[Samba] Fwd: Re: Invalid data for index DN=@INDEX:OBJECTCLASS:DNSNODE

ash-samba at comtek.co.uk ash-samba at comtek.co.uk
Mon May 16 13:10:08 UTC 2016


> Possibly, if your user doesn't have the correct rights, then the 
> command could error, the full command that failed was this:
>
> dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN, 0, 
> server, zone, name, add_rec_buf, None)
>
> This relies on:
>
> dns_conn = dns_connect(server, self.lp, self.creds)
>
> The relevant part is this: 'self.creds'
>
> This means the entire command would fail if the supplied user didn't 
> have the required rights
>
> The above 'join' error seems to show that 'chester-dc' already exists 
> in AD (if only partially), you could try checking if this is possible. 
> If it does, you will need to find a way of removing it, but we will 
> come to that only if it does.
>
Sorry for the delay in responding. It seems that upgrading empire caused 
"drs replicate" to fail on the other two machines, 
(LDAP_STRONG_AUTH_REQUIRED -  <SASL:[GSS-SPNEGO]: Sign or Seal are 
required), so we've had to find a way to quickly upgrade them.

We have noticed a new symptom since the 4.2 upgrade. We have a periodic 
script which creates users. It now appears to be doing:

ERROR(ldb): Failed to add user 'john.smith':  - 
../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in 
CN=john.smith,CN=Users,DC=chester-dc,DC=example,DC=com - 
../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in 
CN=john.smith,CN=Users,DC=chester-dc,DC=example,DC=com






More information about the samba mailing list