[Samba] Users and groups named in Russian disappeared after upgrade samba4 PDC

Marc Muehlfeld mmuehlfeld at samba.org
Tue Mar 10 15:39:20 MDT 2015 

Hello Vitaly,


Am 09.03.2015 um 02:06 schrieb Vitaly Pyslar:
> Hello. I use Ubuntu 11.04. Yesterday I upgraded samba from 
> 2:4.1.6+dfsg-1ubuntu2.14.04.3 to 2:4.1.6+dfsg-1ubuntu2.14.04.7 with some other 
> packages. After restart samda my users and groups named in RUssian have 
> disappeared. Neither Windows RSAT shows then, nor samba-tool user list, nor 
> wbinfo -u, nor getent passwd, nor pdbedit -L. 

Did you got errors during the classicupgrade?

@all: Didn't we had someone here on the list with a similar problem?
Accounts with chinese characters didn't worked or something like that?



> samba-tool dbcheck --fix --yes --verbose shows me errors related to my missed 
> users "ERROR: Object CN=user name,CN=Users,DC=mydomain,DC=com disappeared 
> during check"

About how many accounts do we talk about? Is it worth investigating or
easier recreating?


I don't know how good samba-tool works with special characters. Here I
e. g. avoid german umlauts in usernames, because you will quickly find
applications that can't handle it and it always cause problems.

You can try to edit the entry. If dbcheck complains, there must be at
least something inside the database.

You can try to edit the record and replace the russian characters (at
least temporary).

# ldbedit -H /usr/local/samba/private/sam.ldb 'cn=mmuehlfeld'
or if you have the special characters already inside the CN and can't
use it for search, the filter for something more general like
# ldbedit -H /usr/local/samba/private/sam.ldb 'objectClass=user'

Try to replace the problematic entries of one account and see, if it
appears in ADUC. If yes, then try remaing it in ADUC. Maybe it was just
a charset issue during the classic upgrade.

But before, you should, of course, create a working backup!



> I tried to downgrade samba, but it didn't help. I also tried to restore my 
> domain from backup, but it also didn't help. I spend a lot of time gooling the 
> issue and I didn't find anything helpful. Can anybody help me please? Any 
> advice would be appreciated.

If your clients once saw an AD DC, they don't connect to an NT4 PDC any
more. You have to re-join them.


Regards,
Marc

More information about the samba mailing list