Need urgent help with samba4 DC re-join

Andrew Bartlett abartlet at samba.org
Wed Jun 27 07:35:10 MDT 2012 

On Wed, 2012-06-27 at 15:28 +0200, Andreas Oster wrote:
> Am 27.06.2012 15:21, schrieb Andrew Bartlett:
> > On Wed, 2012-06-27 at 15:09 +0200, Andreas Oster wrote:
> >> Hello Andrew,
> >>
> >> i think the only differences when doing a "ldbsearch -H sam.ldb -s base
> >> -b DC=DomainDnsZones,DC=novanetwork,DC=loc" are:
> >>
> >> objectClass: domain
> >> objectClass: domainDNS
> >>
> >> and
> >>
> >> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> >>
> >>
> >> I do not know if this was correct before demoting the second DC.
> >> It did not come into my mind to check for errors because everything
> >> worked like a charm and I was/am really happy with samba4.
> >>
> >> here the output of:
> >>
> >> ../bin/ldbsearch -H sam.ldb -s base -b
> >> dc=domaindnszones,DC=novanetwork,DC=loc --reveal --show-binary
> >> replPropertyMetaData
> > 
> > Thanks.  This gives us a very good clue as to what has gone on:
> > 
> > I'm assuming that 61f36cfd-ba7d-4702-87d3-7e861bb32cfe is PDC and
> > fd9ca123-ed33-483a-a735-ff41940789a2 was the BDC?
> > 
> > The key attributes changed that you mention are objectClass and
> > objectCategory.  Both need to be fixed.  The incorrect values seem to
> > have been written at Sun Apr 22 16:07:06 2012 CEST compared with Sun Apr
> > 22 16:03:41 2012 CEST for the good ones.
> > 
> > My guess is that in attempting to replicate the DNS to the slave with
> > the samba-tool drs commands, and running samba_upgradedns on that
> > server, have somehow sent back a corrupted version of the same object.
> > 
> > Andrew Bartlett
> > 

> Hello Andrew,
> 
> this is absolute possible. In a prior try to replicate the
> DomainDnsZones and ForestDnsZones I used the samba-tool drs command but
> this did not succeed and, if I do remember correct, quit with an error
> message. As everything kept on working as before, it did not come to my
> mind that it might have broken anything.
> 
> Do you have an idea how to fix this ?

ldbedit -H sam.ldb -s base -b dc=domaindnszones,DC=novanetwork,DC=loc

Then set:

objectClass: domainDNS 
objectCategory:
CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc

That should fix it (I hope).

This is the end for me for tonight, but I'll follow up tomorrow.
Hopefully others here can help you with any remaining details. 

KEEP GOOD BACKUPS.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list