[Samba] Make Samba 4 as Additional DC to Windows Server 2003R2

Anantha Raghava raghav at exzatechconsulting.com
Sun Oct 29 08:52:58 UTC 2017


Hi,

Thanks for your quick help. I await the patch.

I know the source DC is all that clean. I am trying to clean the source 
DC using "ntdsutil". I am not sure how far this exercise will be successful.

-- 

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

On 29/10/17 11:57 AM, Andrew Bartlett wrote:
> On Sun, 2017-10-29 at 09:11 +0530, Anantha Raghava wrote:
>> Hi,
>>
>> I did upgrade the server to Windows Server 2008 R2 along with AD.
>> However, when I attempt to add Samba-4 as additional domain controller, it is able to provision the Domain and starts to replicate the data. However, while replicating, it throws up an error as shown below and stops. Samba-4 will remove itself being additional domain controller.
>> I tried this migration using Samba Version 4.7 and BIND9_DLZ as dns backend.
>> Error message:
>> -------------------------------------------------------------------------------------------
>> /lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com in @INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA==
>>
>> Is this error something to do with Windows Domain Controller?
> I have a patch for this, developed for a customer who hit the same
> thing, remind me if you don't get it from me tomorrow, and given the
> additional interest I'll figure a way to get it upstream.
>
> Samba is just stricter than windows in this area, not allowing a SID to
> be deleted or be a conflict object and also exist normally.
>
> Until your mail, I didn't think this could happen other than as a
> foreignSecurityPrincipal however, and I don't think the source domain
> is entirely healthy if an objectSid can be allocated to two different
> users, even if they are now deleted.
>
> I hope this helps,
>
> Andrew Bartlett
>   



More information about the samba mailing list