[Samba] Fw: Re: Made a join with a netbios name, which already existed, now replication errors

thom_schu at gmx.de thom_schu at gmx.de
Tue Aug 1 19:03:23 UTC 2017 

Hello,
now with "ldbsearch --cross-ncs ..." I dont find entries of domain controllers anymore except samba1 and samba2.
sam.ldb seems to be clean now.
But with the DNS-Tool from Windows I can see a lot of entries for samba3, all of them for services like _gc, _kerberos, _ldap, _kpasswd.
Can this be the reason for the error I get when I join samba5 ? Do I have to delete this entries ?

Because when I want to join samba5, I still get the following error. From where comes that info about samba3 ?

samba-tool domain join domain.university.de DC -U"domain\administrator" --dns-backend=SAMBA_INTERNAL

Finding a writeable DC for domain 'domain.university.de'
Found DC samba1.domain.university.de
Password for [domain\administrator]:
workgroup is domain
realm is domain.university.de
Adding CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Adding CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Adding CN=NTDS Settings,CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Adding SPNs to CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Setting account password for SAMBA5$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=domain,DC=university,DC=de
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=university,DC=de] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[402/1655] linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[804/1655] linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1206/1655] linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1608/1655] linked_values[0/0]
Partition[CN=Configuration,DC=domain,DC=university,DC=de] objects[1655/1655] linked_values[52/0]
Unxpectedly got mismatching RDN values when checking RDN against name of CN=NTDS
Settings,CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=deFailed to convert object CN=NTDS
Settings,CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de: WERR_GEN_FAILURE
Failed to convert objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=SAMBA5,OU=Domain Controllers,DC=domain,DC=university,DC=de
Deleted CN=NTDS Settings,CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
Deleted CN=SAMBA5,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=university,DC=de
ERROR(runtime): uncaught exception - (31, "Failed to process 'chunk' of DRS replicated objects: WERR_GEN_FAILURE")
                  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
                    return self.run(*args, **kwargs)
                  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run
                    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
                  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1269, in join_DC
                    ctx.do_join()
                  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1177, in do_join
                    ctx.join_replicate()
                  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 895, in join_replicate
                    replica_flags=ctx.replica_flags)
                  File "/usr/lib64/python2.7/site-packages/samba/drs_utils.py", line 258, in replicate
                    schema=schema, req_level=req_level, req=req)


Regards


>> Get rid of samba3 by demoting it again as you did last time, search
>> through sam.ldb for any mention of samba3 and samba4 (you will
>> probably have to use '--cross-ncs' with ldbsearch or lbdedit), then
>> remove them.
>> Now start again with a new DC, but this time, call it anything but
>> samba3 or samba4.

> Getting worse and worse ....
> I demoted samba3 and then also samba5, because samba5 reported successful replication
> with samba3, although samba3 was already demoted.
> 
> So I thought I can start with working samba1 and samba2.
> 
> I made a new clean installation of samba5 beginning with the OS ...
> But the join failed with
> 
> Unxpectedly got mismatching RDN values when checking RDN against name of CN=NTDS Settings,CN=ISAMBA3,CN=Servers,CN=Default-First- Site-Name,CN=Sites,CN=Configuration,DC=domain Failed to convert object CN=NTDS Settings,CN=ISAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain: WERR_GEN_FAILURE
> 
> SAMBA3 again ??!! I thought I deleted everything !!
> 
> A check on samba2 "ldbsearch --cross-ncs ... | egrep -i samba3"
> 
> dn: CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain
> cn: SAMBA3
> name: SAMBA3
> dNSHostName: samba3.domain
> distinguishedName: CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> dn: DC=samba3,DC=domain,CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain
> name: samba3
> dc: samba3
> distinguishedName: DC=samba3,DC=domain.de,CN=MicrosoftD
> 
> I'm sure I checked already in the morning and didnt find any entries about samba3, except the ones I deleted.
> Im already confused and getting nervous not far from panic.
> Im thinking about to start a complete new domain controller with a backup from before I started all this, hopefully
> my backup works.
> Or should I delete now the mentioned entries ? (ldbdel ... CN=SAMBA3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration)
> They seem to be deep inside the DNS database. I really have the feeling, with each step its getting worse.

More information about the samba mailing list