[Samba] Schema extension reported as schema corruption (Samba 4.5)

MotS mots at nepu.moe
Fri Aug 11 12:19:32 UTC 2017


I've got a domain with two Samba DC's, both running samba 4.5. It 
started as a network with one DC running samba 4.2, but I upgraded it 
something over a year ago or so. There's a schema extension installed 
because the mail system likes to store additional information in AD 
(Such as is this an active user? Is it an admin? A room?)

I've tried to add a new DC a few days ago so I could then retire the 
older one, but I'm getting this error:


So I tried to find out what's wrong and started by running "samba-tool 
dbcheck --cross-ncs", which reports back 4002 errors in 4539 objects. I 
see lots of mentions of "zarafaAccount" and "zarafaAdmin" and such in 
there, which leads me to believe that the schema extension or the way 
newer versions of samba handle it is to blame. (I'm not posting the 
output here, because it contains the names of every employee.)

Now, obviously running "samba-tool dbcheck --cross-ncs --fix" would in 
the best case scenario break the mail server. I've got the feeling that 
it would wreck the whole domain instead, though.

It has worked fine with this extension installed for years, so I'm not 
sure what changed. I was even able to add the second DC last year as 
I've written at the beginning.

What can I do to get it working again?



More information about the samba mailing list