Need urgent help with samba4 DC re-join
Andreas Oster
aoster at novanetwork.de
Sat Jul 14 00:07:38 MDT 2012
Am 14.07.2012 04:29, schrieb Andrew Bartlett:
> On Fri, 2012-07-13 at 08:09 +0200, Andreas Oster wrote:
>> Am 03.07.2012 00:32, schrieb Andrew Bartlett:
>>> On Mon, 2012-07-02 at 20:00 +0200, Andreas Oster wrote:
>>>
>>>> Hello Andrew,
>>>>
>>>> as I have written, I have managed to restore the system to the state
>>>> before my disastrous attempt to demote my BDC (novadc02). Currently both
>>>> servers operate normal but still the problems with objectClass and
>>>> objectCategory of the DomainDnsZones and ForestDnsZones exists.
>>>>
>>>> Would it make sense to, after taking a proper backup, demote the second
>>>> DC again or should the faulty DB entries be fixed first ?
>>>
>>> I've been thinking over this, and the reason for the slow replies is
>>> that the situation isn't easy to fix. Somehow (and I would like to
>>> understand how), the instanceType in your DNS partition on the master is
>>> set not to include the WRITE bit. This causes the repl_meta_data
>>> message you see.
>>>
>>> However, I'm pretty sure 'fixing' the instanceType bit would be
>>> prohibited by the objectclass module, enforcing the broken schema.
>>>
>>> Given all that, it seems the 'safe' way to fix it is to correct the
>>> instanceType based on the msDS-hasMasterNCs attribute in a dbcheck
>>> routine, setting various flags to bypass checking for this specific
>>> change, but I've not written that yet.
>>>
>>> Sorry,
>>>
>>> Andrew Bartlett
>>>
>> Hello Andrew,
>>
>> did you have a chance to do something regarding the dbcheck enhancement
>> to fix the broken schema of my samba4 installation ?
>>
>> Thank you for your kind help
>
> Not yet, sorry. Please keep reminding me. If someone else wants to
> take on the task, the dbcheck.py changes needed are:
> - for every haveMasterNCs in an ntDsa object
> - confirm that the instanceType attribute on the pointed-at schema have
> the writable flag set. If not, set it.
>
> While doing that, an additional task will be to fill out the
> msDS-HasInstantiatedNCs attributes so the 'binary' part of the BINARY+DN
> matches the (perhaps newly revised) instanceType.
>
> eg
> msDS-HasInstantiatedNCs: B:8:0000000D:${CONFIGDN}
>
> Thanks,
>
> Andrew Bartlett
>
Hello Andrew,
thank you for the update.
best regards
Andreas
More information about the samba-technical
mailing list