[Samba] Schema extension reported as schema corruption (Samba 4.5)
mots at nepu.moe
Fri Aug 11 12:19:32 UTC 2017
I've got a domain with two Samba DC's, both running samba 4.5. It
started as a network with one DC running samba 4.2, but I upgraded it
something over a year ago or so. There's a schema extension installed
because the mail system likes to store additional information in AD
(Such as is this an active user? Is it an admin? A room?)
I've tried to add a new DC a few days ago so I could then retire the
older one, but I'm getting this error:
So I tried to find out what's wrong and started by running "samba-tool
dbcheck --cross-ncs", which reports back 4002 errors in 4539 objects. I
see lots of mentions of "zarafaAccount" and "zarafaAdmin" and such in
there, which leads me to believe that the schema extension or the way
newer versions of samba handle it is to blame. (I'm not posting the
output here, because it contains the names of every employee.)
Now, obviously running "samba-tool dbcheck --cross-ncs --fix" would in
the best case scenario break the mail server. I've got the feeling that
it would wreck the whole domain instead, though.
It has worked fine with this extension installed for years, so I'm not
sure what changed. I was even able to add the second DC last year as
I've written at the beginning.
What can I do to get it working again?
More information about the samba