Need urgent help with samba4 DC re-join
Andreas Oster
aoster at novanetwork.de
Wed Jun 27 07:28:57 MDT 2012
Am 27.06.2012 15:21, schrieb Andrew Bartlett:
> On Wed, 2012-06-27 at 15:09 +0200, Andreas Oster wrote:
>> Hello Andrew,
>>
>> i think the only differences when doing a "ldbsearch -H sam.ldb -s base
>> -b DC=DomainDnsZones,DC=novanetwork,DC=loc" are:
>>
>> objectClass: domain
>> objectClass: domainDNS
>>
>> and
>>
>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>>
>> I do not know if this was correct before demoting the second DC.
>> It did not come into my mind to check for errors because everything
>> worked like a charm and I was/am really happy with samba4.
>>
>> here the output of:
>>
>> ../bin/ldbsearch -H sam.ldb -s base -b
>> dc=domaindnszones,DC=novanetwork,DC=loc --reveal --show-binary
>> replPropertyMetaData
>
> Thanks. This gives us a very good clue as to what has gone on:
>
> I'm assuming that 61f36cfd-ba7d-4702-87d3-7e861bb32cfe is PDC and
> fd9ca123-ed33-483a-a735-ff41940789a2 was the BDC?
>
> The key attributes changed that you mention are objectClass and
> objectCategory. Both need to be fixed. The incorrect values seem to
> have been written at Sun Apr 22 16:07:06 2012 CEST compared with Sun Apr
> 22 16:03:41 2012 CEST for the good ones.
>
> My guess is that in attempting to replicate the DNS to the slave with
> the samba-tool drs commands, and running samba_upgradedns on that
> server, have somehow sent back a corrupted version of the same object.
>
> Andrew Bartlett
>
>> # record 1
>> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
>> replPropertyMetaData: NDR: struct replPropertyMetaDataBlob
>> version : 0x00000001 (1)
>> reserved : 0x00000000 (0)
>> ctr : union replPropertyMetaDataCtr(case 1)
>> ctr1: struct replPropertyMetaDataCtr1
>> count : 0x00000009 (9)
>> reserved : 0x00000000 (0)
>> array: ARRAY(9)
>
> eg BAD
>
>> array: struct replPropertyMetaData1
>> attid : DRSUAPI_ATTID_objectClass
>> (0x0)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>
> eg GOOD
>
>> array: struct replPropertyMetaData1
>> attid : DRSUAPI_ATTID_description
>> (0xD)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:03:41 2012 CEST
>> originating_invocation_id:
>> 61f36cfd-ba7d-4702-87d3-7e861bb32cfe
>> originating_usn : 0x0000000000000fd2 (4050)
>> local_usn : 0x0000000000000fd2 (4050)
>> array: struct replPropertyMetaData1
>> attid :
>> DRSUAPI_ATTID_instanceType (0x20001)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>> array: struct replPropertyMetaData1
>> attid : DRSUAPI_ATTID_whenCreated
>> (0x20002)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>> array: struct replPropertyMetaData1
>> attid :
>> DRSUAPI_ATTID_ntSecurityDescriptor (0x20119)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:03:41 2012 CEST
>> originating_invocation_id:
>> 61f36cfd-ba7d-4702-87d3-7e861bb32cfe
>> originating_usn : 0x0000000000000fd2 (4050)
>> local_usn : 0x0000000000000fd2 (4050)
>> array: struct replPropertyMetaData1
>> attid : DRSUAPI_ATTID_name (0x90001)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>> array: struct replPropertyMetaData1
>> attid :
>> DRSUAPI_ATTID_wellKnownObjects (0x9026A)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:03:42 2012 CEST
>> originating_invocation_id:
>> 61f36cfd-ba7d-4702-87d3-7e861bb32cfe
>> originating_usn : 0x0000000000000fde (4062)
>> local_usn : 0x0000000000000fde (4062)
>> array: struct replPropertyMetaData1
>> attid :
>> DRSUAPI_ATTID_objectCategory (0x9030E)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>> array: struct replPropertyMetaData1
>> attid : UNKNOWN_ENUM_VALUE (0x150019)
>> version : 0x00000001 (1)
>> originating_change_time : Sun Apr 22 16:07:06 2012 CEST
>> originating_invocation_id:
>> fd9ca123-ed33-483a-a735-ff41940789a2
>> originating_usn : 0x0000000000003336 (13110)
>> local_usn : 0x0000000000001014 (4116)
>>
>>
>> # returned 1 records
>> # 1 entries
>> # 0 referrals
>>
>>
>> regards
>>
>> Andreas
>>
>
Hello Andrew,
this is absolute possible. In a prior try to replicate the
DomainDnsZones and ForestDnsZones I used the samba-tool drs command but
this did not succeed and, if I do remember correct, quit with an error
message. As everything kept on working as before, it did not come to my
mind that it might have broken anything.
Do you have an idea how to fix this ?
best regards
Andreas
More information about the samba-technical
mailing list