[Samba] [Patches] AD Database corruption after upgrade from <= 4.6 to 4.7 (bug #13228)

Achim Gottinger achim at ag-web.biz
Mon Jan 22 23:05:06 UTC 2018



Am 22.01.2018 um 22:12 schrieb Ralph Böhme:
> On Mon, Jan 22, 2018 at 05:24:44PM +0100, Achim Gottinger via samba wrote:
>> Am 22.01.2018 um 10:49 schrieb Stefan Metzmacher via samba:
>>> Also DO NOT repair the following errors with samba-tool dbcheck!
>>> "Remove duplicate links in attribute"
>>> and
>>> "ERROR: orphaned backlink"
>>> as this removes the ability to repair the database
>>> in the next round of patches!
>>>
>> I had this error after upgrading from 4.7.3 to 4.7.4 and used samba-tool
>> dbcheck --clean to get rid of them.
>> Replication is still working. What kind of unrepairable corruption can i
>> expect now?
> see the bug report for details, this can eg cause loss of group memberships or
> generally speaking loss of linked-attributes.
>
> The only remede is comparing all objects for differences in linked-attributes
> and restore overwritten forward-links from now dangling backlinks.
>
> We're currently also working on an improvement to dbcheck so it can detect such
> corruption and fix it, but this will only work if you did *not* run dbcheck
> --fix on the affected database.
>
> -slow
>
Thank you for the infos!

I took a look at my notes.

I updates from 4.6.8 to 4.7.3 on 25.11.2017.

Back then i found error like this all related to siteList before the update.

ERROR: no target object found for GUID component for siteList in object 
CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site 
Transports,CN=Sites,CN=Configuration,DC=samba-list,DC=loc - 
<GUID=d4f41749a1595a43871ab1d72f24fe6b>;<RMD_ADDTIME=130015150890000000>;<RMD_CHANGETIME=130015150890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=af301252bb781543b57dbd7cb773d46f>;<RMD_LOCAL_USN=4762>;<RMD_ORIGINATING_USN=4762>;<RMD_VERSION=0>;CN=Test,CN=Sites,CN=Configuration,DC=samba-list,DC=loc
Not removing dangling forward link
ERROR: no target object found for GUID component for siteList in object 
CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site 
Transports,CN=Sites,CN=Configuration,DC=samba-list,DC=loc - 
<GUID=596bd8ae9e8bc94eab99ad3c12e22132>;<RMD_ADDTIME=130739077850000000>;<RMD_CHANGETIME=130739077850000000>;<RMD_FLAGS=0>;<RMD_INVOCID=af301252bb781543b57dbd7cb773d46f>;<RMD_LOCAL_USN=453494>;<RMD_ORIGINATING_USN=453494>;<RMD_VERSION=0>;CN=Grafing,CN=Sites,CN=Configuration,DC=samba-list,DC=loc
Not removing dangling forward link
Please use --fix to fix these errors

I updated to 4.7.3 and back then edited the ldb file and deleted the 
links to old expunged sites whom did no longer exist with the given GUID.

#~ldbedit -e nano -H 
/varLib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA-LIST,DC=LOC.ldb
#~samba-tool dbcheck --reindexdb

An month later on 26.12.2017 at about 5 am a few groups suddenly had an 
messed up member list, some users showed up twice some where missing.
I fixed it by deleting and recreating the affected groups, erros where 
deceted but could not be fixed with samba-tool dbcheck for the affected 
users/groups.
Also deleting those twice listed users did not work. Thought it was 
caused by an forced kill -9 to the samba service from an cron job at 
that time.

I maintain two separate networks with samba addc's and this only happend 
at one of these networks, both run samba adds's on 5 and 7 sites. My 
thombstoneLifetime is set to 30 days ab both networks.

On 12.01.2018 i updated from 4.7.3 to 4.7.4. dbcheck ran clean before 
the update but showed a few dangling forward errors whom i then fixed 
with dbcheck --fix. Till now no group corruption had happened.
I can think of restoring an backup from 11.01.2018 to an vm with 4.7.4 
here to inspect the errors from dbcheck again and maybe recreate these 
deleted links again. As far as i remember the errors where different on 
the ad's of whom i run a dozend, so this may become complicated.

I assume the errors caused by the 4.6.8->4.7.3 update happened 30 days 
later and I fixed these by recreating the affected groups. But i'm 
unsure if the fixes i ran after the 4.7.3->4.7.4 update may cause 
another corruption on 11.02.2018. dbcheck --cross-ncs did not find any 
errors before the update only afterwards. So the question is will the 
fixing of the newly detected  errors (by dbcheck version 4.7.4) cause 
issues or are these unrelated.

Achim~





More information about the samba mailing list