[Samba] Samba Join as DC failed

Andrew Bartlett abartlet at samba.org
Mon Oct 21 12:53:42 MDT 2013 

On Mon, 2013-10-21 at 10:43 +0000, dahopkins at comcast.net wrote:
> > Perhaps another hint...ran the following against the offending user
> > account. Noticed that it shows up on a list of users with the
> > --show-deleted flag. Also dbcheck without --fix flags this account on
> > the PDC, but on the other DC it does not show up. We also saw that
> > samba-tool drs showrepl indicates that the servers are properly
> > replicating. The fact that dbcheck shows two different outputs is
> > confusing as replication is working properly.  
> > 
> > ncssamba1:~# ldbsearch -H /usr/local/samba/private/sam.ldb -s base -b 'CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us'
> > # returned 0 records
> > # 0 entries
> > # 0 referrals
> > ncssamba1:~# ldbsearch --show-deleted -H /usr/local/samba/private/sam.ldb -s base -b 'CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us'
> > # record 1
> > dn: CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> > cn: test_user
> > instanceType: 4
> > whenCreated: 20130726175012.0Z
> > uSNCreated: 13699
> > objectGUID: 4d560497-5f00-4d97-96a0-47ae1799ba92
> > badPwdCount: 0
> > badPasswordTime: 0
> > lastLogoff: 0
> > lastLogon: 0
> > objectSid: S-1-5-21-276688905-1455118844-2751846679-67110292
> > logonCount: 0
> > sAMAccountName: test_user
> > objectClass: top
> > objectClass: posixAccount
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: user
> > manager: CN=jdonaldson,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> > memberOf: CN=Teachers,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> > userAccountControl: 66048
> > userParameters:: IA==
> > whenChanged: 20131011151907.0Z
> > isDeleted: TRUE
> > uSNChanged: 142163
> > name:: dGVzdF91c2VyCkRFTDo0ZDU2MDQ5Ny01ZjAwLTRkOTctOTZhMC00N2FlMTc5OWJhOTI=
> > lastKnownParent: CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> > isRecycled: TRUE
> > distinguishedName: CN=test_user,CN=Users,DC=ncs,DC=k12,DC=de,DC=us
> 
> >This is very, very odd.  Clearly the user has been subject to faulty
> >conflict resolution prior to our fix to ensure deleted objects stay
> >deleted.  I guess we will need to add logic to fix this into dbcheck. 
> 
> Should we run samba-tool dbcheck --fix at this point on both servers to try and correct this?

I'm not aware of any code in dbcheck that will fix this, so perhaps let
me know what dbcheck is proposing to do, or what it does on a backup (it
has a --verbose mode) when we --fix it. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list