[Samba] Error when joining new DC

Rowland Penny rpenny at samba.org
Mon Dec 16 13:30:14 UTC 2024


On Mon, 16 Dec 2024 13:01:53 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:

> While resuming my testing for adding a new DC with higher Samba
> version I have some questions:
> 
> 1. do I have to expunge tombstones on each DC or just one (and
> replication will remove it from others). - I think it should be run
> on all DCs.
> 
> 2. same question for dbcheck
> 

All DCs should hold the same database (apart from a few non replicated
attributes), so making changes on one DC should lead to those changes
being replicated to all other DCs.
So, doing a change on one DC, should lead to changes on all others.

> 3. Rowland mentioned that the error message I get when trying the DC
> is just a result of the real issue. In which section of the join
> procedure would I have to look for the real issue if it is really
> related to the newly introduced security constraints in 4.14.10?
> Running with debuglevel 10 provides a lot of details and I'm not sure
> where exactly to look for any additional hints or how they might look
> like.
> 

In your initial post, you posted the output from the join command, the
relevant parts were these:

Your error started here:

An operation failed during a batch mode transaction, the transaction was rolled back
DSDB Transaction [commit] at [Thu, 05 Dec 2024 19:29:47.054187 EET] duration [24679161] status [1] reason [end_trans error on DC=SUB,DC=DOM,DC=TLD: An operation failed during a batch mode transaction, the transaction was rolled back]
{"timestamp": "2024-12-05T19:29:47.054240+0200", "type": "dsdbTransaction", "dsdbTransaction": {"version": {"major": 1, "minor": 0}, "action": "commit", "transactionId": "6c245342-5ecc-4c4e-8e13-1196825d7116", "duration": 24679161, "statusCode": 1, "status": "Operations error", "reason": "end_trans error on DC=SUB,DC=DOM,DC=TLD: An operation failed during a batch mode transaction, the transaction was rolled back"}}
Join failed - cleaning up

The next few lines were these:

ldb_wrap open of secrets.ldb
dsdb_search: SUB SEARCH_ONE_ONLY flags=0x00000200 cn=Primary Domains (&(flatname=SUB)(objectclass=primaryDomain)) -> 0 results
Could not find machine account in secrets database: Failed to fetch
machine account password for SUB from both secrets.ldb (Could not find
entry to match filter: '(&(flatname=SUB)(objectclass=primaryDomain))'
base: 'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:5731) and from
/usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

You can ignore those, the file that cannot be found isn't created until
the join is successful, that is why it cannot be found.

Your actual error is a bit lower down:

ERROR(ldb): uncaught exception - end_trans error on DC=SUB,DC=DOM,DC=TLD: An operation failed during a batch mode transaction, the transaction was rolled back
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/__init__.py", line 353, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/netcmd/domain/join.py", line 128, in run
    join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py", line 1621, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py", line 1511, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib64/python3.9/site-packages/samba/join.py", line 1101, in join_replicate
    ctx.local_samdb.transaction_commit()

Rowland




More information about the samba mailing list