Ralf Spenneberg
2022-Oct-13 06:21 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
Hi Andrew, Am 13.10.22 um 08:14 schrieb Andrew Bartlett:>>> (And don't worry, it is not case sensitive and is self-correcting of >>> case, if Samba accepts the modify it should replicate, as long as you >>> don't access the files under sam.ldb.d/ directly). >> Well, the ldbmodify usedc was: >> ldbmodify -v -H 'DC=AD,DC=DOMAIN,DC=DE.ldb' < >> /root/replace-proxyAddresses.ldif >> >> Does this count as modifying the files directly? > > Yes. Your domain is now (subtly) corrupt. Do not pass go, do not collect $200. ;-)Ok, I already assumed something like that.> The file to modify it the sam.ldb file in the directory above, this provides the correct interface.So what would have been the correct command? ldapmodify -H /var/lib/samba/private/sam.ldb < xxx.ldif?> dbcheck might fix it.I already ran dbcheck. But it did not help. Could I try to repair the replication by rejoining the backup dc? Kind regards, Ralf
Andrew Bartlett
2022-Oct-13 06:26 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
On Thu, 2022-10-13 at 08:21 +0200, Ralf Spenneberg wrote:> Hi Andrew, > Am 13.10.22 um 08:14 schrieb Andrew Bartlett: > > > > (And don't worry, it is not case sensitive and is self- > > > > correcting ofcase, if Samba accepts the modify it should > > > > replicate, as long as youdon't access the files under > > > > sam.ldb.d/ directly). > > > Well, the ldbmodify usedc was:ldbmodify -v -H > > > 'DC=AD,DC=DOMAIN,DC=DE.ldb' </root/replace-proxyAddresses.ldif > > > Does this count as modifying the files directly? > > > > Yes. Your domain is now (subtly) corrupt. Do not pass go, do not > > collect $200. ;-) > Ok, I already assumed something like that. > > The file to modify it the sam.ldb file in the directory above, this > > provides the correct interface. > So what would have been the correct command?ldapmodify -H > /var/lib/samba/private/sam.ldb < xxx.ldif?Yes.> > dbcheck might fix it. > I already ran dbcheck. But it did not help. Could I try to repair the > replication by rejoining the backup dc?Yes, just join a new DC to the domain (you could rejoin the DC you modified to the backup), that attribute won't replicate over and it will all be as if this never happened. Then demote the existing DC that you modified. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open SourceSolutions