[Samba] ODP: ODP: Demoting AD DC failed, now it won't start up after ldb and tdb files removed

[Rowland Penny]

On Sat, 2022-04-02 at 15:55 +0000, Krzysztof Kucybała via samba wrote:
> Thanks Rowland,
> Yea, I tried 'net cache flush' command now, and I tried that before I
> started fiddling with removing the tdb and ldb database files,
> doesn't seem to do much of anything, but maybe I need to do more than
> that? Tried stopping samba before that and restarting after, but no
> joy here either.

Stopping and restarting Samba will do what 'net cache flush = yes'
does.

> 
> Btw the things You suggested I remove from my config files is not
> stuff I invented myself

I never said you did :-)

>  - I mostly followed the  https://wiki.samba.org/ pages which might
> mean some of them are out of date.

No, most of those lines should not be in a DC or are the defaults on a
Unix domain member and a Unix domain server can never be a 'standalone
server', that is a totally different beast.

>  Could those lines be responsible for this weird DC behavior, or is
> just stuff that's surplus to requirements of any kind?

They are just surplus to requirements and shouldn't have any affect on
the IDs.

>  If I remember correctly, some of those things came about when I
> introduced the physical DC next to the one I've always had on a VM to
> prioritise the physical one. That was my idea of some weird clock
> sync problems I've been observing which I though might be down to the
> DC being run off a VM which can sometimes have clock problems, having
> no hardware clock of their own.

AD is very time critical, so if the time is out by about 5 minutes,
replication might not be working. I suggest you run:

'samba-tool dbcheck' on both DCs
'samba-tool ldapcmp' from one of the DCs 

See if that throws up any errors.

Rowland