Can't join as DC on Samba4 Beta4/5

Srinath Mantripragada srinath_man at yahoo.com
Mon Jul 30 15:27:55 MDT 2012 

Hi Andrew,

Thanks, it worked  and sorry for the delay to respond, I could only work on it now.

What is your advice now ? Once I update both to git master can I start samba on both servers ?

Here are the results:

Finding a writeable DC for domain 'int.oinkdigital.com'
>Found DC samba4-1.int.oinkdigital.com
>Password for [ONK\administrator]:
>workgroup is ONK
>realm is int.oinkdigital.com
>checking sAMAccountName
>Adding CN=SAMBA4-2,OU=Domain Controllers,DC=int,DC=oinkdigital,DC=com
>Adding CN=SAMBA4-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>Adding CN=NTDS Settings,CN=SAMBA4-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>Adding SPNs to CN=SAMBA4-2,OU=Domain Controllers,DC=int,DC=oinkdigital,DC=com
>Setting account password for SAMBA4-2$
>Enabling account
>Calling bare provision
>No IPv6 address will be assigned
>Provision OK for domain DN DC=int,DC=oinkdigital,DC=com
>Starting replication
>Schema-DN[CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[402/1550] linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[804/1550] linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[1206/1550] linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[1550/1550] linked_values[0/0]
>Analyze and apply schema objects
>Partition[CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[402/1689] linked_values[0/0]
>Partition[CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[804/1689] linked_values[0/0]
>Partition[CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[1206/1689] linked_values[0/0]
>Partition[CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[1608/1689] linked_values[0/0]
>Partition[CN=Configuration,DC=int,DC=oinkdigital,DC=com] objects[1689/1689] linked_values[29/0]
>Replicating critical objects from the base DN of the domain
>Partition[DC=int,DC=oinkdigital,DC=com] objects[98/98] linked_values[31/0]
>Partition[DC=int,DC=oinkdigital,DC=com] objects[500/513] linked_values[0/0]
>Partition[DC=int,DC=oinkdigital,DC=com] objects[611/513] linked_values[170/0]
>Partition[DC=DomainDnsZones,DC=int,DC=oinkdigital,DC=com] objects[36/36] linked_values[0/0]
>Partition[DC=ForestDnsZones,DC=int,DC=oinkdigital,DC=com] objects[18/18] linked_values[0/0]
>Committing SAM database
>Sending DsReplicateUpdateRefs for all the partitions
>Setting isSynchronized and dsServiceName
>Setting up secrets database
>Joined domain ONK (SID S-1-5-21-4049503596-2436987728-3178021839) as a DC


As for the cn=configlostandfound, there was none, only cn=lostandfoundconfig:

root at samba4-2:/usr/local/samba# ldbsearch -H private/sam.ldb -s sub -b cn=lostandfoundconfig,CN=Configuration,DC=int,DC=oinkdigital,DC=com
># record 1
>dn: CN=LostAndFoundConfig,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>objectClass: top
>objectClass: lostAndFound
>cn: LostAndFoundConfig
>instanceType: 4
>whenCreated: 20110228202519.0Z
>whenChanged: 20120720155408.0Z
>uSNCreated: 1559
>uSNChanged: 1559
>showInAdvancedViewOnly: TRUE
>name: LostAndFoundConfig
>objectGUID: f25577a1-0b07-4764-b45e-595a5b05dd28
>systemFlags: -2147483648
>objectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>distinguishedName: CN=LostAndFoundConfig,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>
>
># record 2
>dn: CN=25dd3d03-7a8f-408b-88b5-ee17ed83a63f,CN=LostAndFoundConfig,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>objectClass: top
>objectClass: leaf
>objectClass: nTDSConnection
>cn: 25dd3d03-7a8f-408b-88b5-ee17ed83a63f
>instanceType: 4
>whenCreated: 20120720151005.0Z
>uSNCreated: 3246
>showInAdvancedViewOnly: TRUE
>name: 25dd3d03-7a8f-408b-88b5-ee17ed83a63f
>objectGUID: 05b58b40-eeb9-44c0-94d9-377a1b71bf8f
>enabledConnection: TRUE
>fromServer: CN=NTDS Settings,CN=SAMBA4-1,CN=Servers,CN=Default-First-Site-Name
> ,CN=Sites,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>options: 1
>systemFlags: 1073741824
>objectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>lastKnownParent: CN=NTDS Settings,CN=SAMBA4-2\0ADEL:bbd1b2e1-5692-4674-976d-55
> b4d9a4383c,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
> =int,DC=oinkdigital,DC=com
>whenChanged: 20120730204318.0Z
>uSNChanged: 3247
>distinguishedName: CN=25dd3d03-7a8f-408b-88b5-ee17ed83a63f,CN=LostAndFoundConf
> ig,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>
>
># returned 2 records
># 2 entries
># 0 referrals





