[Samba] Make Samba 4 as Additional DC to Windows Server 2003R2

Mon Oct 30 07:41:17 UTC 2017

Hello Andrew,

A gentle reminder for the patch.

Can you share the patch as you mentioned?

-- 

Thanks & Regards,

Anantha Raghava

Do not print this e-mail unless required. Save Paper & trees.

On 29/10/17 11:57 AM, Andrew Bartlett wrote:
> On Sun, 2017-10-29 at 09:11 +0530, Anantha Raghava wrote:
>> Hi,
>>
>> I did upgrade the server to Windows Server 2008 R2 along with AD.
>> However, when I attempt to add Samba-4 as additional domain controller, it is able to provision the Domain and starts to replicate the data. However, while replicating, it throws up an error as shown below and stops. Samba-4 will remove itself being additional domain controller.
>> I tried this migration using Samba Version 4.7 and BIND9_DLZ as dns backend.
>> Error message:
>> -------------------------------------------------------------------------------------------
>> /lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com in @INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA==
>>
>> Is this error something to do with Windows Domain Controller?
> I have a patch for this, developed for a customer who hit the same
> thing, remind me if you don't get it from me tomorrow, and given the
> additional interest I'll figure a way to get it upstream.
>
> Samba is just stricter than windows in this area, not allowing a SID to
> be deleted or be a conflict object and also exist normally.
>
> Until your mail, I didn't think this could happen other than as a
> foreignSecurityPrincipal however, and I don't think the source domain
> is entirely healthy if an objectSid can be allocated to two different
> users, even if they are now deleted.
>
> I hope this helps,
>
> Andrew Bartlett
>   