Olivier BILHAUT
2015-Feb-09 09:04 UTC
[Samba] Samba4 - Corrupted group caused stop of replication - "Object class violation"
Hi Andrew, Thanks for your reply. We tried successfully the --full-sync option from first to second DC. Unfortunately, afterwards the second DC was still in a corrupted state. The "Deleted Objects" still contained the ugly groups with the missing attribute... So we achieved to get a successfull replication after editing the "deleted objects" with ldbedit. We have deleted the two corrupted groups from this branch and it started to replicate again... Many thanks for your help anyway ! Cheers. -- Olivier BILHAUT Le 2015-02-08 20:00, samba-request at lists.samba.org a ?crit :> Send samba mailing listsubmissions to> samba at lists.samba.org > > To subscribe or unsubscribevia the World Wide Web, visit>https://lists.samba.org/mailman/listinfo/samba [4]> or, via email, senda message with subject or body 'help' to>samba-request at lists.samba.org> > You can reach the person managing thelist at> samba-owner at lists.samba.org > > When replying, please edityour Subject line so it is more specific> than "Re: Contents of sambadigest..."> > Today's Topics: > > 1. Re: Did you get my previousemail? Not Spam. (Rowland Penny)> 2. ERROR_DNS_UPDATE_FAILED andNT_STATUS_UNSUCCESSFUL> (Bob of Donelson Trophy) > 3. Hide lost+found(Ed Russell)> 4. smbclient works with IP address but not hostname(Graeme Russ)> 5. Re: Did you get my previous email? Not Spam. (JasonLong)> 6. Re: Samba4 - Corrupted group caused stop of replication - >"Object class violation" (Andrew Bartlett)> 7. Re: Did you get myprevious email? Not Spam. (Rowland Penny)> 8. Re:ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL> (Rowland Penny) >9. Re: ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL (buhorojo)>10. Re: ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL> (RowlandPenny)> 11. Re: ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL >(Bob of Donelson Trophy)> 12. Re: ERROR_DNS_UPDATE_FAILED andNT_STATUS_UNSUCCESSFUL> (Bob of Donelson Trophy) > 13. Re:ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL> (Rowland Penny) >14. https://download.samba.org/pub/samba/ [2] is broken ?> (NicoKadel-Garcia)> > Content-Transfer-Encoding: 7bit > From: Rowland Penny<rowlandpenny at googlemail.com>> Precedence: list > MIME-Version: 1.0 >To: sambalist <samba at lists.samba.org>> References:<54D1E1B3.4090709 at googlemail.com>><242229566.712515.1423294022195.JavaMail.yahoo at mail.yahoo.com>>In-Reply-To: <242229566.712515.1423294022195.JavaMail.yahoo at mail.yahoo.com>> Date:Sat, 07 Feb 2015 09:17:35 +0000> Message-ID:<54D5D82F.8030108 at googlemail.com>> Content-Type: text/plain;charset=utf-8; format=flowed> Subject: Re: [Samba] Did you get myprevious email? Not Spam.> Message: 1 > > On 07/02/15 07:27, JasonLong wrote:> >> Thanks. I removed likewiseopen and if you remember, Iinstalled CentOS 7. My AD not show any "uidNumber" or "gidNumber" and tell me "Not set". The problem is that I can't login to Linux via AD user and is it for "uidnumber" ? Tnx. On Wednesday, February 4, 2015 1:09 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: On 04/02/15 06:11, Jason Long wrote:>> >>> Thanks. You right, It tell me that"Uid not set", But is Uid my problem? I can't login to system with AD because of "uid"? If yes, Why I can login to system via Likewise ?