[Samba] Make Samba 4 as Additional DC to Windows Server 2003R2

Anantha Raghava raghav at exzatechconsulting.com
Sun Oct 29 03:41:13 UTC 2017 

Hi,

I did upgrade the server to Windows Server 2008 R2 along with AD.

However, when I attempt to add Samba-4 as additional domain controller, 
it is able to provision the Domain and starts to replicate the data. 
However, while replicating, it throws up an error as shown below and 
stops. Samba-4 will remove itself being additional domain controller.

I tried this migration using Samba Version 4.7 and BIND9_DLZ as dns backend.

Error message:

-------------------------------------------------------------------------------------------

/lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid 
in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS 
MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com in 
@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA==
../lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid 
in CN=TDS 
COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS 
MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com in 
@INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA==
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4824: Failed to 
rename conflict dn 'CN=TDS 
COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com' to 'CN=TDS 
COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com' - ../lib/ldb/ldb_tdb/ldb_index.c:1272: 
Failed to re-index objectSid in CN=TDS 
COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com - ../lib/ldb/ldb_tdb/ldb_index.c:1196: 
unique index violation on objectSid in CN=TDS 
COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted 
Objects,DC=corp,DC=dtdc,DC=com
Failed to commit objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=corp,DC=dtdc,DC=com
Deleted CN=NTDS 
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=dtdc,DC=com
Deleted 
CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=dtdc,DC=com
ERROR(runtime): uncaught exception - (31, "Failed to process 'chunk' of 
DRS replicated objects: WERR_GEN_FAILURE")
   File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", 
line 661, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", 
line 1474, in join_DC
     ctx.do_join()
   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", 
line 1377, in do_join
     ctx.join_replicate()
   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", 
line 936, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", 
line 295, in replicate
     schema=schema, req_level=req_level, req=req)
--------------------------------------------------------------------------------------------------------------

Is this error something to do with Windows Domain Controller?

-- 

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

On 28/10/17 4:45 PM, Andrew Bartlett wrote:
> On Sat, 2017-10-28 at 16:11 +0530, Anantha Raghava via samba wrote:
>> Hi,
>>
>> I am trying to make Samba 4 as additional DC to a Domain Hosted in
>> Windows Server 2003 R2. Is it possible? Or do we have to first migrate
>> to Windows Server 2008 R2 and then to Samba?
>>
>> samba-toll domain join command comes upto Domain Provision and it
>> reports OK. However when the replication starts it fails. Error thrown is:
>>
>> "Failed to bind to uuid e35*****-****-****-****-************/00000****
>> ...........NT_STATUS_LOGON_FAILURE"
> That is interesting.  It should work, but an upgrade to 2008R2 first
> would be advised for the migration, as that will allow you to get you a
> 2008R2 schema and functional level, which you want.
>
> Andrew Bartlett
>

More information about the samba mailing list