[Samba] one day AD use -> samba-tool dbcheck reports "Normalisation error for attribute 'objectClass'"
Andrew Bartlett
abartlet at samba.org
Sun Mar 30 17:30:05 MDT 2014
PLEASE URGENTLY SECURE this evidence.
On Sat, 2014-03-29 at 17:09 +0100, mourik jan heupink - merit wrote:
> Hi all,
>
> Our migration is coming along nicely, everything seems to work like it
> should... I thought... Only samba-tool dbcheck reports five errors:
>
> root at dc1:~# samba-tool dbcheck
> Checking 1143 objects
> ERROR: Normalisation error for attribute 'objectClass' in
> 'CN=phdseminar,CN=Users,DC=my,DC=samba,DC=domain'
> Values/Order of values do/does not match: ['top', 'securityPrincipal',
> 'posixAccount', 'person', 'organizationalPerson', 'user']/['top',
> 'posixAccount', 'securityPrincipal', 'person', 'organizationalPerson',
> 'user']!
> Not fixing attribute 'objectClass'
> ERROR: Normalisation error for attribute 'objectClass' in
> 'CN=postmaster,CN=Users,DC=my,DC=samba,DC=domain'
> Values/Order of values do/does not match: ['top', 'securityPrincipal',
> 'posixAccount', 'person', 'organizationalPerson', 'user']/['top',
> 'posixAccount', 'securityPrincipal', 'person', 'organizationalPerson',
> 'user']!
> Not fixing attribute 'objectClass'
> ERROR: Normalisation error for attribute 'objectClass' in
> 'CN=opac,CN=Users,DC=my,DC=samba,DC=domain'
> Values/Order of values do/does not match: ['top', 'securityPrincipal',
> 'posixAccount', 'person', 'organizationalPerson', 'user']/['top',
> 'posixAccount', 'securityPrincipal', 'person', 'organizationalPerson',
> 'user']!
> Not fixing attribute 'objectClass'
> ERROR: Normalisation error for attribute 'objectClass' in
> 'CN=seminar,CN=Users,DC=my,DC=samba,DC=domain'
> Values/Order of values do/does not match: ['top', 'securityPrincipal',
> 'posixAccount', 'person', 'organizationalPerson', 'user']/['top',
> 'posixAccount', 'securityPrincipal', 'person', 'organizationalPerson',
> 'user']!
> Not fixing attribute 'objectClass'
> ERROR: Normalisation error for attribute 'objectClass' in
> 'CN=heupink,CN=Users,DC=my,DC=samba,DC=domain'
> Values/Order of values do/does not match: ['top', 'securityPrincipal',
> 'posixAccount', 'person', 'organizationalPerson', 'user']/['top',
> 'posixAccount', 'securityPrincipal', 'person', 'organizationalPerson',
> 'user']!
> Not fixing attribute 'objectClass'
> Please use --fix to fix these errors
> Checked 1143 objects (5 errors)
> root at dc1:~#
>
> Are these errors something to worry about? This morning, right after the
> classicupgrade, I also ran the dbcheck, and it reported 1 error, and
> adding --fix did NOT cure anything.
>
> So, is my AD database corrupt, after it's first day of being alive??
>
> Errors are on both DC's, both are running btrfs, virtual machines, on
> hardware raid, no errors in syslog etc.
>
> Ideas anyone?
This has happened a few times in automated runs of our 'make test', but
I never was able to capture the flawed database.
I would very much like to investigate this, please ensure you keep a
full backup of the entire configuration (see the samba_backup script) of
both domain controllers, so I can have you run additional tests if
required.
On a more positive note, it looks 'harmless' to me, in that the
difference is due to a presumably un-initialised variable or some other
factor changing the subclass tree order.
It should not cause you any harm to leave these 'wrong', but please do
make those backups.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list