[Samba] replPropertyMetaData & KCC issues after updating to Samba 4.5.0
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Mon Sep 12 17:12:37 UTC 2016
Hello,
Updated samba from 4.4.5 to 4.5.0. All DC's are Ubuntu 12.04.5 LTS.
I install samba from source(./configure,make,make install). Looking at
the release notes I see the section on "replPropertyMetaData Chnages".
I run 'samba-tool dbcheck --cross-ncs --fix --yes' and see the errors
and samba attempts to fix.
ERROR: unsorted attributeID values in replPropertyMetaData on CN=BOOPTI760-7,OU=Computers,OU=BO Staff,OU=BO Office,OU=PF,DC=domain,DC=local
Fix replPropertyMetaData on CN=BOOPTI760-7,OU=Computers,OU=BO Staff,OU=BO,OU=PF,DC=domain,DC=local by sorting the attribute list? [YES]
Fixed attribute 'replPropertyMetaData' of 'CN=BOOPTI760-7,OU=Computers,OU=BO Staff,OU=BO,OU=PF,DC=domain,DC=local'
If I run the same command again 'samba-tool dbcheck --cross-ncs --fix
--yes'. I appear to see the same errors all over again. It's as if they
don't really get corrected.
I also see several of these new errors.
ERROR: incorrect GUID component for member in object CN=IMG P Share,CN=Users,DC=domain,DC=local - <GUID=6357f99052feb942af868a84a4d5dd78>;<RMD_ADDTIME=130647328190000000>;<RMD_CHANGETIME=130650285980000000>;<RMD_FLAGS=1>;<RMD_INVOCID=194264d3cddbff43815e8850f94192e1>;<RMD_LOCAL_USN=360361>;<RMD_ORIGINATING_USN=478913>;<RMD_VERSION=3>;<SID=010500000000000515000000730d083801679a88e52f2fc7360c0000>;CN=Test User,CN=Users,DC=domain,DC=local
unable to find object for DN CN=Test User,CN=Users,DC=domain,DC=local - (No such Base DN: CN=Test User,CN=Users,DC=domain,DC=local)
Not removing dangling forward link
ERROR: incorrect DN string component for member in object CN=IMG P Share,CN=Users,DC=domain,DC=local - <GUID=f192ae2cf2a55342818fe1b4a45d5396>;<RMD_ADDTIME=130649535030000000>;<RMD_CHANGETIME=130649601110000000>;<RMD_FLAGS=1>;<RMD_INVOCID=194264d3cddbff43815e8850f94192e1>;<RMD_LOCAL_USN=360194>;<RMD_ORIGINATING_USN=478611>;<RMD_VERSION=1>;<SID=010500000000000515000000730d083801679a88e52f2fc7110e0000>;CN=Demo User,OU=Users,OU=IT Department,OU=Prince Frederick,DC=domain,DC=local
Change DN to <GUID=2cae92f1-a5f2-4253-818f-e1b4a45d5396>;<SID=S-1-5-21-940051827-2291820289-3341758437-3601>;CN=Demo User,OU=Users,OU=PF MA,OU=MA,OU=PF,DC=domain,DC=local? [YES]
ERROR: Failed to fix incorrect DN string on attribute member : (53, 'Attribute member already deleted for target GUID 2cae92f1-a5f2-4253-818f-e1b4a45d5396')
The second issue has to do with the new KCC. I had this same issue when
I tested out the 'kccsrv:samba_kcc=true' feature in prior builds. See
the duplicate connections for 'PFDC2.domain.local' below. I have the
same issue on another DC, although for a different DC connection. Site
links are also not being adhered to.
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 042e3f91-6f91-4e3d-ab58-4b9fea0c4b81
Enabled : TRUE
Server DNS name : PFDC2.domain.local
Server DN name : CN=NTDS
Settings,CN=PFDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 1244834d-74e3-4a5a-981e-88367d7f1a36
Enabled : TRUE
Server DNS name : pfdc1.domain.local
Server DN name : CN=NTDS
Settings,CN=PFDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 26508262-933f-4fd3-bc2c-c236e050bfb0
Enabled : TRUE
Server DNS name : SOLDC2.domain.local
Server DN name : CN=NTDS
Settings,CN=SOLDC2,CN=Servers,CN=Solomons,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 5ef1d75c-2977-435c-8b90-a94886d3b92d
Enabled : TRUE
Server DNS name : DUNDC2.domain.local
Server DN name : CN=NTDS
Settings,CN=DUNDC2,CN=Servers,CN=Dunkirk,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 6743a36d-2401-4ecb-9f05-565a4528f7c6
Enabled : TRUE
Server DNS name : SOLDC1.domain.local
Server DN name : CN=NTDS
Settings,CN=SOLDC1,CN=Servers,CN=Solomons,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 865908ee-2f8b-456c-841e-7f54e3e93835
Enabled : TRUE
Server DNS name : PFDC2.domain.local
Server DN name : CN=NTDS
Settings,CN=PFDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Smb.conf is similar among all DC's. See below.
# Global parameters
[global]
workgroup = DOMAIN
realm = domain.local
netbios name = DUNDC1
server role = active directory domain controller
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307 = yes
# Debug Logging Information
log file = /usr/local/samba/var/log.%U
max log size = 5000
log level = 1
logging = syslog at 2 file
debug timestamp = Yes
debug uid = Yes
debug pid = Yes
allow dns updates = secure
# Disable Cups Printing
load printers = No
printcap name = /dev/null
disable spoolss = Yes
ldap server require strong auth = No
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Thanks for any guidance.
--
-James
More information about the samba
mailing list