Again "Failed to remove backlin of memberOf when deleting" with debug info
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Fri Mar 9 20:20:56 UTC 2018
Hi Andrej,
> I'm testing new Samba version 4.8.0rc4 as an RODC with Windows server 2008R2 as RWDC.
Thank you.
> 1) join is done with following command:
>
> samba-tool domain join SAMDOM.LOCAL RODC --domain-critical-only --configfile /path/smb.conf --username admin --dns-backend SAMBA_INTERNAL --server RWDC --site NewSite
>
> 2) After RODC was joined and samba was started i saw following error in log:
>
> Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4373: Failed to remove backlink of memberOf when deleting CN=_User.Name\0ADEL:4cab6805-fd33-4edb-9bb2-702f7dce1210,CN=Deleted Objects,DC=samdom,DC=local: Attribute member doesn't exist for target GUID 4cab6805-fd33-4edb-9bb2-702f7dce1210: Operations error
> Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> dreplsrv_op_pull_source(WERR_BAD_NET_RESP) for DC=samdom,DC=local
>
> 3) ldbsearch -H /path/DC=SAMDOM,DC=LOCAL.ldb '(distinguishedname=CN=_User.Name\0ADEL:4cab6805-fd33-4edb-9bb2-702f7dce1210,CN=Deleted Objects,DC=samdom,DC=local)' memberof
> # record 1
> dn: ...
> memberof: <GUID=...>;<SID=...>;CN=GROUP,OU=GROUPSX,DC=SAMDOM,DC=LOCAL
>
> 4) ldbsearch -H /path/DC=SAMDOM,DC=LOCAL.ldb '(distinguishedname=CN=GROUP,OU=GROUPSX,DC=SAMDOM,DC=LOCAL)' member
> # record 1
> dn: ...
> member: ...
> member: <GUID=4cab6805-fd33-4edb-9bb2-702f7dce1210>;<RMD_ADDTIME=0>;<RMD_CHANG
> ETIME=0>;<RMD_FLAGS=0>;<RMD_INVOCID=...>;<RMD_LOCAL_USN=1>;<RMD_ORIGINATING_
> USN=1>;<RMD_VERSION=1>;<SID=...>;CN=_User.Name\0ADEL:4cab6805-fd33-4edb-9bb
> 2-702f7dce1210,CN=Deleted Objects,DC=samdom,DC=local
>
> 5) I think that the problem is in the "comparison_fn"(la_guid_compare_with_trusted_dn) that is ONLY used in BINARY_ARRAY_SEARCH_GTE (https://github.com/samba-team/samba/blob/60c7969e20ddc72d1d2a9dd1bd116d47df07ab02/source4/dsdb/common/util_links.c#L203) . I replaced this macro with simple for-loop and it works again.
Right. It is of course OK that the function is only used here if it is
doing the same effective comparison as the sort, but looks like that
might not be the case. (c.f.
source4/dsdb/samdb/ldb_modules/repl_meta_data.c:1988).
This should help in your case (though presumably break something else):
diff --git a/source4/dsdb/common/util_links.c b/source4/dsdb/common/util_links.c
index cf1f4be58bd..8192da43245 100644
--- a/source4/dsdb/common/util_links.c
+++ b/source4/dsdb/common/util_links.c
@@ -74,16 +74,7 @@ static int la_guid_compare_with_trusted_dn(struct compare_ctx *ctx,
}
cmp = ndr_guid_compare(ctx->guid, &p->guid);
- if (cmp == 0 && ctx->compare_extra_part) {
- if (ctx->partial_extra_part_length != 0) {
- /* Allow a prefix match on the blob. */
- return memcmp(ctx->extra_part.data,
- p->dsdb_dn->extra_part.data,
- MIN(ctx->partial_extra_part_length,
- p->dsdb_dn->extra_part.length));
- } else {
- return data_blob_cmp(&ctx->extra_part,
- &p->dsdb_dn->extra_part);
- }
+ if (cmp == 0) {
+ return data_blob_cmp(&ctx->extra_part, &p->dsdb_dn->extra_part);
}
return cmp;
> ldb_index.c:
>
> The array is assumed to be sorted by the same comparison_fn as the
> search (with, for example, qsort)
>
> I do not have fix for it now, so i hope, that you can help me to find the best solution.
I'll think about it on Monday.
cheers,
Douglas
More information about the samba-technical
mailing list