>
> --- Original message ---
> Subject: Re: [Samba] Samba 4 Cleanup Managing and Otherwise
> From: Michael Wood <esiotrot at gmail.com>
> To: <tms3 at tms3.com>
> Cc: <samba at lists.samba.org>
> Date: Friday, 18/06/2010 5:34 AM
>
> On 17 June 2010 04:49, <tms3 at tms3.com> wrote:
>>
>> OK, there has got to be a way to work with this thing other than
>> wiping the
>> Domain every time an error pops up.
>>
>> Trying to resolve problems I did a git upgrade and:
>>
>> setup# /usr/local/samba/sbin/upgradeprovision
>>
>> Which provided the unhelpful:
>>
>> Found 3 domain controllers, for the moment upgradeprovision is not
>> able to
>> handle upgrade on domain with more than one DC, please demote the
>> other(s)
>> DC(s) before upgrading
>>
>> As I am actually trying to clean up an orphaned DC due to the fact
>> that
>> dcpromo fails to remove AD from a windows server I am in even worse
>> shape
>> than before the git upgrade.
>>
>> As I don't have unlimited funds, and the M$ software is
outrageously
>> expensive, I can't keep blowing Windows servers out and
reprovisioning
>> them.
>>
>> Any ideas would be greatly appreciated here.
>
> Maybe running ldapcmp against the samba box and the Windows box will
> tell you something. Also, maybe what you could do is get an LDIF
> export of the directory, then add another Samba box to the domain and
> get another LDIF export and compare them to see what was added. Then
> you should be able to know exactly what needs to be deleted again
> afterwards.
Interestingly, after I wrote the above, I accessed the W2K3R2 DC and
was able to use "sites and services" to delete the NTDS settings under
the still listed orphaned DC, then go about manually deleting it from
the rep lists for each server, then actually delete the server itself
from the list, which is better than I was able to do. It is now gone
and Samba4 is no longer calling for it.
However, I am in a quandry over this mess now:
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for
CN=Schema,CN=Configuration,DC=tms3,DC=com -
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for
CN=Schema,CN=Configuration,DC=tms3,DC=com -
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER :
WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER :
WERR_INVALID_PARAM
It has been suggested that it is a kerberos problem, but I'm stymied
as to WHAT the problem is:
root at T3:/usr/local/samba/var# kinit administrator at TMS3.COM
administrator at TMS3.COM's Password:
root at T3:/usr/local/samba/var# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: administrator at TMS3.COM
Issued Expires Principal
Jun 18 06:05:36 Jun 18 16:05:36 krbtgt/TMS3.COM at TMS3.COM
root at T3:/usr/local/samba/var#
Anywho, enough poking around for now.
Cheers,
TMS III
>
>
> I haven't had a chance to try the above yet, though.
>
> P.S. I know the upgradeprovision script is being worked on at the
> moment, so this might all be fixed soon, but maybe you should mention
> it on the samba-technical list.
>
> --
> Michael Wood <esiotrot at gmail.com>