[Samba] join samba 4.5.12 to samba 4.1.13 failed
Andrew Bartlett
abartlet at samba.org
Wed Jul 26 08:30:29 UTC 2017
On Tue, 2017-07-25 at 14:04 -0400, Allen Chen via samba wrote:
> Hi there,
>
> I have 2 DC servers(samba 4.1.13) working for more than 1 year.
> When I join samba 4.5.12 to the domain, it fails on this error:
> ....
> Replicating critical objects from the base DN of the domain
> Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
> Join failed - cleaning up
> Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
> ...
Can you share a bit more of the error you see here?
I suspect the issue is a well known issue with the join command
interacting with the older DC. With Samba 4.5 we started to require
that we get the parent of every object before the object itself, and we
correctly implemented that in 4.6 as a server.
The issue is that when joining the older domain, we set the flags for
'give me the parent as well', GET_ANC, but the server doesn't know to
honour it.
We really should detect that and remove the DOMAIN_CRITICAL_ONLY flag,
which is what causes the trouble here (if we do a full replication we
generally get all the objects in the right order).
One fix is to upgrade the 4.1.13 servers to 4.6 or above. I understand
you would prefer to do that on the new DCs you join, but that may not
be possible in this case.
I hope this helps,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list