com

Re: [Samba] DC Upgrade from 4.1.7 to 4.6.7





> -----Message d'origine-----
> De : samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] De la part de Rowland
> Penny via samba
> Envoyé : samedi 26 août 2017 12:00
> À : samba@xxxxxxxxxxxxxxx
> Objet : Re: [Samba] DC Upgrade from 4.1.7 to 4.6.7
> 
...

> On Sat, 26 Aug 2017 11:28:00 +0400
> > Hi,
> >
> > I have begun to add a new 4.6.7 DC  (following
> > Joining_a_Samba_DC_to_an_Existing_Active_Directory ). At the
> > Joining_the_Active_Directory_as_a_Domain_Controller step I got the
> > following error :
> >
> > [root@newdc samba]# samba-tool domain join my-domain.mycomp.fr DC
> > -U"MY-DOMAIN\administrator" Finding a writeable DC for domain
> > 'my-domain.mycomp.fr' Found DC dc1.my-domain.mycomp.fr Password
> for
> > [MY-DOMAIN\administrator]:
> > workgroup is MY-DOMAIN
> > realm is my-domain.mycomp.fr
> > Adding CN=NEWDC,OU=Domain Controllers,DC=my-
> domain,DC=mycomp,DC=fr
> > Adding
> > CN=NEWDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configurati
> > on,DC=my-domain,DC=mycomp,DC=fr
> > Adding CN=NTDS
> > Settings,CN=NEWDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Co
> > nfiguration,DC=my-domain,DC=mycomp,DC=fr
> > Adding SPNs to CN=NEWDC,OU=Domain
> > Controllers,DC=my-domain,DC=mycomp,DC=fr Setting account password
> for
> > NEWDC$ Enabling account Calling bare provision Looking up IPv4
> > addresses Looking up IPv6 addresses No IPv6 address will be assigned
> > Setting up share.ldb Setting up secrets.ldb Setting up the registry
> > Setting up the privileges database Setting up idmap db Setting up SAM
> > db Setting up sam.ldb partitions and settings Setting up sam.ldb
> > rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration
> > suitable for Samba AD has been generated at
> > /usr/local/samba/private/krb5.conf Provision OK for domain DN
> > DC=my-domain,DC=mycomp,DC=fr Starting replication
> > Schema-DN[CN=Schema,CN=Configuration,DC=my-
> domain,DC=mycomp,DC=fr]
> > objects[402/1550] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=my-
> domain,DC=mycomp,DC=fr]
> > objects[804/1550] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=my-
> domain,DC=mycomp,DC=fr]
> > objects[1206/1550] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=my-
> domain,DC=mycomp,DC=fr]
> > objects[1550/1550] linked_values[0/0] Analyze and apply schema objects
> > Partition[CN=Configuration,DC=my-domain,DC=mycomp,DC=fr]
> > objects[402/1624] linked_values[0/0]
> > Partition[CN=Configuration,DC=my-domain,DC=mycomp,DC=fr]
> > objects[804/1624] linked_values[0/0]
> > Partition[CN=Configuration,DC=my-domain,DC=mycomp,DC=fr]
> > objects[1206/1624] linked_values[0/0]
> > Partition[CN=Configuration,DC=my-domain,DC=mycomp,DC=fr]
> > objects[1608/1624] linked_values[0/0]
> > Partition[CN=Configuration,DC=my-domain,DC=mycomp,DC=fr]
> > objects[1624/1624] linked_values[38/0] Replicating critical objects
> > from the base DN of the domain Partition[DC=my-
> domain,DC=mycomp,DC=fr]
> > objects[97/97] linked_values[27/0]
> > Partition[DC=my-domain,DC=mycomp,DC=fr]
> > objects[499/1791] linked_values[0/0]
> > Partition[DC=my-domain,DC=mycomp,DC=fr] objects[901/1791]
> > linked_values[0/0] Partition[DC=my-domain,DC=mycomp,DC=fr]
> > objects[1303/1791] linked_values[0/0]
> > Partition[DC=my-domain,DC=mycomp,DC=fr] objects[1705/1791]
> > linked_values[0/0] Partition[DC=my-domain,DC=mycomp,DC=fr]
> > objects[1888/1791] linked_values[1190/0] Done with always replicated
> > NC (base, config, schema) Replicating
> > DC=DomainDnsZones,DC=my-domain,DC=mycomp,DC=fr Join failed -
> cleaning
> > up Deleted CN=NEWDC,OU=Domain Controllers,DC=my-
> domain,DC=mycomp,DC=fr
> > Deleted CN=NTDS
> > Settings,CN=NEWDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Co
> > nfiguration,DC=my-domain,DC=mycomp,DC=fr
> > Deleted
> > CN=NEWDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configurati
> > on,DC=my-domain,DC=mycomp,DC=fr
> > ERROR(runtime): uncaught exception - (8442,
> > 'WERR_DS_DRA_INTERNAL_ERROR') File
> > "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/__init__.
> > py", line 176, in _run return self.run(*args, **kwargs) File
> > "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/domain.py
> > ", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs,
> > dns_backend=dns_backend) File
> > "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> > 1269, in join_DC ctx.do_join() File
> > "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> > 1177, in do_join ctx.join_replicate() File
> > "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> > 918, in join_replicate replica_flags=ctx.replica_flags) File
> > "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py",
> > line 254, in replicate (level, ctr) =
> > self.drs.DsGetNCChanges(self.drs_handle, req_level, req) [root@newdc
> > samba]#
> >
> >
> > I recall that my olddc is samba 4.1.7 , here is its smb.conf :
> > [global]
> >         log level = 1
> >         max log size = 100000
> >         workgroup = MY-DOMAIN
> >         server string = Serveur MY-DOMAIN
> >         realm = MY-DOMAIN.MYCOMP.FR
> >         netbios name = DC1
> >         server role = active directory domain controller
> >         dns forwarder = 123.123.123.1
> >         idmap_ldb:use rfc2307 = yes
> >
> >         rpc_server:spoolss = external
> >         rpc_daemon:spoolssd = fork
> >
> >         load printers = no
> >
> > Is there an incompatibility between 4.6.7 and 4.1.7 ?
> >
> > Thanks in advance
> >
> > Henri
> >
> >
> 
> Not that I am aware, there have been a lot of changes between the versions,
> but the underlying database hasn't changed.
> Have you tried running 'samba-tool dbcheck' ?
> 
> Rowland

Hi Rowland,

Here is the output of samba-tool dbcheck : 
# samba-tool dbcheck
Checking 1791 objects
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DCIRAD-REUNION,DC%3DCIRAD,DC%3DFR.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=1115322096

ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DCIRAD-REUNION,DC%3DCIRAD,DC%3DFR.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=1115322096

Checked 1791 objects (0 errors)
# 

But, if I run 'samba-tool dbcheck --cross-ncs' (as suggested in Updating_Samba) : 

# samba-tool dbcheck --cross-ncs
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DCIRAD-REUNION,DC%3DCIRAD,DC%3DFR.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=1115322096

ERROR(ldb): uncaught exception - Indexed and full searches both failed!

  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dbcheck.py", line 136, in run
    controls=controls, attrs=attrs)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/dbchecker.py", line 123, in check_database
    res = self.samdb.search(base=DN, scope=scope, attrs=['dn'], controls=controls)
#


Henri 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba