After wagon upgrade to OES2018SP1, DSfW becomes non-functional

  • Document ID:7023765
  • Creation Date:11-Mar-2019
  • Modified Date:18-Apr-2019
    • Micro Focus Products:
      Open Enterprise Server

Environment

Open Enterprise Server 2018 SP1(OES 2018 SP1) Linux
Domain Services for Windows (DSfW)

Situation

Performed Channel Upgrade from OES 2018 to OES 2018 SP1 Via Wagon, according to official documentation: https://www.novell.com/documentation/open-enterprise-server-2018/inst_oes_lx/data/b11mrzf5.html#b11mrzf6. Ensured that all steps were followed.

Now, domain services seem to be non-functional. Unable to authenticate to the domain, unable to join a workstation to the domain, and wbinfo commands are unable to find the domain.

/etc/samba/smb.conf shows a default SLES samba configuration - all DSfW-specific configuration information is missing.

Resolution

Locate a backup copy of your original "/etc/samba/smb.conf" file. It must include the domain-specific configuration information. Please see the 'Additional Information' section for more details.

Move the existing file "/etc/samba/smb.conf.oes2018-upgrade-save" to a different location, such as "/tmp". Then, move and rename your original "smb.conf" file to "/etc/samba/smb.conf.oes2018-upgrade-save".

Last, execute "/opt/novell/xad/sbin/upgrade_dsfw.pl", which will apply the smb.conf changes. The domain services should be functional again once this completes.

Cause

Under investigation.

Status

Reported to Engineering

Additional Information

Default SLES smb.conf (if yours looks like this, follow the steps in the resolution section above):

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
    workgroup = WORKGROUP
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700
[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
[groups]
    comment = All groups
    path = /home/groups
    read only = No
    inherit acls = Yes
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

An example of a DSfW OES smb.conf file:

#
# Samba configuration file for Domain Services for Windows
#
[global]
    unix extensions = no
    workgroup = MYLAB
    printing = cups
    printcap name = cups
    printcap cache time = 0
    cups options = raw
    map to guest = Never
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
    netbios name = DSFW1
    realm = my.lab
    auth methods = guest winbind
    server string = Novell Open Enterprise Server
    security = ads
    encrypt passwords = Yes
    socket options = TCP_NODELAY
    local master = Yes
    os level = 64
    domain master = Yes
    preferred master = Yes
    domain logons = Yes
    idmap config  : backend = ad
    idmap config  : range = 1 - 4294967295
    idmap uid = 1-4294967295
    idmap gid = 1-4294967295
    pid directory = /var/run/samba
    kerberos method = system keytab
    winbind use default domain = Yes
    winbind nss info = rfc2307
    dce funnel directory = /var/opt/novell/xad/rpc
    load printers = No
    template shell = /bin/bash
    server signing = auto
    np : proxy = samr lsarpc netlogon
    external_rpc_pipe : socket_dir = /var/opt/novell/xad/rpc/PIPE
    send spnego principal = Yes
    client use spnego principal = Yes
    cifs instanceless spn = Yes
    dce_funnel_winbind : socket = /var/opt/novell/xad/rpc/xadsd
    winbind max clients = 2000
    winbind cache time = 3600
    name cache timeout = 3600
    winbind max domain connections = 5
    winbind sealed pipes = false

[netlogon]
    comment = Network Logon Service
    path = /var/opt/novell/xad/sysvol/sysvol/my.lab/scripts
    writable = yes
    share modes = No
    nt acl support = Yes

[sysvol]
    wide links = yes
    comment = Group Policies
    path = /var/opt/novell/xad/sysvol/sysvol
    writable = Yes
    share modes = No
    nt acl support = No
    directory mask = 0750

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
    nt acl support = No

[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700
    nt acl support = No