>>Firstly, please stop sending posts directly to me, send them to the list, I am not your personal advisor ! You have been advised to remove likewiseopen, if you haven't done this yet, please remove it, once it is removed, start giving your users a uidNumber with the ADUC UNIX_Attributes tab, also give 'Domain Users' a gidNumber. Rowland> >OK, you probably have something like this in smb.conf:> > idmap configEXAMPLE : backend = ad> idmap config EXAMPLE : range = 10000-999999 >idmap config EXAMPLE : schema_mode = rfc2307> > Where 'EXAMPLE' willbe your domain name and '10000-999999' is your range.> > If you do notwant to add 'uidNumber' & 'gidNumber' attributes to AD,> change the 3lines to this:> > idmap config EXAMPLE : backend = rid > idmap configEXAMPLE : range = 10000-999999> > Restart samba services and the IDnumbers will be allocated for you.> > Rowland > >Content-Transfer-Encoding: 7bit> From: Bob of Donelson Trophy<bob at donelsontrophy.net>> Precedence: list > MIME-Version: 1.0 > To:SAMBA MailList <samba at lists.samba.org>> Date: Fri, 06 Feb 2015 12:45:20-0600> Reply-To: bob at donelsontrophy.net > Message-ID:<0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net>> Content-Type:text/plain> Subject: [Samba]=?utf-8?q?ERROR=5FDNS=5FUPDATE=5FFAILED_and_NT=5FSTATUS?> =?utf-8?q?=5FUNSUCCESSFUL?> Message: 2> > I have been strugglingwith getting a member server to join my domain.> Thanks to testing andusing a VM, I can get the test member server to> join my domain. Themember server on "real hardware" cannot join, well> sort of. > > WhenI "join", I get:> > net ads join -U Administrator > EnterAdministrator's password:> Using short domain name -- DTS***M > Joined'DTMBR01' to dns domain 'dts***m.lan'> DNS Update fordtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED> DNS updatefailed: NT_STATUS_UNSUCCESSFUL> > And when I "leave", I get: > >net ads leave -U Administrator> Enter Administrator's password: >Deleted account for 'DTMBR01' in realm 'DTS***M.LAN'> > So, I lookfor what where?> -- > > ------------------------- > > Bob Wooden ofDonelson Trophy> > 615.885.2846 (main) > www.donelsontrophy.com [1] >> "Everyone deserves an award!!" > > Links: > ------ > [1]http://www.donelsontrophy.com [1]> > Content-Transfer-Encoding:quoted-printable> From: Ed Russell <erussell at ifbqsr.com> > Precedence:list> MIME-Version: 1.0 > To: "samba at lists.samba.org"<samba at lists.samba.org>> Date: Sun, 8 Feb 2015 04:19:23 +0000 >Message-ID: <ec63c0059ff74204ad5b180d35fd2d50 at MBX04C-ORD1.mex06.mlsrvr.com>>Content-Type: text/plain; charset="iso-8859-1"> Subject: [Samba] Hidelost+found> Message: 3 > > For some reason adding: > > hide files =3D/lost+found/> > In either my global section or share section does nothide lost+found.=A0 I> t did work at some point, but has now stopped.> > I am running Samba 4.1.16.=A0 I am sure it is somethingincredibly simple.> > Content-Transfer-Encoding: 7bit > From: GraemeRuss <gruss at tss-engineering.com>> Precedence: list > MIME-Version:1.0> To: samba at lists.samba.org > Date: Sun, 08 Feb 2015 16:53:36+1100> Reply-To: gruss at tss-engineering.com > Message-ID:<54D6F9E0.5040706 at tss-engineering.com>> Content-Type: text/plain;charset=utf-8; format=flowed> Subject: [Samba] smbclient works with IPaddress but not hostname> Message: 4 > > Hi All, > > I've configureda Fedora 20 server with samba to share a few user> directories and aprinter.> > From a Windows 8 laptop, I am able to address the sambaserver by it's> name (fs1) > > From a Fedora 20 client (ws1), I amable to address the samba server by> IP address, but not by name. > >[gruss at ws1 ~]$ smbclient --version> Version 4.1.15 > > [gruss at ws1 ~]$smbclient -L 192.168.1.10> Enter gruss's password: > Domain=[TSSENG]OS=[Unix] Server=[Samba 4.1.15]> > Sharename Type Comment > ------------- -------> homes Disk Home Directories > gruss Disk > dnla Disk >charlee Disk> IPC$ IPC IPC Service (Samba Server Version 4.1.15) >MFCJ5320DW Printer MFCJ5320DW> Domain=[TSSENG] OS=[Unix] Server=[Samba4.1.15]> > Server Comment > --------- ------- > FS1 Samba ServerVersion 4.1.15> WS1 Samba Server Version 4.1.15 > > Workgroup Master >--------- -------> TSSENG FS1 > WORKGROUP CREEPYCONNORS > > [gruss at ws1~]$ smbclient -L fs1> Enter gruss's password: > protocol negotiationfailed: NT_STATUS_INVALID_NETWORK_RESPONSE> > The server is able tofully resolve ws1. I had to first start the nmb> service on ws1with:> > [root at ws1 gruss]# systemctl start nmb.service > [root at ws1gruss]# systemctl enable nmb.service> > [root at fs1 samba]# nmblookup--version> Version 4.1.15 > > [root at fs1 samba]# nmblookup ws1 >192.168.1.209 ws1<00>> > And the creepyconnors laptop: > > [root at fs1samba]# nmblookup creepyconnors> 192.168.1.211 creepyconnors<00> > >Here are the outputs from testparm:> > [root at fs1 samba]# testparm >Load smb config files from /etc/samba/smb.conf> rlimit_max: increasingrlimit_max (1024) to minimum Windows limit (16384)> Processing section"[homes]"> Processing section "[printers]" > Processing section"[gruss]"> Processing section "[dnla]" > Processing section"[charlee]"> Loaded services file OK. > Server role: ROLE_STANDALONE >Press enter to see a dump of your service definitions> > [global] >workgroup = TSSENG> server string = Samba Server Version %v >interfaces = lo, em1, 192.168.1.10/24> guest account = dlna > log file= /var/log/samba/log.%m> max log size = 50 > printcap name = cups >preferred master = Yes> idmap config * : backend = tdb > guest ok Yes > hosts allow = 127.0.0.1, 192.168.1.0/255.255.255.0 > cups options= raw> > [homes] > comment = Home Directories > read only = No > >[printers]> comment = All Printers > path = /var/spool/samba >printable = Yes> print ok = Yes > browseable = No > > [gruss] > path /home/gruss > valid users = gruss > read only = No > > [dnla] > path /home/dlna > read only = No > > [charlee] > path = /home/charlee >valid users = charlee> read only = No > > [root at ws1 gruss]# testparm >Load smb config files from /etc/samba/smb.conf> rlimit_max: increasingrlimit_max (1024) to minimum Windows limit (16384)> Processing section"[homes]"> Processing section "[printers]" > Loaded services file OK. >Server role: ROLE_STANDALONE> Press enter to see a dump of your servicedefinitions> > [global] > workgroup = TSSENG > server string = SambaServer Version %v> log file = /var/log/samba/log.%m > max log size 50 > idmap config * : backend = tdb > cups options = raw > > [homes] >comment = Home Directories> read only = No > browseable = No > >[printers]> comment = All Printers > path = /var/spool/samba >printable = Yes> print ok = Yes > browseable = No > > Any ideas whereI should start looking?> > Regards, > > Graeme > >Content-Transfer-Encoding: 7bit> From: Jason Long<hack3rcon at yahoo.com>> Precedence: list > MIME-Version: 1.0 > To:Rowland Penny <rowlandpenny at googlemail.com>,> sambalist<samba at lists.samba.org>> References:<54D5D82F.8030108 at googlemail.com>> In-Reply-To:<54D5D82F.8030108 at googlemail.com>> Date: Sun, 8 Feb 2015 06:51:32 +0000(UTC)> Reply-To: Jason Long <hack3rcon at yahoo.com> > Message-ID:<781097463.862255.1423378292290.JavaMail.yahoo at mail.yahoo.com>>Content-Type: text/plain; charset=UTF-8> Subject: Re: [Samba] Did youget my previous email? Not Spam.> Message: 5 > > Thanks a lot. > >[root at printmah ~]# getent passwd jason> jason:*:11303:10513:jasonJASON:/home/JASONDOMAIN/jason:/bin/false> > But I can't login to Linuxvia AD username and it show me :> > Last login: Sun Feb 8 01:48:322015> Could not chdir to home directory /home/JASONDOMAIN/jason: Nosuch file or directory> > I guess it can't create a Home directory forEach AD user. How can I solve it?> > Cheers. > > On Saturday,February 7, 2015 1:17 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote:> On 07/02/15 07:27, Jason Long wrote: > >> Thanks. I removedlikewiseopen and if you remember, I installed CentOS 7. My AD not show any "uidNumber" or "gidNumber" and tell me "Not set". The problem is that I can't login to Linux via AD user and is it for "uidnumber" ? Tnx. On Wednesday, February 4, 2015 1:09 AM, Rowland Penny <rowlandpenny at googlemail.com> wrote: On 04/02/15 06:11, Jason Long wrote:>> >>> Thanks. You right, It tell me that "Uid not set", But isUid my problem? I can't login to system with AD because of "uid"? If yes, Why I can login to system via Likewise ?>> Firstly, please stopsending posts directly to me, send them to the list, I am not your personal advisor ! You have been advised to remove likewiseopen, if you haven't done this yet, please remove it, once it is removed, start giving your users a uidNumber with the ADUC UNIX_Attributes tab, also give 'Domain Users' a gidNumber. Rowland> > OK, you probably havesomething like this in smb.conf:> > idmap config EXAMPLE : backend ad > idmap config EXAMPLE : range = 10000-999999 > idmap config EXAMPLE: schema_mode = rfc2307> > Where 'EXAMPLE' will be your domain nameand '10000-999999' is your range.> > If you do not want to add'uidNumber' & 'gidNumber' attributes to AD,> change the 3 lines tothis:> > idmap config EXAMPLE : backend = rid > idmap config EXAMPLE :range = 10000-999999> > Restart samba services and the ID numbers willbe allocated for you.> > Rowland > > Content-Transfer-Encoding:7bit> From: Andrew Bartlett <abartlet at samba.org> > Precedence: list >MIME-Version: 1.0> Cc: samba <samba at lists.samba.org> > To: OlivierBILHAUT <obilhaut at fondation-misericorde.fr>> References:<54f3ed5e7fe98f6c98775fdc7578e2f1 at fondation-misericorde.fr>>In-Reply-To: <54f3ed5e7fe98f6c98775fdc7578e2f1 at fondation-misericorde.fr>> Date: Sun,08 Feb 2015 20:53:02 +1300> Message-ID:<1423381982.13498.6.camel at jesse>> Content-Type: text/plain;charset="UTF-8"> Subject: Re: [Samba] Samba4 - Corrupted group causedstop of replication -> "Object class violation" > Message: 6 > > OnWed, 2015-02-04 at 11:46 +0100, Olivier BILHAUT wrote:> Hi Samba List!We are using Samba Version 4.1.12 on two master DC. We've noticed that a> >> o DC. The result of the command : "samba-tool drs showrepl" isthe following : On the first DC, INBOUND NEIGHBORS : Last attempt @ Wed Feb 4 11:26:41 2015 CET failed, result 58 (WERR_BAD_NET_RESP) 235 consecutive failure(s). On the same DC, log level at 5, we've got the following errors trying to force replication : The command : ./samba-tool drs replicate FirstDC SecondDC dc=fhm,dc=local The result in the samba log : ldb: No objectClass found in replPropertyMetaData for CN=gastroenterologie_sADEL:dd657361-ee30-409c-a8fe-388884a55e6a,CN=Deleted Objects,DC=fhm,DC=local! [2015/02/04 11:36:37.309435, 0] ../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit) Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: replmd_replicated_apply_add: error during DRS repl ADD: replmd_replicated_apply_add: error during DRS repl ADD: replmd_replicated_apply_add: error duri: Object class violation [2015/02/04 11:36:37.310110, 0] ../source4/dsdb/repl/drepl_out_helpers.c:733(dreplsrv_op_pull_source_apply_changes_trigger) Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE [2015/02/04 11:36:37.310755, 4] ../source4/dsdb/repl/drepl_out_pull.c:178(dreplsrv_pending_op_callback) dreplsrv_op_pull_source(WERR_BAD_NET_RESP) for DC=fhm,DC=local The replication works one-way, from FirstDC to SecondDC>> >> You need toforce a replication of all objects from FirstDC to SecondDC.