[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData

Andrew Bartlett abartlet at samba.org
Wed Nov 18 10:25:00 UTC 2015 

On Mon, 2015-11-16 at 07:12 -0600, Matthew Delfino wrote:
> On 2015.11.16, at 2:53 AM, Andrew Bartlett <abartlet at samba.org>
> wrote:
> 
> > On Sun, 2015-11-15 at 20:36 -0600, Matthew Delfino wrote:
> > > Hello Colleagues and Mentors,
> > > 
> > > I'm attempting to join a Samba AD DC that I compiled with samba
> > > 4.3.1
> > > on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba
> > > on
> > > Ubuntu 14.04.3, but each of them is running Canonical's pre
> > > -compiled
> > > Samba package, v4.1.6.
> > 
> > > It appears to me that this initial replication is choking here:
> > > 
> > >  No objectClass found in replPropertyMetaData for
> > > CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC
> > > =lan
> > > !
> > > 
> > > This makes me think something about my addition of specialized
> > > schema
> > > has triggered, or tripped on, a bug somewhere downstream. I
> > > searched
> > > for strings on the internet with similar warnings and found this
> > > conversation between Rowland Penny and Luke Bigum:
> > > 
> > >  https://lists.samba.org/archive/samba/2015-June/192516.html
> > > 
> > > I'm wondering if I'm in a similar pickle. Could this be the bug
> > > I'm
> > > hitting?
> > > 
> > >  https://bugzilla.samba.org/show_bug.cgi?id=10973#c8
> > > 
> > > Any advice on how to get myself out of this, via work-arounds or
> > > whatever, would be greatly appreciated. Thank you in advance!
> > 
> > Yes, this is the same issue.  You need to upgrade to Samba 4.3 on
> > the
> > source DC, run dbcheck, fix the issues, and then you can join
> > another
> > DC to the domain.
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                       http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          
> > http://catalyst.net.nz/services/samba
> 
> I’m breathing a sigh of relief this morning in rainy Minneapolis
> because this is very encouraging to hear. Thank you!
> 
> HOWEVER… this opens a door to another room I’ve never been in because
> I know the Debian/Ubuntu version of Samba 4.1.6 has been configured
> with some tweaks to install it differently (sbin and bin binaries
> installed into existing directories, conf file installed under
> /etc/samba/, etc.).
> 
> How would an expert do this? Just apt-get remove samba and install
> the latest version from source? Any configure tweaks? Where would I
> move the existing databases and other files? What do I need to keep?
> What can I leave behind? I’m not expecting you to answer all of these
> questions, but perhaps you know of a helpful tutorial online? I can’t
> seem to find a good one…

Do you intend to keep the 4.1 server after fixing it?

If not, then you can install Samba from source, then run dbcheck from
the 4.3 install pointed at the 4.1 sam.ldb file with samba-tool dbcheck
-H /var/lib/samba/private/sam.ldb

That will fix the DB, and allow you to join the domain.  The DB will
only corrupt again when modifications are made to objects using
additional schema - so just don't change those until you remove the 4.1
server finally.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list