[Samba] unique index violation on objectGUID, CN=Deleted Objects, DC=samdom, DC=domain
Ong Yu-Phing
y_ong at usa.net
Wed Jan 30 19:20:32 MST 2013
Some (unsuccessful) updates, I've tried with both latest git pull () and
samba 4.0.2, both still encounter the same problem.
According to MS documentation, seems like I can't really delete objects
from the CN=Deleted Objects container, I have to wait for the tombstone
garbage collection to get to work, which means I have to wait ~180 days
from when the objects were actually deleted. Does anybody have any idea
about how to delete these sooner (NB: the sysadmins thought we could
just change tombstone TTL to 1 day, but MS explicitly states this is a
bad idea... )
On 28/01/2013 11:56, Ong Yu-Phing wrote:
> I've grabbed the latest samba4 master branch from git, and am trying
> to join the samba4 server to an existing domain. However, I'm bumping
> into a unique index violation, with some objects in the CN=Deleted
> Objects container. These objects were conflict objects created
> during some replication issues, and the system admins have already
> deleted these objects (hence why they are the Deleted Objects
> container, hah!).
>
> Is the recommendation to just delete these "deleted" objects, or is
> there some other command-line option in samba-tool that allows us to
> specify to ignore a specific OU?
>
> Note that this is the first time I'm doing this (joining an existing
> AD domain), and I get the same result with both 4.0.1 production as
> well as the latest commit (commit
> bb3238b46f0ffaf0bc8c0e16bdcc1cf5d2cad197, Version 4.1.0pre1-GIT-bb3238b).
>
> Here are my logs (samdom.domain and 10.10.1.7 is sanitised output):
> ===================
> root at cndc01s:~/samba-master# kinit administrator
> Password for administrator at samdom.domain:
> root at cndc01s:~/samba-master# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at samdom.domain
>
> Valid starting Expires Service principal
> 28/01/2013 11:03:21 28/01/2013 21:03:24
> krbtgt/samdom.domain at samdom.domain
> renew until 29/01/2013 11:03:21
> root at cndc01s:~/samba-master# /usr/local/samba/bin/samba-tool domain
> join samdom.domain DC -Uadministrator --realm=samdom.domain
> --server=10.10.1.7
> Password for [WORKGROUP\administrator]:
> workgroup is samdom
> realm is samdom.domain
> checking sAMAccountName
> Adding CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
> Adding
> CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
> Adding CN=NTDS
> Settings,CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
> Adding SPNs to CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
> Setting account password for CNDC01S$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Provision OK for domain DN DC=samdom,DC=domain
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[402]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain] objects[804]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain]
> objects[1206] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=domain]
> objects[1553] linked_values[0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=samdom,DC=domain] objects[402]
> linked_values[57]
> Partition[CN=Configuration,DC=samdom,DC=domain] objects[804]
> linked_values[0]
> Partition[CN=Configuration,DC=samdom,DC=domain] objects[1206]
> linked_values[0]
> Partition[CN=Configuration,DC=samdom,DC=domain] objects[1608]
> linked_values[37]
> Partition[CN=Configuration,DC=samdom,DC=domain] objects[1880]
> linked_values[34]
> Replicating critical objects from the base DN of the domain
> Partition[DC=samdom,DC=domain] objects[106] linked_values[94]
> Partition[DC=samdom,DC=domain] objects[364] linked_values[0]
> Partition[DC=samdom,DC=domain] objects[534] linked_values[281]
> ..
> Partition[DC=samdom,DC=domain] objects[6239] linked_values[19]
> Partition[DC=samdom,DC=domain] objects[6439] linked_values[6]
> Partition[DC=samdom,DC=domain] objects[6624] linked_values[123]
> Failed to apply records: ../lib/ldb/ldb_tdb/ldb_index.c:1199: Failed
> to re-index objectGUID in
> CN=S-1-5-21-1002020466-2171359742-195674365-1193\0ADEL:62dd3445-a58a-4631-9ab9-673430cb37af\0ACNF:62dd3445-a58a-4631-9ab9-673430cb37af,CN=Deleted
> Objects,DC=samdom,DC=domain - ../lib/ldb/ldb_tdb/ldb_index.c:1131:
> unique index violation on objectGUID in
> CN=S-1-5-21-1002020466-2171359742-195674365-1193\0ADEL:62dd3445-a58a-4631-9ab9-673430cb37af\0ACNF:62dd3445-a58a-4631-9ab9-673430cb37af,CN=Deleted
> Objects,DC=samdom,DC=domain: Entry already exists
> Failed to commit objects: WERR_GENERAL_FAILURE
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=CNDC01S,OU=Domain Controllers,DC=samdom,DC=domain
> Deleted CN=NTDS
> Settings,CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
> Deleted
> CN=CNDC01S,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=domain
> ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to
> process chunk: NT_STATUS_UNSUCCESSFUL
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> line 552, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> line 1104, in join_DC
> ctx.do_join()
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> line 1009, in do_join
> ctx.join_replicate()
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> line 748, in join_replicate
> replica_flags=ctx.domain_replica_flags)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
> line 252, in replicate
> schema=schema, req_level=req_level, req=req)
> ===================
>
> Thanks for any comments.
More information about the samba
mailing list