[Samba] Samba Join as DC failed
dahopkins at comcast.net
dahopkins at comcast.net
Mon Oct 21 04:43:50 MDT 2013
> Perhaps another hint...ran the following against the offending user
> account. Noticed that it shows up on a list of users with the
> --show-deleted flag. Also dbcheck without --fix flags this account on
> the PDC, but on the other DC it does not show up. We also saw that
> samba-tool drs showrepl indicates that the servers are properly
> replicating. The fact that dbcheck shows two different outputs is
> confusing as replication is working properly.
>
> ncssamba1:~# ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b 'CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us'
> # returned 0 records
> # 0 entries
> # 0 referrals
> ncssamba1:~# ldbsearch --show-deleted -H /usr/local/samba/private/sam.ldb -s base -b 'CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us'
> # record 1
> dn: CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> cn: test_user
> instanceType: 4
> whenCreated: 20130726175012.0Z
> uSNCreated: 13699
> objectGUID: 4d560497-5f00-4d97-96a0-47ae1799ba92
> badPwdCount: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> objectSid: S-1-5-21-276688905-1455118844-2751846679-67110292
> logonCount: 0
> sAMAccountName: test_user
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> manager: CN=jdonaldson,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> memberOf: CN=Teachers,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> userAccountControl: 66048
> userParameters:: IA==
> whenChanged: 20131011151907.0Z
> isDeleted: TRUE
> uSNChanged: 142163
> name:: dGVzdF91c2VyCkRFTDo0ZDU2MDQ5Ny01ZjAwLTRkOTctOTZhMC00N2FlMTc5OWJhOTI=
> lastKnownParent: CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> isRecycled: TRUE
> distinguishedName: CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
>This is very, very odd. Clearly the user has been subject to faulty
>conflict resolution prior to our fix to ensure deleted objects stay
>deleted. I guess we will need to add logic to fix this into dbcheck.
Should we run samba-tool dbcheck --fix at this point on both servers to try and correct this?
More information about the samba
mailing list