[Samba] ERROR: missing backlink attribute 'memberOf'

Bob Thomas bthomas at cybernetics.com
Wed Dec 6 15:16:54 UTC 2017 

Good Morning (or not),

I am running three Samba AD DCs all at version 4.7.2 on Ubuntu 16.04.  
All three have run flawlessly for over a year.
Last night one of the DCs started failing Replication with both the 
other DCs so I decided to run samba-tool dbcheck .
Resulting in several:

ERROR: orphaned backlink attribute 'memberOf' in CN=Annamarie 
Foyles,CN=Users,DC=cy,DC=cybernetics,DC=com for link member in CN=CY 
Folder Redirect (Win 7),CN=Users,DC=cy,DC=cybernetics,DC=com
Not removing orphaned backlink memberOf

ERROR: orphaned backlink attribute 'memberOf' in CN=Darran T. 
Price,CN=Users,DC=cy,DC=cybernetics,DC=com for link member in CN=CY 
Folder Redirect (Win 7),CN=Users,DC=cy,DC=cybernetics,DC=com
Not removing orphaned backlink memberOf

So I ran samba-tool dbcheck --fix which fixed a few of them and actually 
got the replications working again, But there are several of those same 
errors on all three DCs.  I have searched the list and see that the 
cause of the Backlink removal error has been fixed in version 4.7.1 but 
the db needs to be cleaned manually.  Just to let you know,  samba-tool 
dbcheck --cross-ncs passed with no errors following the upgrade to 
4.7.0, 4.7.1 and 4.7.2 so i'm not sure how the errors are here now.

MY QUESTION IS: Could anyone provide me with the directions I need to 
use to safely manually remove the troubled orphaned backlink attributes 
so the DCs are happy again.  At the moment everything is working fine, I 
just need to get the db healthy.

Probably not needed but my smb.conf is posted below:

[global]
         netbios name = CY-DC
         realm = CY.DOMAIN.COM
         workgroup = CY
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes
         idmap config CY:unix_nss_info = yes
         ldap server require strong auth = no
         allow dns updates = nonsecure and secure
         log level = 2

# stops cups errors in log file
         load printers = no
         printing = bsd
         printcap name = /dev/null
         disable spoolss = yes

[netlogon]
         path = /var/lib/samba/sysvol/cy.domain.com/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No


Thank you all for this wonderful product and your help.

More information about the samba mailing list