[Samba] NT_STATUS_INTERNAL_DB_CORRUPTION when creating users from script in Samba4

Juan Asensio Sánchez okelet at gmail.com
Fri Sep 20 06:05:03 MDT 2013

Hi all

I am trying to create a script to migrate our current old Samba3 LDAP based
domain to a new Samba4 (4.0.9, Sernet compilation) domain. We have 3
servers, all replicating. If I add a user using samba-tool, all wotks fine,
but If I try to create a user using a Python script, for example, with this

dn: cn=XXXXXXX,OU=Usuarios,OU=dept,DC=org,DC=test
displayName: XXXXX
samAccountName: XXXXX
objectClass: top
objectClass: person
objectClass: user
objectClass: organizationalPerson
userAccountControl: 512
userPrincipalName: XXXXXX at org.test
samAccountType: 805306368
mail: xxxxxx at xxxxxxx.es
givenName: XXXXX
unicodePwd:: XXXXXXXXXX

importing it using ldbadd, the user is imported well (NOTE: cn,
displayname, sn and givenname contains special chars like tildes). When I
try to search the user using ldapsearch I get this error:

# ldapsearch -LLL -H ldap://XXXXX -D
"cn=Administrator,cn=Users,dc=org,dc=test" -b "dc=org,dc=test" -w XXXXX
Operations error (1)
Additional information: acl_read: cannot get descriptor of

But If I search that user with ldbsearch, the result is correct, although
no attributes related to replication that do appear in other objects (like
replPropertyMetaData, uSNChanged or nTSecurityDescriptor) don't appear in
this user. Even more, if the user tries to do a smbclient whit his
username, he gets a db corruption error:

# smbclient -L localhost -U XXXXXX
Enter XXXXXXXX password:

Any idea about this error? I think the LDIF is correct, but it looks it


More information about the samba mailing list