[Samba] samba 4.7.0 replication errors

Rowland Penny rpenny at samba.org
Sun Oct 1 21:27:57 UTC 2017 

On Mon, 2 Oct 2017 09:59:47 +1300
Garming Sam via samba <samba at lists.samba.org> wrote:

> Can you provide a bit more logs? At first glance, it doesn't seem
> quite related to group memberships.
> 
> 
> Cheers,
> 
> Garming
> 
> On 29/09/17 22:07, gizmo via samba wrote:
> > Hallo,
> > we have 5 ADDCs. All of them did run with sernet-samba 4.6.7.
> > I updated 4 of them to sernet-samba 4.7.0, one after the other,
> > checked replication, everything seemed to be ok. One day later a
> > colleague wanted to delete a lot of users with a powershell-script
> > and since then the replication doesnt work anymore. (Im sure the
> > script is not the problem, but it seemes like it triggered
> > something)
> >
> > All samba-servers with version 4.7.0 report errors with at least
> > one other ADDC like
> >
> > DC=domain,DC=de
> >   Default-First-Site-Name\ISAMBA4-2 via RPC
> >     DSA object GUID: 5dc32731-e914-486d-96f1-ce065ff956bf
> >     Last attempt @ Fri Sep 29 10:37:24 2017 CEST failed, result 58
> > (WERR_BAD_NET_RESP) 358 consecutive failure(s).
> >     Last success @ Thu Sep 28 10:18:16 2017 CEST
> >
> >
> > The command "samba-tool dbcheck --cross-ncs --fix --yes" reports
> > hundreds of errors like
> >
> >     ERROR: orphaned backlink attribute 'memberOf' ...
> >
> > The dbcheck-command says, it fixed the problems, but when I execute
> > again, a lot of the same error comes again ( I can not say, if the
> > same entries are effected).
> >
> > The log.samba has a lot of entries like
> >     [2017/09/29 10:26:15.502219,
> > 0] ../source4/dsdb/repl/drepl_out_helpers.c:959(dreplsrv_op_pull_source_apply_changes_trigger)
> > Failed to commit objects:
> > WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> >
> >
> > If I make the dbcheck on the last server with version 4.6.7, this
> > errors dont appear.
> >
> > How do I get the replication to work again ?
> >
> > Is the error "orphaned backlink attribute" the reason, why
> > replication doesnt work anymore ? And if so, do I have to fix all
> > groups manually like said in a similar problem from the post "Samba
> > 4.7.0 replication issue: failed get spanning tree edges" ?
> > (https://lists.samba.org/archive/samba/2017-September/211225.html)
> >
> 
> 

Aren’t the orphaned backlinks an artefact of a previous fix ? I seem to
remember they have always been there, but the 'fix' just exposed them.

It might help if we could see the powershell script, just how were the
users deleted, the other question is: why was a powershell script used,
when it would have been easier to write a bash script around
'samba-tool user delete'

Rowland

More information about the samba mailing list