[Samba] Samba Join as DC failed

Andrew Bartlett abartlet at samba.org
Fri Feb 28 00:46:52 MST 2014


On Thu, 2013-10-17 at 12:50 +0000, Donaldson Jeff wrote:
> Attempted to join domain via
> 
> ./bin/samba-tool domain join ncs.k12.de.us<http://ncs.k12.de.us> DC -Uadministrator --realm=ncs.k12.de.us<http://ncs.k12.de.us>
> 
> But this failed with
> 
> Committing SAM database
> Failed to apply linked attribute change 'attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0'
> dn: <GUID=4d560497-5f00-4d97-96a0-47ae1799ba92>;<SID=S-1-5-21-276688905-1455118844-2751846679-67110292>;CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us
> 
> Join failed - cleaning up
> checking sAMAccountName
> ERROR(ldb): uncaught exception - attribute 'isRecycled': invalid modify flags on 'CN=test_user,CN=Deleted Objects,DC=ncs,DC=k12,DC=de,DC=us': 0x0
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1169, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1074, in do_join
>     ctx.join_replicate()
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 848, in join_replicate
>     ctx.local_samdb.transaction_commit()
> 
> As suggestion found here https://irclog.samba.org/2013/09/20130908-Sun.log:  is to use
> 
> ldbedit -H /usr/local/samba/private/sam.ldb --show-deleted '(isDeleted=*)'
> 
> to manually delete all the accounts with this attribute. When doing this I should stop samba on all DCs and then edit the local sam.ldb on each. Then restart samba on the DC and re-try joining the domain after deleting all files /usr/local/samba/private on the DC I am attempting to join to the domain as a DC?
> 
> Also saw on Samba list Nikos Mita had similar issue. It was suggested to try using samba-tool dbcheck -fix. Should I try this first? I'm just concerned whether this would complete or not. I have 94,443 records and this server only has 8GB of memory.
> 
> I want to make certain I get the sequence correct.
> 
> Also, before doing any of the above, I will make a copy of the private directories on the DC just in case ...
> 
> Any help is appreciated. Thanks!

Did you ever get to the bottom of this?  I'm working on a patch for this
issue because I'm worried about a broader corruption that this may or
may not be related to.  Did you ever run Samba from GIT or a 4.1
pre-release?

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




More information about the samba mailing list