[Samba] Can't join new samba dc to existing dc

fransnicho fransnicho at gmail.com
Fri Aug 16 03:30:29 UTC 2024


Pada Kam, 15 Agu 2024 pukul 23.49 Rowland Penny via samba <
samba at lists.samba.org> menulis:

> On Thu, 15 Aug 2024 23:19:29 +0700
> fransnicho via samba <samba at lists.samba.org> wrote:
>
> > On Thu, Aug 15, 2024, 10:35 fransnicho <fransnicho at gmail.com> wrote:
> >
> > > Pada Rab, 14 Agu 2024 pukul 23.21 Rowland Penny via samba <
> > > samba at lists.samba.org> menulis:
> > >
> > >> On Wed, 14 Aug 2024 16:58:12 +0700
> > >> fransnicho via samba <samba at lists.samba.org> wrote:
> > >>
> > >> > I can not join an additional new samba dc ver. 4.19.5 to an
> > >> > existing samba Ad version 4.19.5 functional level 2008 R2.
> > >> >
> > >> > Last week I successfully demote an offline dc3 and move the fsmo
> > >> > role
> > >>
> > >> > /var/log/samba/log.samba
> > >> >
> > >> >
> > >> > 16:34:51.368927,  0]
> > >> >
> > >>
> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> > >> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> > >> > CN=NTDS
> > >> >
> > >>
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> > >> > - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
> > >> >
> > >>
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> > >> > does not exist in the specified objectclasses!
> > >> > [2024/08/14 16:34:51.369239,  0]
> > >> >
> > >>
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> > >> >   ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry
> > >> > failed - WERR_DS_INTERNAL_FAILURE
> > >>
> > >> Have you checked your database with 'samba-tool dbcheck' ?
> > >> Does 'DC6' exist ?
> > >>
> > >> Rowland
> > >>
> > >>
> > > Hi Rowland,
> > > Thanks for your response 🙏
> > > DC6 exist in many deleted objects, when i run below command :
> > >
> > > it at dc4:~$ sudo samba-tool dbcheck -v
> > > Checking 973 objects
> > > Checking object
> > > CN=DC6\0ADEL:7eec18e3-7f3f-49cc-86bc-8bc08b651bcb,CN=Deleted
> > > Objects,DC=nicho,DC=com
> > > Checking object
> > > CN=DC6\0ADEL:51476d30-2626-4169-97a8-4c240e934c2b,CN=Deleted
> > > Objects,DC=nicho,DC=com
> > > Checking object
> > > CN=DC6\0ADEL:54a0a479-a462-4ed1-b4f0-221c596aa455,CN=Deleted
> > > Objects,DC=nicho,DC=com
> > > Checking object
> > > CN=DC6\0ADEL:26516d46-8b40-4837-a112-e2638268a8b5,CN=Deleted
> > > Objects,DC=nicho,DC=com
> > >
> > > Best Regards,
> > > Nicho.
> > >
> > >
> > Hi Rowland,
> > Is there anything wrong with my database ?
> > I'm really2 stuck with the error. Please help..
> >
> > Best Regards,
> >
> > >
>
> The records that contain '0ADEL' are tombstone records, so you could
> use samba-tool to remove them, see:
> samba-tool domain tombstones expunge --help
> for more info
>
> ONLY ATTEMPT THE FOLLOWING IF YOU HAVE A GOOD BACKUP!
> However, your join seems to be failing because the attribute
> 'hasMasterNCs' doesn't have its objectclass in CN=NTDS
>
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
> but you say that DC6 no longer exists, so to me, it looks like that DN
> needs removing, followed by any referrences to 'DC6' there may be in
> your AD.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


Hi Rowland,
Thanks for your response 🙏

Can I rebuild: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
?
Is it safe to remove: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
?

Best Regards,
Nicho.


More information about the samba mailing list