Upgrade from Alpha9 to mainline GIT

Brian T Marshall brian at lothlorien.ca
Thu Jun 19 07:42:54 MDT 2014


I managed to get my Samba upgraded to mainline from Alpha9 over the last 
few days by tweaking database repair scipts. Problem is there are still 
known issues. msDS-HasInstantiatedNCs entries on my only domain 
controller are invalid and cannot be read by the system. Always throw 
errors on read, can't repair with existing tools. LDAP updates, Local 
LDIF updates and TDB updates all error out. I've tried both from the 
un-upgraded Alpha9 and from the post-upgrade mainline git.
Read error is:
ERROR(ldb): uncaught exception - could not parse 
<GUID=bca6bb4c-52f6-49d2-9ead-dea7ad588bdd>;CN=Configuration,DC=lothlorien,DC=ca 
in msDS-HasInstantiatedNCs on CN=NTDS 
Settings,CN=GALADRIEL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lothlorien,DC=ca 
as a 1.2.840.113556.1.4.903 DN
   File 
"/usr/local/samba/lib/python2.5/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python2.5/site-packages/samba/netcmd/dbcheck.py", 
line 136, in run
     controls=controls, attrs=attrs)
   File 
"/usr/local/samba/lib/python2.5/site-packages/samba/dbchecker.py", line 
130, in check_database
     error_count += self.check_object(object.dn, attrs=attrs)
   File 
"/usr/local/samba/lib/python2.5/site-packages/samba/dbchecker.py", line 
1059, in check_object
     attrs=attrs)

The msDS-HasInstantiatedNCs entries are missing the B:8:00000005: type 
prefix in front of them.

When I try and join another S4 DC to the domain I get:

root at domaincontroller:/usr/src/samba4/samba-master# 
/usr/local/samba/bin/samba-tool domain join lothlorien.ca DC -U 
lothlorien\\Administrator --realm=lothlorien.ca --dns-backend=NONE
Finding a writeable DC for domain 'lothlorien.ca'
Found DC galadriel.lothlorien.ca
Password for [LOTHLORIEN\Administrator]:
NO DNS zone information found in source domain, not replicating DNS
workgroup is LOTHLORIEN
realm is lothlorien.ca
checking sAMAccountName
Adding CN=DOMAINCONTROLLER,OU=Domain Controllers,DC=lothlorien,DC=ca
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM 
-  <00002035: ../source4/dsdb/samdb/ldb_modules/ridalloc.c:547: No RID 
Set DN - Failed to add RID Set CN=RID Set,CN=GALADRIEL,OU=Domain 
Controllers,DC=lothlorien,DC=ca - objectclass: object class 'rIDSet' is 
system-only, rejecting creation of 'CN=RID Set,CN=GALADRIEL,OU=Domain 
Controllers,DC=lothlorien,DC=ca'!> <>
   File 
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/domain.py", 
line 609, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", 
line 1172, in join_DC
     ctx.do_join()
   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", 
line 1075, in do_join
     ctx.join_add_objects()
   File "/usr/local/samba/lib/python2.6/site-packages/samba/join.py", 
line 521, in join_add_objects
     ctx.samdb.add(rec)


I also get failures when trying to join with a windows 2003 DC or 2012 DC.

Anyone have any suggestions for getting this upgraded domain working?
Thanks!

    -Brian Marshall



More information about the samba-technical mailing list