Samba 4.3.1, libldb-1.1.21 (as external library). smb.conf is removed, /var/lib/samba is contain only empty /var/lib/samba/sysvol # samba-tool domain provision Realm [OFFICE.ALTLINUX.RU]: office.alt Domain [office]: Server Role (dc, member, standalone) [dc]: DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE) [SAMBA_INTERNAL]: DNS forwarder IP address (write 'none' to disable forwarding) [10.4.0.1]: Administrator password: Retype password: Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema Adding DomainDN: DC=office,DC=alt Adding configuration container Setting up sam.ldb schema Setting up sam.ldb configuration data Setting up display specifiers Modifying display specifiers Adding users container Modifying users container Adding computers container Modifying computers container Setting up sam.ldb data Setting up well known security principals Setting up sam.ldb users and groups ERROR(ldb): uncaught exception - operations error at ../source4/dsdb/samdb/ldb_modules/password_hash.c:2241 File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 442, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2172, in provision skip_sysvolacl=skip_sysvolacl) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1795, in provision_fill next_rid=next_rid, dc_rid=dc_rid) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 1453, in fill_samdb "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le')) File "/usr/lib64/python2.7/site-packages/samba/provision/common.py", line 55, in setup_add_ldif ldb.add_ldif(data, controls) File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line 225, in add_ldif self.add(msg, controls)
I hope it will be useful: # ldbsearch \* -H /var/lib/samba/private/sam.ldb dsdb_get_schema: refresh_fn() failed schema_load_init: dsdb_get_schema failed module schema_load initialization failed : Operations error module rootdse initialization failed : Operations error module samba_dsdb initialization failed : Operations error Unable to load modules for /var/lib/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed Failed to connect to /var/lib/samba/private/sam.ldb - schema_load_init: dsdb_get_schema failed
ldbsearch with -d 255: Searching for dsServiceName in rootDSE failed: operations error at ../source4/dsdb/samdb/ldb_modules/rootdse.c:516 Failed to find our own NTDS Settings DN in the ldb! dsdb_get_schema: refresh_fn() failed
Created attachment 11593 [details] Build log with TDB_NO_FSYNC=1 make test Build package with make test.
Sorry, it's local misconfiguration in /etc/krb5.conf.
We need to backport: https://github.com/heimdal/heimdal/commit/fe43be85587f834266623adb0ecf2793d212a7ca
Created attachment 13809 [details] [PATCH 1/2] heimdal: add include/includedir directives for krb5.conf Backport incudedir support from Heimdal based on next commits: https://github.com/heimdal/heimdal/commit/fe43be85587f834266623adb0ecf2793d212a7ca https://github.com/heimdal/heimdal/commit/b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf
Created attachment 13810 [details] [PATCH 2/2] heimdal: fix CR comments on include/includedir Backport incudedir support from Heimdal based on next commits: https://github.com/heimdal/heimdal/commit/0259f1c44927ab8f5906212804693dec48c9a04a https://github.com/heimdal/heimdal/commit/31a00d664715fb4c7b90c1617a3b4c2580282d7b
(In reply to Andrew Bartlett from comment #5) Ok. I did it and tested in ALT Linux environment with Samba DC installation. Please, review it.
(In reply to Evgeny Sinelnikov from comment #8) Can you update the commit messages to indicate if these are simply cherry-picks or modified patches, and which patches they are cherry-picked from or modified from. This helps us when we update heimdal in Samba as we can show that the patches are already upstream and so can be overwritten.
(In reply to Andrew Bartlett from comment #9) Also for cherry-picked commits, please preserve the original authorship
Created attachment 13819 [details] [PATCH 1/2] heimdal: add include/includedir directives for krb5.conf
Created attachment 13820 [details] [PATCH 2/2] heimdal: fix CR comments on include/includedir
(In reply to Andrew Bartlett from comment #10) Sorry, I do not understand how to do this correctly.
Created attachment 14239 [details] Patches for 11573, cherry-picked from master This patch set applies to all recent Samba versions.
Comment on attachment 14239 [details] Patches for 11573, cherry-picked from master I have just seen smbd crashes with this patch. I'll fix this as soon as possible.
Created attachment 14246 [details] Fix for 11573, cherry-picked from master
*** Bug 12488 has been marked as a duplicate of this bug. ***
Pushed to autobuild-v4-[8,7]-test.
(In reply to Karolin Seeger from comment #18) Pushed to both branches. Closing out bug report. Thanks!