[Samba] Fwd: Re: Invalid data for index DN=@INDEX:OBJECTCLASS:DNSNODE

Rowland penny rpenny at samba.org
Fri May 13 18:04:27 UTC 2016 

On 13/05/16 18:42, ash-samba at comtek.co.uk wrote:
>> OK, could this just be a permissions problem i.e. user 'ash' doesn't 
>> have the required rights to add a dns record, try again, but this 
>> time use the 'Administrator' user.
> I've repeated the "samba-tool dns add", and the "samba-tool domain 
> join" commands with "-UAdministrator". I get the same errors with 
> either user.
>
> (the error for domain join is now the following)
>
> >  samba-tool domain join chester-dc.comtek.co.uk DC -Uash 
> --realm=CHESTER-DC.COMTEK.CO.UK
> > Finding a writeable DC for domain 'chester-dc.comtek.co.uk'
> > Found DC empire.chester-dc.comtek.co.uk
> > Password for [CHESTER-DC\ash]:
> > workgroup is CHESTER-DC
> > realm is chester-dc.comtek.co.uk
> > checking sAMAccountName
> > Adding CN=V-WARD,OU=Domain 
> Controllers,DC=chester-dc,DC=comtek,DC=co,DC=uk
> > Join failed - cleaning up
> > checking sAMAccountName
> > ERROR(ldb): uncaught exception - LDAP error 68 
> LDAP_ENTRY_ALREADY_EXISTS -  <00002071: ../ldb_tdb/ldb_index.c:1216: 
> Failed to re-index objectSid in CN=V-WARD,OU=Domain 
> Controllers,DC=chester-dc,DC=comtek,DC=co,DC=uk - 
> ../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in 
> CN=V-WARD,OU=Domain Controllers,DC=chester-dc,DC=comtek,DC=co,DC=uk> <>
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
> line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", 
> line 555, in run
> >     machinepass=machinepass, use_ntvfs=use_ntvfs, 
> dns_backend=dns_backend)
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, 
> in join_DC
> >     ctx.do_join()
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, 
> in do_join
> >     ctx.join_add_objects()
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, 
> in join_add_objects
> >     ctx.samdb.add(rec)
>
>
> Could permissions account for the " Invalid data for index 
> DN=@INDEX:OBJECTCLASS:DNSNODE", anyway?
>
> Ash
>

Possibly, if your user doesn't have the correct rights, then the command 
could error, the full command that failed was this:

dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, 
server, zone, name, add_rec_buf, None)

This relies on:

dns_conn = dns_connect(server, self.lp, self.creds)

The relevant part is this: 'self.creds'

This means the entire command would fail if the supplied user didn't 
have the required rights

The above 'join' error seems to show that 'chester-dc' already exists in 
AD (if only partially), you could try checking if this is possible. If 
it does, you will need to find a way of removing it, but we will come to 
that only if it does.

Rowland

More information about the samba mailing list