Need urgent help with samba4 DC re-join

Andreas Oster aoster at novanetwork.de
Sat Sep 8 04:17:59 MDT 2012


Am 22.08.2012 13:36, schrieb Andrew Bartlett:
> On Wed, 2012-08-01 at 20:28 +0200, Andreas Oster wrote:
>> Am 01.08.2012 15:34, schrieb Andrew Bartlett:
>>> On Wed, 2012-08-01 at 23:28 +1000, Andrew Bartlett wrote:
>>>> On Wed, 2012-08-01 at 13:30 +0200, Andreas Oster wrote:
>>>>> Am 18.07.2012 08:03, schrieb Andrew Bartlett:
>>>>>> On Wed, 2012-07-18 at 07:10 +0200, Andreas Oster wrote:
>>>>>>
>>>>>>> Hello Andrew,
>>>>>>>
>>>>>>> unfortunately dbcheck did not work. The following error messages showed up:
>>>>>>>
>>>>>>> ERROR: wrong instanceType 11 on DC=DomainDnsZones,DC=novanetwork,DC=loc,
>>>>>>> should be 13
>>>>>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
>>>>>>> 'dbcheck' object has no attribute 'modify_instancetype'
>>>>>>>   File
>>>>>>
>>>>>> Thanks.  I've updated my branch with what I hope will be a fix.  This
>>>>>> time I've modified a local DB to replicate your error condition, and
>>>>>> confirmed it all works.
>>>>>>
>>>>>> However, it will only allow the instanceType to be changed, the
>>>>>> objectClass can't be fixed yet.  But if you can confirm what I have so
>>>>>> far works for you, I'll see what I can do about the rest.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Andrew Bartlett
>>>>>>
>>>>> Hello Andrew,
>>>>>
>>>>> any news regarding adding some code to dbcheck to fix the objectClass
>>>>> issue in my samba4 setup ?
>>>>>
>>>>> Thank you very much.
>>>>
>>>> You have been incredibly patient over the past more than a month on this
>>>> issue.  I've not had a chance to look into this properly.  
>>>>
>>>> As to getting your specific database out of this specific situation,
>>>> this might work (on a backup!):
>>>>
>>>> Run (change for your domain):
>>>>
>>>>  ldbedit -H
>>>> private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb -s
>>>> base -b DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>>
>>>> Change the object to have:
>>>> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>> objectClass: top
>>>> objectClass: domain
>>>> objectClass: domainDNS
>>>> description: Microsoft DNS Directory
>>>> instanceType: 13
>>>
>>> Even better would be to use ldbmodify and create a 'replace' ldif, at
>>> least on objectClass.  Then re-do the same thing on the sam.ldb (which
>>> once the DB is correct, will allow the metadata to be updated). 
>>>
>>>> Then run:
>>>>
>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs --reindex
>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs
>>>>
>>>> This will ensure the indexes and replPropertyMetaData is updated after
>>>> this generally NOT RECOMMENDED action of editing the raw database.
>>>
>>> I don't like suggesting editing the raw backend ldb files, but I do feel
>>> I've left you hanging on for a more automated solution for too long
>>> now. 
>>>
>>> Andrew Bartlett
>>>
>> Hello Andrew,
>>
>> changing/adding the objectClass values did work. The only remaining
>> difference is the objectCategory. In my setup I have:
>>
>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>> but I think it should be:
>>
>> objectCategory:
>> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>
>> is this something that needs to be fixed ?
> 
> It probably should be.  Can you just edit it (perhaps with --relax)?
> 
> If not, what I need is to find the rules (probably in MS-ADTS 
> http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-ADTS%5D.pdf that tells me what objectCategory is valid for any set of objectClasses.  I can then find that this value is wrong, and correct it in dbcheck.)
> 
> Andrew Bartlett
> 
Hello Andrew,

I have tried to change the objectClass manually but failed to do so
because of the following error:

../bin/ldbedit --relax -H sam.ldb -s base -b
dc=domaindnszones,DC=novanetwork,DC=loc

failed to modify DC=DomainDnsZones,DC=novanetwork,DC=loc -
objectclass_attrs: attribute 'dc' on entry
'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
specified objectclasses!



