[Samba] are errors in LDAP replicate?

Mike Lykov combr at samges.ru
Mon Nov 14 06:10:17 UTC 2016 

We have an AD domain (based on old Samba 4.1.9), and currently in LDAP 
database we have some errors, which samba-tool dbcheck  cannot fix.

for example:
-----------------------
samba-tool dbcheck --fix
(.... many similar errors ...)

ERROR: parent object not found for 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=Domai
nDnsZones,DC=dc,DC=samges,DC=ru
Move object 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samg
es,DC=ru into LostAndFound? [YES]
Renamed object 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=s
amges,DC=ru into lostAndFound at 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,DC=DomainDnsZ
ones,DC=dc,DC=samges,DC=ru
Set lastKnownParent on lostAndFound object at 
DC=SAMG62\0ADEL:ccc70e60-4086-49b0-86f0-e5b4af86666d,CN=LostAndFound,
DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
ERROR: missing GUID component for lastKnownParent in object 
DC=SAMG146\0ADEL:c1531dae-eb09-4d2b-8270-4e91b73a6cad,C
N=LostAndFound,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
unable to find object for DN CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru - (No such Base DN: CN=Dele
ted Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru)
Not removing dangling forward link
Segmentation fault
-------------------------

If I join a newer samba (for example, 4.4.7) as a DC to our domain, 
transfer roles and demote an older DC, is this error replicate to it?
I cannot figure how to fix it, and upgrade is needed anyway.

And second question about samba-tool dbcheck  - where are a 
manual/description for options?
In man samba-tool it very short:
https://www.samba.org/samba/docs/man/manpages/samba-tool.8.html

COMMANDS
dbcheck

Check the local AD database for errors.
delegation
......

But it has a many options, like:
samba-tool dbcheck --cross-ncs --fix --yes
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
Or it has an option to run with individual tests.

What are meaming --cross-ncs, --reset-well-known-acls and other (where 
is full list)?

-- 
Mike Lykov, system administrator

More information about the samba mailing list