>>'samba-tool drs replicate --full-sync' should do it.>> >>Content-Transfer-Encoding:> Rowland Penny <rowlandpenny at googlemail.com>Precedence: list MIME-Version: 1.0 To: sambalist <samba at lists.samba.org> References: <54D5D82F.8030108 at googlemail.com> <781097463.862255.1423378292290.JavaMail.yahoo at mail.yahoo.com> In-Reply-To: <781097463.862255.1423378292290.JavaMail.yahoo at mail.yahoo.com> Date: Sun, 08 Feb 2015 08:48:43 +0000 Message-ID: <54D722EB.3040206 at googlemail.com> Content-Type: text/plain; charset=utf-8; format=flowed Subject: Re: [Samba] Did you get my previous email? Not Spam. Message: 7 On 08/02/15 06:51, Jason Long wrote: Thanks a lot. [root at printmah ~]# getent passwd jason jason:*:11303:10513:jason JASON:/home/JASONDOMAIN/jason:/bin/false But I can't login to Linux via AD username and it show me : Last login: Sun Feb 8 01:48:32 2015 Could not chdir to home directory /home/JASONDOMAIN/jason: No such> >> ckquote> >> >> You actuallyhave a few problems there and you can fix them this way.>> >> Add thisto smb.conf:>> >> template shell = /bin/sh >> template homedir /home/%U >> >> restart samba >> >> Add this to/etc/pam.d/common-account:>> >> session required pam_mkhomedir.soskel=/etc/skel/ umask=0022>> >> and you should be able to login >> >>Rowland>> >> Content-Transfer-Encod > om: Rowland Penny<rowlandpenny at googlemail.com> Precedence: list MIME-Version: 1.0 To: samba at lists.samba.org References: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> In-Reply-To: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> Date: Sun, 08 Feb 2015 08:56:15 +0000 Message-ID: <54D724AF.5070006 at googlemail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Subject: Re: [Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL Message: 8 On 06/02/15 18:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Upda> >> hen I "leave", Iget: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where?>> >> Hi Bob, your machine is actually joining the domain, itis the dns>> adding bit that is failing, try joining again and see ifyou can connect>> from another client, if it doesn't, run 'samba-tooldns add --help' and>> from this work out how to add the computers dnsrecords.>> >> Rowland >> >> Content-Transfer-Encoding: 7bit From:buhorojo <buhorojo.lcb at gmail.com> Precedence: list MIME-Version: 1.0 To: samba> "mailto:samba at lists.samba.org">samba at lists.samba.org>References: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> In-Reply-To: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> Date: Sun, 08 Feb 2015 10:21:15 +0100 Message-ID: <54D72A8B.7050009 at gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Subject: Re: [Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL Message: 9 On 06/02/15 19:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_> >> terAdministrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where?>> >> The DC handling thejoin does not know the fqdn of the member server. Add:>> 127.0.0.1dtmember01.dts***m.lan dtmember01 localhost>> to /etc/hosts >> thenrejoin>> >> Content-Transfer-Encoding: 7bit From: Rowland Penny<rowlandpenny at googlemail.com> Precedence: list MIME-Version: 1.0 To: samba at lists.samba.org References: <0bf13972bd5357f87883247c>lsontrophy.net> <54D72A8B.7050009 at gmail.com> In-Reply-To: <54D72A8B.7050009 at gmail.com> Date: Sun, 08 Feb 2015 09:36:45 +0000 Message-ID: <54D72E2D.5090608 at googlemail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Subject: Re: [Samba] ERROR_DNS_UPDATE_FAILED and NT_STATUS_UNSUCCESSFUL Message: 10 On 08/02/15 09:21, buhorojo wrote: On 06/02/15 19:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERRO> >> inistrator EnterAdministrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? The DC handling the join does not know the fqdn of the member server. Add: 127.0.0.1 dtmember01.dts***m.lan dtmember01 localhost to /etc/hosts then rejoin>> >> DON'T do this, You can check that /etc/hosts has this: >> >>127.0.0.1 localhost>> <computer ip> dtmember01.dts***m.landtmember01>> >> If you do it the way advised, your computer *will*only reply to '127.0.0.1'>> >> Rowland >> >>Content-Transfer-Encoding: 7bit From: Bob of Donelson Trophy <bob at donelsontrophy.net> Precedence: list MIME-Version: 1.0 To: samba at lists.samba.org References: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> <>D72A8B.7050009 at gmail.com> In-Reply-To: <54D72A8B.7050009 at gmail.com> Date: Sun, 08 Feb 2015 08:15:37 -0600 Reply-To: bob at donelsontrophy.net Message-ID: <060425f5439c501f6c1704f661fccbe6 at donelsontrophy.net> Content-Type: text/plain Subject: Re: [Samba] =?utf-8?q?ERROR=5FDNS=5FUPDATE=5FFAILED_and_NT=5FSTATUS?=?utf-8?q?=5FUNSUCCESSFUL?= Message: 11 Never seen this mentioned before and it did not work. Sorry. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 03:21, buhorojo wrote: On 06/02/15 19:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? The DC handling the join does not> >> then rejoin >> >> Links: >>------>> [1] http://www.donelsontrophy.com [1] >> >>Content-Transfer-Encoding: 7bit From: Bob of Donelson Trophy <bob at donelsontrophy.net> Precedence: list MIME-Version: 1.0 To: samba at lists.samba.org References: <0bf13972bd5357f87883247c5e3e18bf at donelsontrophy.net> <54D724AF.5070006 at googlemail.com> In-Reply-To: <54D724AF.5070006 at googlemail.com> Date: Sun, 08 Feb 2015 08:20:44 -0600 Reply-To: bob at donelsontrophy.net Message-ID: <8d7d6a8b3683ca26112993eb24849853 at donelsontrop> ; Content-Type:text/plain Subject: Re: [Samba] =?utf-8?q?ERROR=5FDNS=5FUPDATE=5FFAILED_and_NT=5FSTATUS?=?utf-8?q?=5FUNSUCCESSFUL?= Message: 12 Once again, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 02:56, Rowland Penny wrote: On 06/02/15 18:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. Rowland> > Links: > ------ > [1] Onceagain, Bob is in 'the land of unknown bind knowledge.' What type of data am I adding? Shouldn't dns_update be run when adding the member server? Is this a "simple-bind-dn"? hum-m-m-m! --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-02-08 02:56, Rowland Penny wrote: On 06/02/15 18:45, Bob of Donelson Trophy wrote: I have been struggling with getting a member server to join my domain. Thanks to testing and using a VM, I can get the test member server to join my domain. The member server on "real hardware" cannot join, well sort of. When I "join", I get: net ads join -U Administrator Enter Administrator's password: Using short domain name -- DTS***M Joined 'DTMBR01' to dns domain 'dts***m.lan' DNS Update for dtmember01.dts***m.lan failed: ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL And when I "leave", I get: net ads leave -U Administrator Enter Administrator's password: Deleted account for 'DTMBR01' in realm 'DTS***M.LAN' So, I look for what where? Hi Bob, your machine is actually joining the domain, it is the dns adding bit that is failing, try joining again and see if you can connect from another client, if it doesn't, run 'samba-tool dns add --help' and from this work out how to add the computers dns records. Rowland Links: ------ [1] http://www.donelsontrophy.com [1]> > OK, test your member ser>lt;Member Server FQDN> A Where: <DC FQDN> is the fully qualified domain name of the DC i.e. DC.example.com <DNS Domain> is the domain name you are using i.e. example.com <Member Server FQDN> is the fully qualified domain name of the Member Server i.e. memberserver.example.com If it isn't there, then add it: samba-tool dns add <DC FQDN> <DNS Domain> <Member Server FQDN> A <IPaddress> <IPaddress> is the member server ipaddress i.e. 192.168.0.247 Rowland>> >> From: Nico Kadel-Garcia<nkadel at gmail.com>>> Precedence: list >> MIME-Version: 1.0 >> To:"samba at lists.samba.org" <samba at lists.samba.org>>> Date: Sun, 8 Feb 201509:52:56 -0500>> Message-ID:<CAOCN9rz1afFyCtEnOXQ9F40h2-KKJYeuXX1VkdzQdsSPRWr3Ew at mail.gmail.com>>>Content-Type: text/plain; charset=UTF-8>> Subject: [Samba]https://download.samba.org/pub/samba/ [2] is broken ?>> Message: 14 >>>> Looks like https://download.samba.org/pub/samba/ [2] is failing.Other>> targets, such ashttps://download.samba.org/pub/samba/old-versions/, [3]>> areworking.>> >> It's not a problem for me personally today, I was justpointing>> someone to the source tarball and noticed the issue. >> >>_______________________________________________ samba mailing list>to:samba at lists.samba.org">samba at lists.samba.org https://lists.samba.org/mailman/listinfo/samba [4] Links: ------ [1] http://www.donelsontrophy.com [2] https://download.samba.org/pub/samba/ [3] https://download.samba.org/pub/samba/old-versions/, [4] https://lists.samba.org/mailman/listinfo/samba
Andrew Bartlett
2015-Feb-10 09:10 UTC
[Samba] Samba4 - Corrupted group caused stop of replication - "Object class violation"
On Mon, 2015-02-09 at 10:04 +0100, Olivier BILHAUT wrote:> > Hi Andrew, > > Thanks for your reply. > > We tried successfully the > --full-sync option from first to second DC. Unfortunately, afterwards > the second DC was still in a corrupted state. The "Deleted Objects" > still contained the ugly groups with the missing attribute... > > So we > achieved to get a successfull replication after editing the "deleted > objects" with ldbedit. We have deleted the two corrupted groups from > this branch and it started to replicate again...It is safer to use dbcheck to do that. Make sure you re-index with dbcheck after any of these not-advised manual backend edits. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Olivier BILHAUT
2015-Feb-12 09:33 UTC
[Samba] Samba4 - Corrupted group caused stop of replication - "Object class violation"
Hi Andrew, I checked with dbcheck with no errors and I forced re-indexation as you advised on both DC. All seems fine now. Thanks for your help. -- Olivier Le 2015-02-10 10:10, Andrew Bartlett a ?crit :> On Mon, 2015-02-09 at 10:04 +0100, Olivier BILHAUT wrote: >>> Hi Andrew, Thanks for your reply. We tried successfully the--full-sync option from first to second DC. Unfortunately, afterwards the second DC was still in a corrupted state. The "Deleted Objects" still contained the ugly groups with the missing attribute... So we achieved to get a successfull replication after editing the "deleted objects" with ldbedit. We have deleted the two corrupted groups from this branch and it started to replicate again...> > It is safer to usedbcheck to do that. Make sure you re-index with> dbcheck after any ofthese not-advised manual backend edits.> > Andrew Bartlett