I have tried to add the following:

objectClass: domain
objectClass: domainDNS

and tried to change:
objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc

to

objectCategory:
CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc


This is what I have at the moment in the productive system
(about the same for ForestDnsZones):

# editing 1 records
# record 1
dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
description: Microsoft DNS Directory
uSNCreated: 4050
name: DomainDnsZones
objectGUID: a1e40623-4805-4e11-9471-9cb0b49b1dc8
msDS-NcType: 0
dc: DomainDnsZones
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
Quotas,DC=Doma
 inDnsZones,DC=novanetwork,DC=loc
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
Objects,DC=
 DomainDnsZones,DC=novanetwork,DC=loc
wellKnownObjects:
B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
 omainDnsZones,DC=novanetwork,DC=loc
wellKnownObjects:
B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
 ainDnsZones,DC=novanetwork,DC=loc
msDs-masteredBy: CN=NTDS
Settings,CN=NOVADC01,CN=Servers,CN=Standardname-des-e
 rsten-Standorts,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
objectClass: top
whenCreated: 20120422140706.0Z
objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
instanceType: 13
whenChanged: 20120908101317.0Z
uSNChanged: 91627
distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc


This is what I have on my test system:

# editing 1 records
# record 1
dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
objectClass: top
objectClass: domain
objectClass: domainDNS
description: Microsoft DNS Directory
instanceType: 13
whenCreated: 20120603170244.0Z
uSNCreated: 3620
name: DomainDnsZones
objectGUID: 02e8e887-eced-4501-bee8-40a3f777e27d
objectCategory:
CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
msDS-NcType: 0
dc: DomainDnsZones
wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
Quotas,DC=Doma
 inDnsZones,DC=novanetwork,DC=loc
wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
Objects,DC=
 DomainDnsZones,DC=novanetwork,DC=loc
wellKnownObjects:
B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
 omainDnsZones,DC=novanetwork,DC=loc
wellKnownObjects:
B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
 ainDnsZones,DC=novanetwork,DC=loc
whenChanged: 20120603170245.0Z
uSNChanged: 3632
msDs-masteredBy: CN=NTDS
Settings,CN=NOVADC01,CN=Servers,CN=Default-First-Site
 -Name,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
msDs-masteredBy: CN=NTDS
Settings,CN=NOVADC02,CN=Servers,CN=Default-First-Site
 -Name,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
replUpToDateVector::
AgAAAAAAAAABAAAAAAAAAMvd5kNgzFpOpMOwTZYQyr20DgAAAAAAAIDX6
 mwneM0B
repsFrom::
AQAAAAAAAAALAQAAAAAAAMuTNwYDAAAAy5M3BgMAAAAAAAAA0AAAADsAAAB0AAAAERE
 RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
 ERERERERERERERERERERERERERERERERAAAAALQOAAAAAAAAAAAAAAAAAAC0DgAAAAAAAGEge//aF
 8NIufZtCi2jJiDL3eZDYMxaTqTDsE2WEMq9AAAAAAAAAAAAAAAAAAAAADcAAABmZjdiMjA2MS0xN2
 RhLTQ4YzMtYjlmNi02ZDBhMmRhMzI2MjAuX21zZGNzLnRoZXRpY2suZGUA
repsTo::
AQAAAAAAAAALAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAADsAAAAcAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGEge//aF8N
 IufZtCi2jJiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcAAABmZjdiMjA2MS0xN2Rh
 LTQ4YzMtYjlmNi02ZDBhMmRhMzI2MjAuX21zZGNzLnRoZXRpY2suZGUA
distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc


Thank you for your kind help

best regards

Andreas



More information about the samba-technical mailing list