[Samba] Fixing well-known-acls :was: Best upgrade path from 4.0.0rc5 to 4.1.4

James B. Byrne byrnejb at harte-lyne.ca
Mon Feb 10 10:35:41 MST 2014 

On Sun, February 9, 2014 17:25, Andrew Bartlett wrote:
> On Sat, 2014-02-08 at 20:20 +0100, Marc Muehlfeld wrote:
>> Hello Brian,
>>
>> Am 05.02.2014 19:42, schrieb Brian C. Huffman:
>> > I have a Samba 4 server that is currently running Samba 4.0.0-rc5. It
>> > looks like the initial install was 4.0.0alpha20 and then upgraded to rc5.
>> >
>> > I'm currently using bind_dlz for for my DNS.
>> >
>> > What's the cleanest way to upgrade to a 4.1.4 install while retaining my
>> > data?
>>
>> As there were some fixes for directory and SysVol ACLs after 4.0 final,
>
> There were also issues after 4.0, so even more reason to reset those
> ACLs.
>
>> I would suggest:
>
> Very close, some small changes:
>
> 1.) Backup!
> 2.) Compile the latest version and install over the old one.
> 3.) # samba-tool dbcheck --cross-ncs --reset-well-known-acls
> 3a.) # samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
> 4.) # samba-tool ntacl sysvolreset
> 5.) # samba-tool dbcheck --cross-ncs --fix
> 6.) Testing. :-)
>
> Thanks!
>

i86_64
CentOS-6.5
Samba-4.1.4-7 (sernet)

Windows DC runs MS-Win2k Advanced Server

We are attempting to replace our old AD-DC with at least two virtualised Samba
servers.  Following the promotion of the first Samba based host to DC I have
had several unexplained errors of indeterminable origin.   Following this
thread I applied the commands up to 3.1 to the new Samba DC.  This corrected a
large number of inconsistencies but not all. At this point I see this when I
run "samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix":


Checking 2605 objects
ERROR: missing GUID component for wellKnownObjects in object
CN=Configuration,DC=brockley,DC=harte-lyne,DC=ca -
B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,CN=Configuration,DC=brockley,DC=harte-lyne,DC=ca
unable to find object for DN
CN=LostAndFound,CN=Configuration,DC=brockley,DC=harte-lyne,DC=ca - (No such
Base DN: CN=LostAndFound,CN=Configuration,DC=brockley,DC=harte-lyne,DC=ca)
Not removing dangling forward link
ERROR: orphaned backlink attribute 'memberOf' in CN=Moodie\,
Robert,CN=Users,DC=brockley,DC=harte-lyne,DC=ca for link member in CN=Domain
Users,CN=Users,DC=brockley,DC=harte-lyne,DC=ca
Remove orphaned backlink member [y/N/all/none] all
PANIC: assert failed at
../source4/dsdb/samdb/ldb_modules/linked_attributes.c(544):
(schema_attr->linkID & 1) == 0
PANIC: assert failed: (schema_attr->linkID & 1) == 0
Aborted

Can someone explain to me what these errors are, what they mean and how they
are best resolved?

Sincerely,

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the samba mailing list