[Samba] Samba Join as DC failed

Donaldson Jeff Jeff.Donaldson at ncs.k12.de.us
Thu Oct 17 06:50:50 MDT 2013 

Attempted to join domain via

./bin/samba-tool domain join ncs.k12.de.us<http://ncs.k12.de.us> DC -Uadministrator --realm=ncs.k12.de.us<http://ncs.k12.de.us>

But this failed with

Committing SAM database
Failed to apply linked attribute change 'attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0'
dn: <GUID=4d560497-5f00-4d97-96a0-47ae1799ba92>;<SID=S-1-5-21-276688905-1455118844-2751846679-67110292>;CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us

Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1169, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1074, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 848, in join_replicate
    ctx.local_samdb.transaction_commit()

As suggestion found here https://irclog.samba.org/2013/09/20130908-Sun.log:  is to use

ldbedit -H /usr/local/samba/private/sam.ldb --show-deleted '(isDeleted=*)'

to manually delete all the accounts with this attribute. When doing this I should stop samba on all DCs and then edit the local sam.ldb on each. Then restart samba on the DC and re-try joining the domain after deleting all files /usr/local/samba/private on the DC I am attempting to join to the domain as a DC?

Also saw on Samba list Nikos Mita had similar issue. It was suggested to try using samba-tool dbcheck -fix. Should I try this first? I'm just concerned whether this would complete or not. I have 94,443 records and this server only has 8GB of memory.

I want to make certain I get the sequence correct.

Also, before doing any of the above, I will make a copy of the private directories on the DC just in case ...

Any help is appreciated. Thanks!

Regards,
Jeff

Jeff Donaldson
Technology Director
Newark Charter School
jeff.donaldson at ncs.k12.de.us
(302) 369-2001 ext: 425

More information about the samba mailing list