[Samba] replPropertyMetaData & KCC issues after updating to Samba 4.5.0

Edson Tadeu Almeida da Silveira edson.tadeu at gmail.com
Fri Sep 16 18:51:43 UTC 2016 

Hi James.

I´m having the same problem.

If you find out something to correct this, please, talk to us!!!

Thanks!!!


2016-09-12 14:12 GMT-03:00 lingpanda101--- via samba <samba at lists.samba.org>
:

> Hello,
>
>     Updated samba from 4.4.5 to 4.5.0. All DC's are Ubuntu 12.04.5 LTS. I
> install samba from source(./configure,make,make install). Looking at the
> release notes I see the section on "replPropertyMetaData Chnages".  I run
> 'samba-tool dbcheck --cross-ncs --fix --yes' and see the errors and samba
> attempts to fix.
>
> ERROR: unsorted attributeID values in replPropertyMetaData on
> CN=BOOPTI760-7,OU=Computers,OU=BO Staff,OU=BO
> Office,OU=PF,DC=domain,DC=local
>
> Fix replPropertyMetaData on CN=BOOPTI760-7,OU=Computers,OU=BO
> Staff,OU=BO,OU=PF,DC=domain,DC=local by sorting the attribute list? [YES]
> Fixed attribute 'replPropertyMetaData' of 'CN=BOOPTI760-7,OU=Computers,OU=BO
> Staff,OU=BO,OU=PF,DC=domain,DC=local'
>
> If I run the same command again 'samba-tool dbcheck --cross-ncs --fix
> --yes'.  I appear to see the same errors all over again. It's as if they
> don't really get corrected.
>
> I also see several of these new errors.
>
> ERROR: incorrect GUID component for member in object CN=IMG P
> Share,CN=Users,DC=domain,DC=local - <GUID=6357f99052feb942af868a84
> a4d5dd78>;<RMD_ADDTIME=130647328190000000>;<RMD_CHANGETIME=
> 130650285980000000>;<RMD_FLAGS=1>;<RMD_INVOCID=194264d3
> cddbff43815e8850f94192e1>;<RMD_LOCAL_USN=360361>;<RMD_
> ORIGINATING_USN=478913>;<RMD_VERSION=3>;<SID=01050000000000
> 0515000000730d083801679a88e52f2fc7360c0000>;CN=Test
> User,CN=Users,DC=domain,DC=local
> unable to find object for DN CN=Test User,CN=Users,DC=domain,DC=local -
> (No such Base DN: CN=Test User,CN=Users,DC=domain,DC=local)
> Not removing dangling forward link
> ERROR: incorrect DN string component for member in object CN=IMG P
> Share,CN=Users,DC=domain,DC=local - <GUID=f192ae2cf2a55342818fe1b4
> a45d5396>;<RMD_ADDTIME=130649535030000000>;<RMD_CHANGETIME=
> 130649601110000000>;<RMD_FLAGS=1>;<RMD_INVOCID=194264d3
> cddbff43815e8850f94192e1>;<RMD_LOCAL_USN=360194>;<RMD_
> ORIGINATING_USN=478611>;<RMD_VERSION=1>;<SID=01050000000000
> 0515000000730d083801679a88e52f2fc7110e0000>;CN=Demo User,OU=Users,OU=IT
> Department,OU=Prince Frederick,DC=domain,DC=local
> Change DN to <GUID=2cae92f1-a5f2-4253-818f-e1b4a45d5396>;<SID=S-1-5-21-94
> 0051827-2291820289-3341758437-3601>;CN=Demo User,OU=Users,OU=PF
> MA,OU=MA,OU=PF,DC=domain,DC=local? [YES]
> ERROR: Failed to fix incorrect DN string on attribute member : (53,
> 'Attribute member already deleted for target GUID
> 2cae92f1-a5f2-4253-818f-e1b4a45d5396')
>
> The second issue has to do with the new KCC. I had this same issue when I
> tested out the 'kccsrv:samba_kcc=true' feature in prior builds. See the
> duplicate connections for 'PFDC2.domain.local' below. I have the same issue
> on another DC, although for a different DC connection. Site links are also
> not being adhered to.
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
>         Connection name: 042e3f91-6f91-4e3d-ab58-4b9fea0c4b81
>         Enabled        : TRUE
>         Server DNS name : PFDC2.domain.local
>         Server DN name  : CN=NTDS Settings,CN=PFDC2,CN=Servers,C
> N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
>         Connection name: 1244834d-74e3-4a5a-981e-88367d7f1a36
>         Enabled        : TRUE
>         Server DNS name : pfdc1.domain.local
>         Server DN name  : CN=NTDS Settings,CN=PFDC1,CN=Servers,C
> N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
>         Connection name: 26508262-933f-4fd3-bc2c-c236e050bfb0
>         Enabled        : TRUE
>         Server DNS name : SOLDC2.domain.local
>         Server DN name  : CN=NTDS Settings,CN=SOLDC2,CN=Servers,
> CN=Solomons,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
>         Connection name: 5ef1d75c-2977-435c-8b90-a94886d3b92d
>         Enabled        : TRUE
>         Server DNS name : DUNDC2.domain.local
>         Server DN name  : CN=NTDS Settings,CN=DUNDC2,CN=Servers,
> CN=Dunkirk,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
>         Connection name: 6743a36d-2401-4ecb-9f05-565a4528f7c6
>         Enabled        : TRUE
>         Server DNS name : SOLDC1.domain.local
>         Server DN name  : CN=NTDS Settings,CN=SOLDC1,CN=Servers,
> CN=Solomons,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
>         Connection name: 865908ee-2f8b-456c-841e-7f54e3e93835
>         Enabled        : TRUE
>         Server DNS name : PFDC2.domain.local
>         Server DN name  : CN=NTDS Settings,CN=PFDC2,CN=Servers,C
> N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
>                 TransportType: RPC
>                 options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
> Smb.conf is similar among all DC's. See below.
>
> # Global parameters
> [global]
>         workgroup = DOMAIN
>         realm = domain.local
>         netbios name = DUNDC1
>         server role = active directory domain controller
>         dns forwarder = 8.8.8.8
>         idmap_ldb:use rfc2307 = yes
>
>         # Debug Logging Information
>         log file = /usr/local/samba/var/log.%U
>         max log size = 5000
>         log level = 1
>         logging = syslog at 2 file
>         debug timestamp = Yes
>         debug uid = Yes
>         debug pid = Yes
>
>         allow dns updates = secure
>
>         # Disable Cups Printing
>         load printers = No
>         printcap name = /dev/null
>         disable spoolss = Yes
>
>         ldap server require strong auth = No
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>         read only = No
>
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> Thanks for any guidance.
>
> --
> -James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 

-------------------------------------------
Edson Tadeu Almeida Silveira
http://sites.google.com/site/edsontadeu/
-------------------------------------------

More information about the samba mailing list