[Samba] upgrading to 4.4+

Andrew Bartlett abartlet at samba.org
Wed Sep 14 22:53:17 UTC 2016 

On Tue, 2016-09-13 at 17:45 -0700, yabko via samba wrote:
> hi bringing this thread back to life
> 
> i waited to ugprade to 4.5.0
> 
> and after installing it i get a lot the same errors for users and
> computers
> objects when runnung
> 
> samba-tool dbcheck --cross-ncs
> 
> Checked 4744 objects (4909 errors)
> 
> ERROR: unsorted attributeID values in replPropertyMetaData on
> CN=50LPT01,OU=Computers,OU=50,OU=MAINOU,DC=DOMAIN,DC=MY
> Not fixing replPropertyMetaData on
> CN=50LPT01,OU=Computers,OU=50,OU=MAINOU,DC=DOMAIN,DC=MY
> 
> 
> CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY: 0x00000000
> ERROR: incorrect attributeID values in replPropertyMetaData on
> CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY
> 
> Not fixing incorrect value 0x002a0001 with 0x97b17421 for zarafaAdmin
> in
> replPropertyMetaData on
> CN=USER1,OU=Users,OU=123,OU=MAINOU,DC=DOMAIN,DC=MY
> 
> and there's lots of them
> 
> after applying the --fix
> 
> rerunning the command gives
> 
> Checked 4744 objects (315 errors)
> 
> and another check shows that 
> 
> unable to find object for DN CN=USER2,OU=Users,OU=1968 205
> OB,OU=MAINOU,DC=DOMAIN,DC=MY - (No such Base DN:
> CN=USER2,OU=Users,OU=1968
> 205 OB,OU=MAINOU,DC=DOMAIN,DC=MY)
> Not removing dangling forward link
> 
> and the --fix flag won't remove those links
> 
> and also after the initial fix i cannot authenticate to zarafa, so
> some
> properties are broken that worked prior to upgrading, my zarafa
> config looks
> similiar to yours. and the most strange thing is that it worked prior
> to
> upgrading.

So, what we need to understand this issue a a lot more detail on the
schema, and the objects. 

Can you run samba-tool ldapcmp  against the old and after-dbcheck
databases?

Can you then run for $DN being any DN that is different:

ldbsearch -H private/sam.ldb  -s base -b $DN \* replPropertyMetaData --
show-binary 

against the before and after databases.

You can send these by private mail if you prefer, or otherwise follow-
up on samba-technical as you did on your other dbcheck query. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

More information about the samba mailing list