[Samba] Domain join issues - 4.9.0

[Jonathan Hunter]

Thanks Rowland for the advice, I have now tried joining a 4.9.2
machine to the domain, targeting the join at a 4.9.2 DC. Same result
as below, unfortunately - I think you are probably correct with the
bug below (#8929).

On Wed, 14 Nov 2018 at 08:34, Jonathan Hunter <jmhunter1 at gmail.com> wrote:
[...]
> > > $ sudo samba-tool domain join mydomain.org DC -U myadmin --site=mysite
> > > --server=dc3
> > > [...]
> > > Replicating critical objects from the base DN of the domain
> > > [...]
> > > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in
> > > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for
> > > index on servicePrincipalName, duplicate of objectGUID
> > > 00000000-1111-2222-3333-444444444444 in
> > > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC
> > > [lots of these]
> >
> > I think you may be running into this bug:
> > https://bugzilla.samba.org/show_bug.cgi?id=8929
> >
> > You may have duplicate SPN's e.g. one 'HOST/somePC' and another
> > 'host/somepc'

I am sure that this is what is happening for me.. but it looks as
though I am now unable to join any new DCs into my domain, until I can
figure out how to work around this.

Is there a way I can maybe use ldbedit to manually adjust the
database, and remove duplicates somehow? (That seems risky to me, but
I don't know what alternative I have..)

In my database, as reported by the domain join command above, I have
five duplicates 'for index on servicePrincipalName', plus 107
duplicates for index on a custom LDAP attribute I am using. If there's
a correct way I can step through these one by one, and remove the
duplicates, I am happy to try...

Or - is anybody working on bug 8929?

Currently I am one DC down, and don't think I can re-add it as things
stand.. so I'm willing to try manually editing if that will help.

Cheers,

Jonathan

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein