I am having some trouble joining a new samba4 server as a DC. I am pretty sure this stems from trying to use OpenChange and subsequently removing it. The new samba4 machine is running 4.0.7 and the existing is running 4.0.1. I am a little hesitant to do an in-place upgrade of the last working DC, so I wanted a replica to fall back on in case things go bad. Any help would be appreciated. On the new machine>samba-tool domain join domain.local DC -Uadministrator realm=domain.local --dns-backend=BIND9_DLZFinding a writeable DC for domain 'domain.local' Found DC tachyon.domain.local Password for [DOMAIN\administrator]: workgroup is DOMAIN realm is domain.local checking sAMAccountName Adding CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Adding CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Adding CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Adding SPNs to CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Setting account password for NEXUS$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=domain,DC=local Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[402/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[804/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1206/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1608/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2010/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2412/2620] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2620/2620] linked_values[0/0] Analyze and apply schema objects Join failed - cleaning up checking sAMAccountName Deleted CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local Deleted CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local Deleted CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local ERROR(runtime): uncaught exception - (8442, 'WERR_DS_DRA_INTERNAL_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 734, in join_replicate replica_flags=ctx.replica_flags) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 248, in replicate (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req) On the existing DC logs [2013/08/02 13:53:04, 0] ../source4/rpc_server/drsuapi/getncchanges.c:220(get_nc_changes_build_object) ../source4/rpc_server/drsuapi/getncchanges.c:220: Failed to find attribute in schema for attrid 2786216 mentioned in replPropertyMetaData of CN=Recipient Update Service (DOMAIN)\0ADEL:cbf078d9-a0ff-4609-a05b-743816af619d,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local Alex Ferrara Director Receptive IT Solutions
Does nobody know how to manually remove items from Samba4 directory? I've tried using adsiedit but cn=deleted items doesn't show up. Sent from my iPhone On 02/08/2013, at 1:58 PM, Alex Ferrara <alex at receptiveit.com.au> wrote:> I am having some trouble joining a new samba4 server as a DC. I am pretty sure this stems from trying to use OpenChange and subsequently removing it. The new samba4 machine is running 4.0.7 and the existing is running 4.0.1. I am a little hesitant to do an in-place upgrade of the last working DC, so I wanted a replica to fall back on in case things go bad. > > Any help would be appreciated. > > On the new machine > >> samba-tool domain join domain.local DC -Uadministrator realm=domain.local --dns-backend=BIND9_DLZ > > Finding a writeable DC for domain 'domain.local' > Found DC tachyon.domain.local > Password for [DOMAIN\administrator]: > workgroup is DOMAIN > realm is domain.local > checking sAMAccountName > Adding CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local > Adding CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local > Adding CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local > Adding SPNs to CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local > Setting account password for NEXUS$ > Enabling account > Calling bare provision > No IPv6 address will be assigned > Provision OK for domain DN DC=domain,DC=local > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[402/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[804/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1206/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[1608/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2010/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2412/2620] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=domain,DC=local] objects[2620/2620] linked_values[0/0] > Analyze and apply schema objects > Join failed - cleaning up > checking sAMAccountName > Deleted CN=NEXUS,OU=Domain Controllers,DC=domain,DC=local > Deleted CN=NTDS Settings,CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local > Deleted CN=NEXUS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local > ERROR(runtime): uncaught exception - (8442, 'WERR_DS_DRA_INTERNAL_ERROR') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1104, in join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1009, in do_join > ctx.join_replicate() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 734, in join_replicate > replica_flags=ctx.replica_flags) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 248, in replicate > (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req) > > On the existing DC logs > > [2013/08/02 13:53:04, 0] ../source4/rpc_server/drsuapi/getncchanges.c:220(get_nc_changes_build_object) > ../source4/rpc_server/drsuapi/getncchanges.c:220: Failed to find attribute in schema for attrid 2786216 mentioned in replPropertyMetaData of CN=Recipient Update Service (DOMAIN)\0ADEL:cbf078d9-a0ff-4609-a05b-743816af619d,CN=Deleted Objects,CN=Configuration,DC=domain,DC=local > > Alex Ferrara > Director > Receptive IT Solutions > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Fri, 2013-08-02 at 13:58 +1000, Alex Ferrara wrote:> I am having some trouble joining a new samba4 server as a DC. I am pretty sure this stems from trying to use OpenChange and subsequently removing it. The new samba4 machine is running 4.0.7 and the existing is running 4.0.1. I am a little hesitant to do an in-place upgrade of the last working DC, so I wanted a replica to fall back on in case things go bad.> On the existing DC logs > > [2013/08/02 13:53:04, 0] ../source4/rpc_server/drsuapi/getncchanges.c:220(get_nc_changes_build_object) > ../source4/rpc_server/drsuapi/getncchanges.c:220: Failed to find attribute in schema for attrid 2786216 mentioned in replPropertyMetaData of CN=Recipient Update Service (DOMAIN)\0ADEL:cbf078d9-a0ff-4609-a05b-743816af619d,CN=Deleted Objects,CN=Configuration,DC=domain,DC=localThis is really interesting. We are fighting with this in our automated testing, but we assumed it was due to runtime schema changes. Presuming you have restarted Samba since the last schema change, this points as a more sinister issue. Can you take a clone of this sever, and on an isolated network upgrade this to git master, and try to join another git master server to it? If that fails in the same way, we may wish to get a dump of this object (and potentially the database via a secure route) so we can investigate further. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz