Need urgent help with samba4 DC re-join

Andrew Bartlett abartlet at samba.org
Wed Aug 22 05:36:13 MDT 2012 

On Wed, 2012-08-01 at 20:28 +0200, Andreas Oster wrote:
> Am 01.08.2012 15:34, schrieb Andrew Bartlett:
> > On Wed, 2012-08-01 at 23:28 +1000, Andrew Bartlett wrote:
> >> On Wed, 2012-08-01 at 13:30 +0200, Andreas Oster wrote:
> >>> Am 18.07.2012 08:03, schrieb Andrew Bartlett:
> >>>> On Wed, 2012-07-18 at 07:10 +0200, Andreas Oster wrote:
> >>>>
> >>>>> Hello Andrew,
> >>>>>
> >>>>> unfortunately dbcheck did not work. The following error messages showed up:
> >>>>>
> >>>>> ERROR: wrong instanceType 11 on DC=DomainDnsZones,DC=novanetwork,DC=loc,
> >>>>> should be 13
> >>>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
> >>>>> 'dbcheck' object has no attribute 'modify_instancetype'
> >>>>>   File
> >>>>
> >>>> Thanks.  I've updated my branch with what I hope will be a fix.  This
> >>>> time I've modified a local DB to replicate your error condition, and
> >>>> confirmed it all works.
> >>>>
> >>>> However, it will only allow the instanceType to be changed, the
> >>>> objectClass can't be fixed yet.  But if you can confirm what I have so
> >>>> far works for you, I'll see what I can do about the rest.
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Andrew Bartlett
> >>>>
> >>> Hello Andrew,
> >>>
> >>> any news regarding adding some code to dbcheck to fix the objectClass
> >>> issue in my samba4 setup ?
> >>>
> >>> Thank you very much.
> >>
> >> You have been incredibly patient over the past more than a month on this
> >> issue.  I've not had a chance to look into this properly.  
> >>
> >> As to getting your specific database out of this specific situation,
> >> this might work (on a backup!):
> >>
> >> Run (change for your domain):
> >>
> >>  ldbedit -H
> >> private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb -s
> >> base -b DC=DomainDnsZones,DC=samba,DC=example,DC=com
> >>
> >> Change the object to have:
> >> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
> >> objectClass: top
> >> objectClass: domain
> >> objectClass: domainDNS
> >> description: Microsoft DNS Directory
> >> instanceType: 13
> > 
> > Even better would be to use ldbmodify and create a 'replace' ldif, at
> > least on objectClass.  Then re-do the same thing on the sam.ldb (which
> > once the DB is correct, will allow the metadata to be updated). 
> > 
> >> Then run:
> >>
> >>  samba-tool dbcheck -H private/sam.ldb --cross-ncs --reindex
> >>  samba-tool dbcheck -H private/sam.ldb --cross-ncs
> >>
> >> This will ensure the indexes and replPropertyMetaData is updated after
> >> this generally NOT RECOMMENDED action of editing the raw database.
> > 
> > I don't like suggesting editing the raw backend ldb files, but I do feel
> > I've left you hanging on for a more automated solution for too long
> > now. 
> > 
> > Andrew Bartlett
> > 
> Hello Andrew,
> 
> changing/adding the objectClass values did work. The only remaining
> difference is the objectCategory. In my setup I have:
> 
> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> 
> but I think it should be:
> 
> objectCategory:
> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> 
> is this something that needs to be fixed ?

It probably should be.  Can you just edit it (perhaps with --relax)?

If not, what I need is to find the rules (probably in MS-ADTS 
http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-ADTS%5D.pdf that tells me what objectCategory is valid for any set of objectClasses.  I can then find that this value is wrong, and correct it in dbcheck.)

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list