[Samba] messy replication
Adam Weremczuk
adamw at matrixscience.com
Thu Jul 18 10:18:56 UTC 2019
On 17/07/19 16:22, Rowland penny via samba wrote:
> I don't think there is a 'best way'. This used to come up fairly often
> in the early days of Samba AD, I think all you can do is to search in
> sam.ldb and remove any mention of the old DC, but DO NOT alter the
> files under sam.ldb.d, reading this might help:
>
> https://lists.samba.org/archive/samba/2014-February/178947.html
>
> Rowland
Hi Rownland,
The file is is pretty big for our company size - 124k lines when edited.
I've spend about an hour carefully removing, editing and skipping
entries referencing old dc1.
Unfortunately upon saving all my changes were discarded without a warning...
root at dc2 /# ldbedit -e vim -H /var/lib/samba/private/sam.ldb --cross-ncs
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
failed to add CN=dns-dc2,CN=Users,DC=example,DC=co,DC=uk - objectclass:
'isCriticalSystemObject' must not be specified!
Would it be ok to leave this record as dns-dc1?
Or maybe I should do something else?
Thanks,
Adam
More information about the samba
mailing list