[Samba] cannot add dc to samba v4.1

Andrew Bartlett abartlet at samba.org
Tue Oct 15 20:48:17 MDT 2013 

On Wed, 2013-10-16 at 00:47 +0300, Nikos Mitas wrote:
> Hello,
> 
> after successfully demoted a samba4 dc node (redhat linux 6.4 with samba
> v4.1, hostname:samba4dc3)  i tried to join another dc to domain (redhat
> linux 6.4 with samba v4.1, hostname:samba4dc4)
> and this is what i get:
> 
> root at samba4dc4 /root #samba-tool domain join samdom.example.com DC
> -Uadministrator --realm=samdom.example.com --dns-backend=NONE
> Finding a writeable DC for domain 'samdom.example.com'
> Found DC samba4dc1.samdom.example.com
> Password for [WORKGROUP\administrator]:
> workgroup is SAMDOM
> realm is samdom.example.com
> checking sAMAccountName
> Adding CN=SAMBA4DC4,OU=Domain Controllers,DC=samdom,DC=example,DC=com
> Adding
> CN=SAMBA4DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> Adding CN=NTDS
> Settings,CN=SAMBA4DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> Adding SPNs to CN=SAMBA4DC4,OU=Domain
> Controllers,DC=samdom,DC=example,DC=com
> Setting account password for SAMBA4DC4$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Provision OK for domain DN DC=samdom,DC=example,DC=com
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=samdom,DC=example,DC=com] objects[402/1620]
> linked_values[0/0]
> Partition[CN=Configuration,DC=samdom,DC=example,DC=com] objects[804/1620]
> linked_values[0/0]
> Partition[CN=Configuration,DC=samdom,DC=example,DC=com] objects[1206/1620]
> linked_values[0/0]
> Partition[CN=Configuration,DC=samdom,DC=example,DC=com] objects[1608/1620]
> linked_values[0/0]
> Partition[CN=Configuration,DC=samdom,DC=example,DC=com] objects[1620/1620]
> linked_values[26/0]
> Refusing replication of object containing invalid zero invocationID on
> attribute 13 of CN=Deleted
> Objects,CN=Configuration,DC=samdom,DC=example,DC=com:
> WERR_DS_SRC_GUID_MISMATCH

Upgrade the source server to Samba 4.1.0, then run samba-tool dbcheck.
Fix the errors (specifically those related to deleted objects) and then
you can join your additional DC. 

We had an error in Samba 4.1 pre-releases  where we would delete the
deleted objects container, and write 0 for the invocationID value on the
deleted attributes.  We now, like Windows 2008R2 does, refuse to
replicate such corrupt entries.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

More information about the samba mailing list