[Samba] Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed

Andrew Bartlett abartlet at samba.org
Sun Jan 3 19:36:39 UTC 2016 

On Sun, 2016-01-03 at 10:31 +0000, JS wrote:
> Andrew Bartlett <abartlet <at> samba.org> writes:
> 
>  
> > 
> > What does 'samba-tool dbcheck' say?  
> 
> Running "sudo samba-tool dbfix" produces the following Python error:
> 
> sudo samba-tool dbcheck
> ERROR(<type 'exceptions.IndexError'>): uncaught exception - list
> index out
> of range
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line
> 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py",
> line 120,
> in run
>     reset_well_known_acls=reset_well_known_acls)
>   File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line
> 87, in
> __init__
>     dnsadmins_sid = ndr_unpack(security.dom_sid,
> res[0]["objectSid"][0])
> 
> Appreciate you joining the conversation Andrew, do you think
> CrashPlan
> corrupted this database?  I can't think of anything else I could have
> done
> that would've caused such a drastic failure and would like to know so
> I
> don't repeat the blunder in the future, this has been a royal PITA.

Is there really a Samba database in the location shown by:

bin/testparm --parameter-name=privatedir --suppress-prompt

That is, a sam.ldb, a secrets.ldb and (importantly) sam.ldb.d/ with the
usual files in that (metadata.tdb, other files ending in .ldb named
after your domain).

It looks to me like this has been removed (or we have been pointed at
the wrong location), and Samba has re-created an empty DB for sam.ldb,
with nothing in it.  I mention this because the alternative is that it
is damaged beyond (costly/tedious/manual) repair involving a rebuild
and putting back some of the old values. 

The last time I came across a DB failure like this, I blamed a DRDB
setup that didn't honour 'barriers' and an unexpected power-off.  The
DB was only able to be partially rescued with the new 'ldbdump' tool we
wrote.  In that case the domain was able to hobble on for a few weeks,
but was rebuilt.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list