[Samba] Undeletable objects in AD

Henry Jensen hjensen at mailbox.org
Wed Aug 1 12:06:44 UTC 2018 

On Wed, 25 Jul 2018 14:19:26 +1200
Andrew Bartlett via samba <samba at lists.samba.org> wrote:

> > Yes, the objects in question are displayed, one of them looks like this:
> > 
> > # record 46  
> > dn: CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan
> > cn:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > instanceType: 4
> > whenCreated: 20180720113100.0Z
> > uSNCreated: 5982
> > name:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtcnc=
> > objectGUID: ecbda919-4c16-4d06-9695-2540e35b44da
> > objectSid: S-1-5-21-4144324718-2848790307-3888702956-3897
> > sAMAccountName:: cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taXNjaGUtc
> >  nc=
> > sAMAccountType: 268435456
> > groupType: -2147483646
> > objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=iww,DC=lan
> > gidNumber: 1448
> > objectClass: top
> > objectClass: posixGroup
> > objectClass: group
> > msSFU30NisDomain: iww
> > whenChanged: 20180720113106.0Z
> > uSNChanged: 15576
> > distinguishedName:: Q049cHJvamVrdC1zdC53ZW5kZWwtd3Z3LXRlY2huaXNjaC3Dtmtvbm9taX
> >  NjaGUtcncsQ049VXNlcnMsREM9aXd3LERDPWxhbg==
> > 
> > However, "ldbdel -H /var/lib/samba/private/sam.ldb 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'" doesn't work, it says "entry does not exist"  
> 
> I suspect this is a case of one layer somewhere in the stack being
> unhappy.  Try turning up the debug level and see if you can get it to
> confess something more specific.


Not really:


root at dc1:~# ldbdel -v -d 10 -H /var/lib/samba/private/sam.ldb 'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Security token SIDs (1):
  SID[  0]: S-1-5-18
 Privileges (0xFFFFFFFFFFFFFFFF):
  Privilege[  0]: SeMachineAccountPrivilege
  Privilege[  1]: SeTakeOwnershipPrivilege
  Privilege[  2]: SeBackupPrivilege
  Privilege[  3]: SeRestorePrivilege
  Privilege[  4]: SeRemoteShutdownPrivilege
  Privilege[  5]: SePrintOperatorPrivilege
  Privilege[  6]: SeAddUsersPrivilege
  Privilege[  7]: SeDiskOperatorPrivilege
  Privilege[  8]: SeSecurityPrivilege
  Privilege[  9]: SeSystemtimePrivilege
  Privilege[ 10]: SeShutdownPrivilege
  Privilege[ 11]: SeDebugPrivilege
  Privilege[ 12]: SeSystemEnvironmentPrivilege
  Privilege[ 13]: SeSystemProfilePrivilege
  Privilege[ 14]: SeProfileSingleProcessPrivilege
  Privilege[ 15]: SeIncreaseBasePriorityPrivilege
  Privilege[ 16]: SeLoadDriverPrivilege
  Privilege[ 17]: SeCreatePagefilePrivilege
  Privilege[ 18]: SeIncreaseQuotaPrivilege
  Privilege[ 19]: SeChangeNotifyPrivilege
  Privilege[ 20]: SeUndockPrivilege
  Privilege[ 21]: SeManageVolumePrivilege
  Privilege[ 22]: SeImpersonatePrivilege
  Privilege[ 23]: SeCreateGlobalPrivilege
  Privilege[ 24]: SeEnableDelegationPrivilege
 Rights (0x               0):
Initial schema load needed, as we have no existing schema, seq_num: 3
schema_fsmo_init: we are master[yes] updates allowed[yes]
delete of
'CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan'
failed - (No such object) objectclass: Cannot delete
CN=projekt-st.wendel-wvw-technisch-ökonomische-rw,CN=Users,DC=iww,DC=lan,
entry does not exist!

Kind Regards,

Henry

More information about the samba mailing list