[Samba] `samba-tool dbcheck --cross-ncs --fix` fails: governsID already exists as an attributeId or governsId
Rowland penny
rpenny at samba.org
Wed Jul 3 15:19:43 UTC 2019
On 03/07/2019 15:50, Sven Schwedas via samba wrote:
> It's amazing how long Samba just keeps running even when apparently
> everything's broken.
>
> In preparation of finally upgrading our DCs to 41.0, I ran dbcheck on
> all of them, resulting in:
>
> graz-dc-sem:
>> Checking 3861 objects
>> Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId
>> Error: governsID CN=taoSharedFolder,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.4 already exists as an attributeId or governsId
>> Error: governsID CN=taoMailingList,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.3 already exists as an attributeId or governsId
>> Checked 3861 objects (3 errors)
> All other DCs:
>> Checking 3861 objects
>> Error: governsID CN=ucsUser,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.2 already exists as an attributeId or governsId
>> Error: governsID CN=taoSharedFolder,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.4 already exists as an attributeId or governsId
>> Error: governsID CN=taoMailingList,CN=Schema,CN=Configuration,DC=ad,DC=tao,DC=at on 1.3.6.1.4.1.19414.3.2.3 already exists as an attributeId or governsId
>> ERROR(runtime): uncaught exception - objectclass ucsUser marked as isDefunct objectClass in schema - not valid for new objects
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py", line 157, in run
>> controls=controls, attrs=attrs)
>> File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 198, in check_database
>> error_count += self.check_object(object.dn, attrs=attrs)
>> File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 1708, in check_object
>> normalised = self.samdb.dsdb_normalise_attributes(self.samdb_schema, attrname, obj[attrname])
>> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 677, in dsdb_normalise_attributes
>> return dsdb._dsdb_normalise_attributes(ldb, ldap_display_name, ldif_elements)
>
> All these object classes were tests we did… years ago, and which have
> been "deleted" (I don't even remember by what mechanism) for almost as
> long. No object should still be using any of these, and on graz-dc-sem
> that's true.
I would love to know how you deleted something from the schema, it is
normally a bit 'Hotel California', you can add to the schema but never
remove anything from the schema.
>
> There is, however, a new class called taoUser with the same X500 OID as
> ucsUser that's only used in one domain account (mine, of course); on
> graz-dc-sem the object correctly has the taoUser class assigned, on the
> other servers it's still an ucsUser.
That is probably your problem, you cannot have different names for what
seems to be the same objectclass.
>
> All servers seem to replicate without errors according to samba-tool drs
> showrepl.
>
> How do I get rid of these bogus Schema entries, and how do I fix the
> user account?
I do not think you can remove anything from the schema, but I believe
you can deactivate schema objects, try reading this:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc773309(v=ws.10)
Rowland
More information about the samba
mailing list