Need urgent help with samba4 DC re-join

Andreas Oster aoster at novanetwork.de
Tue Sep 25 02:10:45 MDT 2012


Am 08.09.2012 12:17, schrieb Andreas Oster:
> Am 22.08.2012 13:36, schrieb Andrew Bartlett:
>> On Wed, 2012-08-01 at 20:28 +0200, Andreas Oster wrote:
>>> Am 01.08.2012 15:34, schrieb Andrew Bartlett:
>>>> On Wed, 2012-08-01 at 23:28 +1000, Andrew Bartlett wrote:
>>>>> On Wed, 2012-08-01 at 13:30 +0200, Andreas Oster wrote:
>>>>>> Am 18.07.2012 08:03, schrieb Andrew Bartlett:
>>>>>>> On Wed, 2012-07-18 at 07:10 +0200, Andreas Oster wrote:
>>>>>>>
>>>>>>>> Hello Andrew,
>>>>>>>>
>>>>>>>> unfortunately dbcheck did not work. The following error messages showed up:
>>>>>>>>
>>>>>>>> ERROR: wrong instanceType 11 on DC=DomainDnsZones,DC=novanetwork,DC=loc,
>>>>>>>> should be 13
>>>>>>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
>>>>>>>> 'dbcheck' object has no attribute 'modify_instancetype'
>>>>>>>>   File
>>>>>>>
>>>>>>> Thanks.  I've updated my branch with what I hope will be a fix.  This
>>>>>>> time I've modified a local DB to replicate your error condition, and
>>>>>>> confirmed it all works.
>>>>>>>
>>>>>>> However, it will only allow the instanceType to be changed, the
>>>>>>> objectClass can't be fixed yet.  But if you can confirm what I have so
>>>>>>> far works for you, I'll see what I can do about the rest.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> Andrew Bartlett
>>>>>>>
>>>>>> Hello Andrew,
>>>>>>
>>>>>> any news regarding adding some code to dbcheck to fix the objectClass
>>>>>> issue in my samba4 setup ?
>>>>>>
>>>>>> Thank you very much.
>>>>>
>>>>> You have been incredibly patient over the past more than a month on this
>>>>> issue.  I've not had a chance to look into this properly.  
>>>>>
>>>>> As to getting your specific database out of this specific situation,
>>>>> this might work (on a backup!):
>>>>>
>>>>> Run (change for your domain):
>>>>>
>>>>>  ldbedit -H
>>>>> private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb -s
>>>>> base -b DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>>>
>>>>> Change the object to have:
>>>>> dn: DC=DomainDnsZones,DC=samba,DC=example,DC=com
>>>>> objectClass: top
>>>>> objectClass: domain
>>>>> objectClass: domainDNS
>>>>> description: Microsoft DNS Directory
>>>>> instanceType: 13
>>>>
>>>> Even better would be to use ldbmodify and create a 'replace' ldif, at
>>>> least on objectClass.  Then re-do the same thing on the sam.ldb (which
>>>> once the DB is correct, will allow the metadata to be updated). 
>>>>
>>>>> Then run:
>>>>>
>>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs --reindex
>>>>>  samba-tool dbcheck -H private/sam.ldb --cross-ncs
>>>>>
>>>>> This will ensure the indexes and replPropertyMetaData is updated after
>>>>> this generally NOT RECOMMENDED action of editing the raw database.
>>>>
>>>> I don't like suggesting editing the raw backend ldb files, but I do feel
>>>> I've left you hanging on for a more automated solution for too long
>>>> now. 
>>>>
>>>> Andrew Bartlett
>>>>
>>> Hello Andrew,
>>>
>>> changing/adding the objectClass values did work. The only remaining
>>> difference is the objectCategory. In my setup I have:
>>>
>>> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>>
>>> but I think it should be:
>>>
>>> objectCategory:
>>> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
>>>
>>> is this something that needs to be fixed ?
>>
>> It probably should be.  Can you just edit it (perhaps with --relax)?
>>
>> If not, what I need is to find the rules (probably in MS-ADTS 
>> http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-ADTS%5D.pdf that tells me what objectCategory is valid for any set of objectClasses.  I can then find that this value is wrong, and correct it in dbcheck.)
>>
>> Andrew Bartlett
>>
> Hello Andrew,
> 
> I have tried to change the objectClass manually but failed to do so
> because of the following error:
> 
> ../bin/ldbedit --relax -H sam.ldb -s base -b
> dc=domaindnszones,DC=novanetwork,DC=loc
> 
> failed to modify DC=DomainDnsZones,DC=novanetwork,DC=loc -
> objectclass_attrs: attribute 'dc' on entry
