[Samba] unique index violation on objectGUID, CN=Deleted Objects, DC=samdom, DC=domain

Ong Yu-Phing y_ong at usa.net
Sun Jan 27 20:56:18 MST 2013 

I've grabbed the latest samba4  master branch from git, and am trying to 
join the samba4 server to an existing domain.  However, I'm bumping into 
a unique index violation, with some objects in the CN=Deleted Objects 
container.    These objects were conflict objects created during some 
replication issues, and the system admins have already deleted these 
objects (hence why they are the Deleted Objects container, hah!).

Is the recommendation to just delete these "deleted" objects, or is 
there some other command-line option in samba-tool that allows us to 
specify to ignore a specific OU?

Note that this is the first time I'm doing this (joining an existing AD 
domain), and I get the same result with both 4.0.1 production as well as 
the latest commit (commit bb3238b46f0ffaf0bc8c0e16bdcc1cf5d2cad197, 
Version 4.1.0pre1-GIT-bb3238b).

Here are my logs (samdom.domain and 10.10.1.7 is sanitised output):
===================
root at cndc01s:~/samba-master# kinit administrator
Password for administrator at samdom.domain:
root at cndc01s:~/samba-master# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at samdom.domain

Valid starting       Expires              Service principal
28/01/2013 11:03:21  28/01/2013 21:03:24 krbtgt/samdom.domain at samdom.domain
     renew until 29/01/2013 11:03:21
root at cndc01s:~/samba-master# /usr/local/samba/bin/samba-tool domain join 
samdom.domain DC -Uadministrator --realm=samdom.domain --server=10.10.1.7
Password for [WORKGROUP\administrator]:
workgroup is samdom
realm is samdom.domain
checking sAMAccountName
Adding CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
Adding 
CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
Adding CN=NTDS 
Settings,CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
Adding SPNs to CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
Setting account password for CNDC01S$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=samdom,DC=domain
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[402] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[804] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[1206] 
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[1553] 
linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=samdom,DC=domain] objects[402] 
linked_values[57]
Partition[CN=Configuration,DC=samdom,DC=domain] objects[804] 
linked_values[0]
Partition[CN=Configuration,DC=samdom,DC=domain] objects[1206] 
linked_values[0]
Partition[CN=Configuration,DC=samdom,DC=domain] objects[1608] 
linked_values[37]
Partition[CN=Configuration,DC=samdom,DC=domain] objects[1880] 
linked_values[34]
Replicating critical objects from the base DN of the domain
Partition[DC=samdom,DC=domain] objects[106] linked_values[94]
Partition[DC=samdom,DC=domain] objects[364] linked_values[0]
Partition[DC=samdom,DC=domain] objects[534] linked_values[281]
..
Partition[DC=samdom,DC=domain] objects[6239] linked_values[19]
Partition[DC=samdom,DC=domain] objects[6439] linked_values[6]
Partition[DC=samdom,DC=domain] objects[6624] linked_values[123]
Failed to apply records: ../lib/ldb/ldb_tdb/ldb_index.c:1199: Failed to 
re-index objectGUID in 
CN=S-1-5-21-1002020466-2171359742-195674365-1193\0ADEL:62dd3445-a58a-4631-9ab9-673430cb37af\0ACNF:62dd3445-a58a-4631-9ab9-673430cb37af,CN=Deleted 
Objects,DC=samdom,DC=domain - ../lib/ldb/ldb_tdb/ldb_index.c:1131: 
unique index violation on objectGUID in 
CN=S-1-5-21-1002020466-2171359742-195674365-1193\0ADEL:62dd3445-a58a-4631-9ab9-673430cb37af\0ACNF:62dd3445-a58a-4631-9ab9-673430cb37af,CN=Deleted 
Objects,DC=samdom,DC=domain: Entry already exists
Failed to commit objects: WERR_GENERAL_FAILURE
Join failed - cleaning up
checking sAMAccountName
Deleted CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
Deleted CN=NTDS 
Settings,CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
Deleted 
CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to 
process chunk: NT_STATUS_UNSUCCESSFUL
   File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", 
line 552, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", 
line 1104, in join_DC
     ctx.do_join()
   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", 
line 1009, in do_join
     ctx.join_replicate()
   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", 
line 748, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File 
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 
252, in replicate
     schema=schema, req_level=req_level, req=req)
===================

Thanks for any comments.

More information about the samba mailing list