[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
Matthew Delfino
mdelfino.list.samba at KNOCKinc.com
Thu Nov 19 15:59:49 UTC 2015
On 2015.11.19, at 4:26 AM, mathias dufresne <infractory at gmail.com> wrote:
> If you plan to keep 4.3.x you can use --enable-fhs from configure script's options (and the two others proposed by configure --help associated to --enable-fhs). Doing that you should have most of your directories reused (/etc/samba, /var/lib/samba...)
>
> That worked for me as I don't care polluting /usr and others (I use VMs and destroy them without a tear) on Centos 7 when I switched from Sernet version to compiled version. No idea regarding Debian 'cause I'm not allowed to used that system here :/
>
> Cheers
>
>
> 2015-11-18 11:25 GMT+01:00 Andrew Bartlett <abartlet at samba.org>:
> On Mon, 2015-11-16 at 07:12 -0600, Matthew Delfino wrote:
> > On 2015.11.16, at 2:53 AM, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> >
> > > On Sun, 2015-11-15 at 20:36 -0600, Matthew Delfino wrote:
> > > > Hello Colleagues and Mentors,
> > > >
> > > > I'm attempting to join a Samba AD DC that I compiled with samba
> > > > 4.3.1
> > > > on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba
> > > > on
> > > > Ubuntu 14.04.3, but each of them is running Canonical's pre
> > > > -compiled
> > > > Samba package, v4.1.6.
> > >
> > > > It appears to me that this initial replication is choking here:
> > > >
> > > > No objectClass found in replPropertyMetaData for
> > > > CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC
> > > > =lan
> > > > !
> > > >
> > > > This makes me think something about my addition of specialized
> > > > schema
> > > > has triggered, or tripped on, a bug somewhere downstream. I
> > > > searched
> > > > for strings on the internet with similar warnings and found this
> > > > conversation between Rowland Penny and Luke Bigum:
> > > >
> > > > https://lists.samba.org/archive/samba/2015-June/192516.html
> > > >
> > > > I'm wondering if I'm in a similar pickle. Could this be the bug
> > > > I'm
> > > > hitting?
> > > >
> > > > https://bugzilla.samba.org/show_bug.cgi?id=10973#c8
> > > >
> > > > Any advice on how to get myself out of this, via work-arounds or
> > > > whatever, would be greatly appreciated. Thank you in advance!
> > >
> > > Yes, this is the same issue. You need to upgrade to Samba 4.3 on
> > > the
> > > source DC, run dbcheck, fix the issues, and then you can join
> > > another
> > > DC to the domain.
> > >
> > > Andrew Bartlett
> > >
> > > --
> > > Andrew Bartlett http://samba.org/~abartlet/
> > > Authentication Developer, Samba Team http://samba.org
> > > Samba Developer, Catalyst IT
> > > http://catalyst.net.nz/services/samba
> >
> > I’m breathing a sigh of relief this morning in rainy Minneapolis
> > because this is very encouraging to hear. Thank you!
> >
> > HOWEVER… this opens a door to another room I’ve never been in because
> > I know the Debian/Ubuntu version of Samba 4.1.6 has been configured
> > with some tweaks to install it differently (sbin and bin binaries
> > installed into existing directories, conf file installed under
> > /etc/samba/, etc.).
> >
> > How would an expert do this? Just apt-get remove samba and install
> > the latest version from source? Any configure tweaks? Where would I
> > move the existing databases and other files? What do I need to keep?
> > What can I leave behind? I’m not expecting you to answer all of these
> > questions, but perhaps you know of a helpful tutorial online? I can’t
> > seem to find a good one…
>
> Do you intend to keep the 4.1 server after fixing it?
>
> If not, then you can install Samba from source, then run dbcheck from
> the 4.3 install pointed at the 4.1 sam.ldb file with samba-tool dbcheck
> -H /var/lib/samba/private/sam.ldb
>
> That will fix the DB, and allow you to join the domain. The DB will
> only corrupt again when modifications are made to objects using
> additional schema - so just don't change those until you remove the 4.1
> server finally.
>
> Andrew Bartlett
Andrew and Mathias, thank you, these are great options. I’m weighing moving to an all-source option versus waiting for 4.3 to work its way through the pipeline for packaging with the rest of what the Debian-based world offers through aptitude. There’s really no telling how long the latter will take, and who knows when I’m going to find myself in another tight spot where the powers that be put the stops on releasing Samba updates for reasons that don’t matter to me.
And, you know, there’s always CentOS or SUSE. I really must learn to sever my irrational emotional attachments to Ubuntu…
In any case, I have some good ideas that I can move forward with during maintenance off hours. You guys are great. :-)
Thanks,
Matthew
©2015 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
More information about the samba
mailing list