> 'DC=DomainDnsZones,DC=novanetwork,DC=loc' does not exist in the
> specified objectclasses!
> 
> 
> 
> I have tried to add the following:
> 
> objectClass: domain
> objectClass: domainDNS
> 
> and tried to change:
> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> 
> to
> 
> objectCategory:
> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> 
> 
> This is what I have at the moment in the productive system
> (about the same for ForestDnsZones):
> 
> # editing 1 records
> # record 1
> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
> description: Microsoft DNS Directory
> uSNCreated: 4050
> name: DomainDnsZones
> objectGUID: a1e40623-4805-4e11-9471-9cb0b49b1dc8
> msDS-NcType: 0
> dc: DomainDnsZones
> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
> Quotas,DC=Doma
>  inDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
> Objects,DC=
>  DomainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>  omainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>  ainDnsZones,DC=novanetwork,DC=loc
> msDs-masteredBy: CN=NTDS
> Settings,CN=NOVADC01,CN=Servers,CN=Standardname-des-e
>  rsten-Standorts,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
> objectClass: top
> whenCreated: 20120422140706.0Z
> objectCategory: CN=Top,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> instanceType: 13
> whenChanged: 20120908101317.0Z
> uSNChanged: 91627
> distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc
> 
> 
> This is what I have on my test system:
> 
> # editing 1 records
> # record 1
> dn: DC=DomainDnsZones,DC=novanetwork,DC=loc
> objectClass: top
> objectClass: domain
> objectClass: domainDNS
> description: Microsoft DNS Directory
> instanceType: 13
> whenCreated: 20120603170244.0Z
> uSNCreated: 3620
> name: DomainDnsZones
> objectGUID: 02e8e887-eced-4501-bee8-40a3f777e27d
> objectCategory:
> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=novanetwork,DC=loc
> msDS-NcType: 0
> dc: DomainDnsZones
> wellKnownObjects: B:32:6227F0AF1FC2410D8E3BB10615BB5B0F:CN=NTDS
> Quotas,DC=Doma
>  inDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects: B:32:18E2EA80684F11D2B9AA00C04F79F805:CN=Deleted
> Objects,DC=
>  DomainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:2FBAC1870ADE11D297C400C04FD8D5CD:CN=Infrastructure,DC=D
>  omainDnsZones,DC=novanetwork,DC=loc
> wellKnownObjects:
> B:32:AB8153B7768811D1ADED00C04FD8D5CD:CN=LostAndFound,DC=Dom
>  ainDnsZones,DC=novanetwork,DC=loc
> whenChanged: 20120603170245.0Z
> uSNChanged: 3632
> msDs-masteredBy: CN=NTDS
> Settings,CN=NOVADC01,CN=Servers,CN=Default-First-Site
>  -Name,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
> msDs-masteredBy: CN=NTDS
> Settings,CN=NOVADC02,CN=Servers,CN=Default-First-Site
>  -Name,CN=Sites,CN=Configuration,DC=novanetwork,DC=loc
> replUpToDateVector::
> AgAAAAAAAAABAAAAAAAAAMvd5kNgzFpOpMOwTZYQyr20DgAAAAAAAIDX6
>  mwneM0B
> repsFrom::
> AQAAAAAAAAALAQAAAAAAAMuTNwYDAAAAy5M3BgMAAAAAAAAA0AAAADsAAAB0AAAAERE
>  RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
>  ERERERERERERERERERERERERERERERERAAAAALQOAAAAAAAAAAAAAAAAAAC0DgAAAAAAAGEge//aF
>  8NIufZtCi2jJiDL3eZDYMxaTqTDsE2WEMq9AAAAAAAAAAAAAAAAAAAAADcAAABmZjdiMjA2MS0xN2
>  RhLTQ4YzMtYjlmNi02ZDBhMmRhMzI2MjAuX21zZGNzLnRoZXRpY2suZGUA
> repsTo::
> AQAAAAAAAAALAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0AAAADsAAAAcAAAAAAAAA
>  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>  AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGEge//aF8N
>  IufZtCi2jJiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcAAABmZjdiMjA2MS0xN2Rh
>  LTQ4YzMtYjlmNi02ZDBhMmRhMzI2MjAuX21zZGNzLnRoZXRpY2suZGUA
> distinguishedName: DC=DomainDnsZones,DC=novanetwork,DC=loc
> 
> 
> Thank you for your kind help
> 
> best regards
> 
> Andreas
> 
> 
Hello Andrew,

unfortunately I am not able to fix this issue by myself and hope that
you can help me to finally resolve it. Thanks to your kind help the
wrong instanceType has been fixed but I am still not able to re-join a
demoted DC to the primary DC because of the messed up objectClasses.

Thank you for your patience and kind help

best regards

Andreas




More information about the samba-technical mailing list