>________________________________
> From: Andrew Bartlett <abartlet at samba.org>
>To: Srinath Mantripragada <srinath_man at yahoo.com> 
>Cc: "samba-technical at lists.samba.org" <samba-technical at lists.samba.org> 
>Sent: Sunday, July 29, 2012 8:30:46 AM
>Subject: Re: Can't join as DC on Samba4 Beta4/5
> 
>On Sat, 2012-07-28 at 12:14 +1000, Andrew Bartlett wrote:
>> On Sat, 2012-07-28 at 11:32 +1000, Andrew Bartlett wrote:
>> > On Fri, 2012-07-27 at 07:21 -0700, Srinath Mantripragada wrote:
>> > > Hi,
>> > > 
>> > > I'm still having this problem using the last version from git. Any help will be appreciated.
>> > 
>> > I do apologise for not getting back to you sooner.  This is in internal
>> > error in the code, caused by a patch I added fairly recently trying to
>> > cope with another replication issue.
>> > 
>> > This attached patch may not fix the issue (but it does change one
>> > critical aspect, that is the DN we were looking for LostAndFound
>> > incorrect), but it will give us much more detail on what is wrong.
>> > 
>> > HOWEVER:  The fact that this occurs during a DC join means that either
>> > there is a serious issue with your domain (unlikely), or that I have the
>> > fundamental logic here incorrect.  If we were to have succeed in moving
>> > the object to LostAndFound, we may break your parent directory when we
>> > replicate back. 
>> > 
>> > The errors you get from doing the migration will let me know more about
>> > the situation, and hep me try and debug it further. 
>> > 
>> > DO NOT start samba after the join, instead send me back the error
>> > messages and we can figure out what to do from here. 
>> > 
>> > I've put the patch in my drs-lost-and-found branch at
>> > git://git.samba.org/abartlet/samba.git
>> > 
>> > The current patch I've attached to my mail, but I may update the branch
>> > if I figure out anything more. 
>> 
>> I've updated my branch with this corrected patch.
>
>I've found the issue and fixed it in that branch.  However, I would be
>very interested to know what ends up in the lostAndFound containers
>after this replication.  Given that the source domain is Samba4?  Can
>you check out that branch, compile, install on your new DC and do two
>things for me:
>
>Re-do the join, and show me the output (on the new DC) of
>
>ldbsearch -H private/sam.ldb -s sub -b
>cn=configlostandfound,CN=Configuration,DC=int,DC=oinkdigital,DC=com
>
>Then, if you can, upgrade the original DC to current git master (or my
>branch) and run:
>
>samba-tool dbcheck -H private/sam.ldb --cross-ncs
>
>And tell me what failures it finds (I've added checks for some of the
>likely issues here). 
>
>Thanks!
>
>Andrew Bartlett
>
>-- 
>Andrew Bartlett                                http://samba.org/~abartlet/
>Authentication Developer, Samba Team          http://samba.org
>
>
>
>

More information about the samba-technical mailing list