Web lists-archives.com

Re: [Samba] Schema extension




Am 21.11.2018 10:22, schrieb Rowland Penny via samba:
On Wed, 21 Nov 2018 10:06:06 +0100
Stefan Kania via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

we have a single DC after a clssicupgrade and we need to extend the
schema. So we created a attrib.ldif with all our attributes and a
object.ldif to add the attributes to the "CN=User" Object. We tested
the two ldif-files on a DC with only a few users and groups and it
works fine. Then we did the classicupgrade (same NC as the
test-system) we have more then 30.000 users after the classicupgrade.
Then we did the schema extension with the same ldif-files. During the
process the DB was reindexed. Then wie looked at a user in the
"attribute editor" in ADUC of one of the users. We can't see the
additional attributes. We reindexed the DB and got the following
messages: ---------------
root@addc01:~# samba-tool dbcheck --reindex
Re-indexing...
Reindexing: re-keyed 10000 records so far
Reindexing: re-keyed 20000 records so far
Reindexing: re-keyed 30000 records so far
Reindexing: re-indexed 10000 records so far
Reindexing: re-indexed 20000 records so far
Reindexing: re-indexed 30000 records so far
Reindexing: re_index successful on
/var/lib/samba/private/sam.ldb.d/DC=EXAMPLE,DC=DE.ldb, final index
write-out will be in transaction commit
completed re-index OK----
-------------
It looks like the reindexing was working, but we still can't use the
attributes. Can it be that it takes a long time because of the 30.000
Users.


Have you tried an ldap search on a user to rule out an ADUC problem ?
What are the attributes for ?

Rowland

 Hi Rowland,

the problem WAS the ADUC! The first try to put the attributes into the new AD failed, so we reseted the VM (the win10 client with ADUC was still in the domain). We fixed the problem in the ldif and rerun the schema extension. We did not see the attributes in ADUC, so we changed the new attributes via a ldif-file to on of pur users,this worked fine. We then removed the profile from the domain-admin from the windows 10 maschine, logged in with a new profile and everything was fine. So the problem is, that the ADUC safes the schema-settings inside the profile of the user who accesses the AD. As far as we figured out it is not possible to get the new information into the ADUC, only if you delete the profile of the user. THAT SU...

Your hint with the ADUC send us on the right track

Thank you

Stefan

--
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba