[Samba] Samba Join as DC failed

Donaldson Jeff Jeff.Donaldson at ncs.k12.de.us
Thu Oct 17 06:50:50 MDT 2013

Attempted to join domain via

./bin/samba-tool domain join ncs.k12.de.us<http://ncs.k12.de.us> DC -Uadministrator --realm=ncs.k12.de.us<http://ncs.k12.de.us>

But this failed with

Committing SAM database
Failed to apply linked attribute change 'attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0'
dn: <GUID=4d560497-5f00-4d97-96a0-47ae1799ba92>;<SID=S-1-5-21-276688905-1455118844-2751846679-67110292>;CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us

Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1169, in join_DC
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1074, in do_join
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 848, in join_replicate

As suggestion found here https://irclog.samba.org/2013/09/20130908-Sun.log:  is to use

ldbedit -H /usr/local/samba/private/sam.ldb --show-deleted '(isDeleted=*)'

to manually delete all the accounts with this attribute. When doing this I should stop samba on all DCs and then edit the local sam.ldb on each. Then restart samba on the DC and re-try joining the domain after deleting all files /usr/local/samba/private on the DC I am attempting to join to the domain as a DC?

Also saw on Samba list Nikos Mita had similar issue. It was suggested to try using samba-tool dbcheck -fix. Should I try this first? I'm just concerned whether this would complete or not. I have 94,443 records and this server only has 8GB of memory.

I want to make certain I get the sequence correct.

Also, before doing any of the above, I will make a copy of the private directories on the DC just in case ...

Any help is appreciated. Thanks!


Jeff Donaldson
Technology Director
Newark Charter School
jeff.donaldson at ncs.k12.de.us
(302) 369-2001 ext: 425

More information about the samba mailing list