Need urgent help with samba4 DC re-join

Andreas Oster aoster at novanetwork.de
Thu Aug 23 23:55:23 MDT 2012 

Am 22.08.2012 13:36, schrieb Andrew Bartlett:
> On Wed, 2012-08-01 at 20:28 +0200, Andreas Oster wrote:
>> Am 01.08.2012 15:34, schrieb Andrew Bartlett:
>>> On Wed, 2012-08-01 at 23:28 +1000, Andrew Bartlett wrote:
>>>> On Wed, 2012-08-01 at 13:30 +0200, Andreas Oster wrote:
>>>>> Am 18.07.2012 08:03, schrieb Andrew Bartlett:
>>>>>> On Wed, 2012-07-18 at 07:10 +0200, Andreas Oster wrote:
>>>>>>
>>>>>>> Hello Andrew,
>>>>>>>
>>>>>>> unfortunately dbcheck did not work. The following error messages showed up:
>>>>>>>
>>>>>>> ERROR: wrong instanceType 11 on DC=DomainDnsZones,DC=novanetwork,DC=loc,
>>>>>>> should be 13
>>>>>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
>>>>>>> 'dbcheck' object has no attribute 'modify_instancetype'
>>>>>>>   File
>>>>>>
>>>>>> Thanks.  I've updated my branch with what I hope will be a fix.  This
>>>>>> time I've modified a local DB to replicate your error condition, and
>>>>>> confirmed it all works.
>>>>>>
>>>>>> However, it will only allow the instanceType to be changed, the
>>>>>> objectClass can't be fixed yet.  But if you can confirm what I have so
>>>>>> far works for you, I'll see what I can do about the rest.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Andrew Bartlett
>>>>>>
>>>>> Hello Andrew,
>>>>>
>>>>> any news regarding adding some code to dbcheck to fix the objectClass
>>>>> issue in my samba4 setup ?
>>>>>
>>>>> Thank you very much.
>>>>
>>>> You have been incredibly patient over the past more than a month on this
>>>> issue.  I've not had a chance to look into this properly.  
>>>>
>>>> As to getting your specific database out of this specific situation,
>>>> this might work (on a backup!):
>>>>
>>>> Run (change for your domain):
>>>>
>>>>  ldbedit -H
>>>> private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb -s
>>>> base -b DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>>
>>>> Change the object to have:
>>>> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>> objectClass: top
>>>> objectClass: domain
>>>> objectClass: domainDNS
>>>> description: Microsoft DNS Directory
>>>> instanceType: 13
>>>
>>> Even better would be to use ldbmodify and create a 'replace' ldif, at
>>> least on objectClass.  Then re-do the same thing on the sam.ldb (which
>>> once the DB is correct, will allow the metadata to be updated). 
>>>
>>>> Then run:
>>>>
>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs --reindex
>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs
>>>>
>>>> This will ensure the indexes and replPropertyMetaData is updated after
>>>> this generally NOT RECOMMENDED action of editing the raw database.
>>>
>>> I don't like suggesting editing the raw backend ldb files, but I do feel
>>> I've left you hanging on for a more automated solution for too long
>>> now. 
>>>
>>> Andrew Bartlett
>>>
>> Hello Andrew,
>>
>> changing/adding the objectClass values did work. The only remaining
>> difference is the objectCategory. In my setup I have:
>>
>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>> but I think it should be:
>>
>> objectCategory:
>> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>> is this something that needs to be fixed ?
> 
> It probably should be.  Can you just edit it (perhaps with --relax)?
> 
> If not, what I need is to find the rules (probably in MS-ADTS 
> http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-ADTS%5D.pdf that tells me what objectCategory is valid for any set of objectClasses.  I can then find that this value is wrong, and correct it in dbcheck.)
> 
> Andrew Bartlett
> 
Hello Andrew,

I am currently on vacation and can not try to change the objectCatagory
at the moment.
I compared the objectCatagory of my productive installation with a new
on I did setup at home for testing. In this test setup, which is a
recent beta, the objectCategory is:
CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc

instead of:
objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc

in my productive environment.

When I am back, I will try to manually modify the entry.

Thank you for your kind help.

Best regards

Andreas

More information about the samba-technical mailing list