Chris Alavoine
2016-Oct-14 14:35 UTC
[Samba] Joining a Windows Server 2008 R2 to existing Samba4 domain
Hi Marc, Thanks for your reply. We are using BIND9_DLZ currently as the DNS backend I manually selected a replication partner (the FSMO roles DC). We do have some errors when doing a dbcheck but I'm not able to fix them. I've detailed this in another post. Here is an example of each type: Example1: *ERROR: incorrect GUID component for member in object CN=examplegroup,OU=Groups,DC=example,DC=internal,DC=com - <GUID=77ad92b5ade70e449dcc481624928310>;<RMD_ADDTIME=130393476680000000>;<RMD_CHANGETIME=130976799640000000>;<RMD_FLAGS=1>;<RMD_INVOCID=98307faefea70749933e6946b1b14420>;<RMD_LOCAL_USN=1445979>;<RMD_ORIGINATING_USN=303848>;<RMD_VERSION=1>;<SID=010500000000000515000000e8e83f391df4408a63c6a6b4d25a0000>;CN=simon.test,CN=Users,DC=example,DC=internal,DC=com* Example2: *ERROR: incorrect DN string component for member in object CN=admin-group-001,OU=Groups,DC=example,DC=internal,DC=com - <GUID=38370cfc-6751-49bb-945e-d2b5e028f0f3>;<RMD_ADDTIME=130941544260000000>;<RMD_CHANGETIME=130941560040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=a65d0f39-311e-4031-aa56-a8585bfc1b8f>;<RMD_LOCAL_USN=1443123>;<RMD_ORIGINATING_USN=1443123>;<RMD_VERSION=1>;<SID=S-1-5-21-960489704-2319512605-3030828643-1219569>;CN=user.test,OU=Test OU,DC=example,DC=internal,DC=com* Example3: *unable to find object for DN CN=test.user2,CN=Users,DC=example,DC=internal,DC=com - (No such Base DN: CN=test.user2,CN=Users,DC=example,DC=internal,DC=com)* *Not removing dangling forward link* I have edited these entries to maintain anonymity. Any ideas on how to remove these errors? Thanks again, Chris. On 14 October 2016 at 15:17, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hi Chris, > > Am 14.10.2016 um 11:53 schrieb Chris Alavoine via samba: > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_ > 2008_/_2008_R2_DC_to_a_Samba_AD > > > > but have never managed to get full replication working. > > > > Could this be because I'm coming from a classicupgrade? Has anyone else > out > > there managed to get this working? > > I'm the author of this documentation. I recently rewrote it and at the > same time retested the procedure with 4.5.0 and everything worked. > However, I know this does not help you. :-) > > * What DNS back end do you use? Internal or BIND9_DLZ? > > * Did you let 2008 auto-select a replication partner during the dcpromo > or did you select a specific DC? > > * Does "samba-tool dbcheck --cross-ncs" shows any errors? Fix them. > > > Regards, > Marc >-- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192
Rowland Penny
2016-Oct-14 14:47 UTC
[Samba] Joining a Windows Server 2008 R2 to existing Samba4 domain
On Fri, 14 Oct 2016 15:35:08 +0100 Chris Alavoine via samba <samba at lists.samba.org> wrote:> Hi Marc, > > Thanks for your reply. > > We are using BIND9_DLZ currently as the DNS backend > > I manually selected a replication partner (the FSMO roles DC). > > We do have some errors when doing a dbcheck but I'm not able to fix > them. I've detailed this in another post. > > Here is an example of each type: > > Example1: > *ERROR: incorrect GUID component for member in object > CN=examplegroup,OU=Groups,DC=example,DC=internal,DC=com - > <GUID=77ad92b5ade70e449dcc481624928310>;<RMD_ADDTIME=130393476680000000>;<RMD_CHANGETIME=130976799640000000>;<RMD_FLAGS=1>;<RMD_INVOCID=98307faefea70749933e6946b1b14420>;<RMD_LOCAL_USN=1445979>;<RMD_ORIGINATING_USN=303848>;<RMD_VERSION=1>;<SID=010500000000000515000000e8e83f391df4408a63c6a6b4d25a0000>;CN=simon.test,CN=Users,DC=example,DC=internal,DC=com* > > Example2: > *ERROR: incorrect DN string component for member in object > CN=admin-group-001,OU=Groups,DC=example,DC=internal,DC=com - > <GUID=38370cfc-6751-49bb-945e-d2b5e028f0f3>;<RMD_ADDTIME=130941544260000000>;<RMD_CHANGETIME=130941560040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=a65d0f39-311e-4031-aa56-a8585bfc1b8f>;<RMD_LOCAL_USN=1443123>;<RMD_ORIGINATING_USN=1443123>;<RMD_VERSION=1>;<SID=S-1-5-21-960489704-2319512605-3030828643-1219569>;CN=user.test,OU=Test > OU,DC=example,DC=internal,DC=com* > > Example3: > *unable to find object for DN > CN=test.user2,CN=Users,DC=example,DC=internal,DC=com - (No such Base > DN: CN=test.user2,CN=Users,DC=example,DC=internal,DC=com)* > *Not removing dangling forward link* > > I have edited these entries to maintain anonymity. > > Any ideas on how to remove these errors? >There appears to be a bug report for this: https://bugzilla.samba.org/show_bug.cgi?id=12297 The last comment on that is: We're hoping to backport this soon. But before all that, can you please patch dbcheck and run it to confirm you see a new error message ('Try running "samba-tool domain tombstones expunge"')? Rowland
Chris Alavoine
2016-Oct-17 16:32 UTC
[Samba] Joining a Windows Server 2008 R2 to existing Samba4 domain
Hi Marc, Unfortunately, I have around 600 of these errors. I've tested manually deleting an offending entry using ldbedit -H and the subsequent dbcheck test goes down by 1 so this would suggest that I can fix it this way... although not sure if this is: a. A good idea b: The best way to fix this. Any pointers most welcome. Thanks, Chris. On 14 October 2016 at 15:35, Chris Alavoine <chrisa at acs-info.co.uk> wrote:> Hi Marc, > > Thanks for your reply. > > We are using BIND9_DLZ currently as the DNS backend > > I manually selected a replication partner (the FSMO roles DC). > > We do have some errors when doing a dbcheck but I'm not able to fix them. > I've detailed this in another post. > > Here is an example of each type: > > Example1: > *ERROR: incorrect GUID component for member in object > CN=examplegroup,OU=Groups,DC=example,DC=internal,DC=com - > <GUID=77ad92b5ade70e449dcc481624928310>;<RMD_ADDTIME> 130393476680000000>;<RMD_CHANGETIME=130976799640000000> > ;<RMD_FLAGS=1>;<RMD_INVOCID=98307faefea70749933e6946b1b144 > 20>;<RMD_LOCAL_USN=1445979>;<RMD_ORIGINATING_USN=303848>;< > RMD_VERSION=1>;<SID=010500000000000515000000e8e83f > 391df4408a63c6a6b4d25a0000>;CN=simon.test,CN=Users,DC> example,DC=internal,DC=com* > > Example2: > *ERROR: incorrect DN string component for member in object > CN=admin-group-001,OU=Groups,DC=example,DC=internal,DC=com - > <GUID=38370cfc-6751-49bb-945e-d2b5e028f0f3>;<RMD_ADDTIME> 130941544260000000>;<RMD_CHANGETIME=130941560040000000> > ;<RMD_FLAGS=1>;<RMD_INVOCID=a65d0f39-311e-4031-aa56- > a8585bfc1b8f>;<RMD_LOCAL_USN=1443123>;<RMD_ORIGINATING_USN> 1443123>;<RMD_VERSION=1>;<SID=S-1-5-21-960489704-2319512605- > 3030828643-1219569>;CN=user.test,OU=Test > OU,DC=example,DC=internal,DC=com* > > Example3: > *unable to find object for DN > CN=test.user2,CN=Users,DC=example,DC=internal,DC=com - (No such Base DN: > CN=test.user2,CN=Users,DC=example,DC=internal,DC=com)* > *Not removing dangling forward link* > > I have edited these entries to maintain anonymity. > > Any ideas on how to remove these errors? > > Thanks again, > Chris. > > On 14 October 2016 at 15:17, Marc Muehlfeld <mmuehlfeld at samba.org> wrote: > >> Hi Chris, >> >> Am 14.10.2016 um 11:53 schrieb Chris Alavoine via samba: >> > https://wiki.samba.org/index.php/Joining_a_Windows_Server_20 >> 08_/_2008_R2_DC_to_a_Samba_AD >> > >> > but have never managed to get full replication working. >> > >> > Could this be because I'm coming from a classicupgrade? Has anyone else >> out >> > there managed to get this working? >> >> I'm the author of this documentation. I recently rewrote it and at the >> same time retested the procedure with 4.5.0 and everything worked. >> However, I know this does not help you. :-) >> >> * What DNS back end do you use? Internal or BIND9_DLZ? >> >> * Did you let 2008 auto-select a replication partner during the dcpromo >> or did you select a specific DC? >> >> * Does "samba-tool dbcheck --cross-ncs" shows any errors? Fix them. >> >> >> Regards, >> Marc >> > > > > -- > ACS (Alavoine Computer Services Ltd) > Chris Alavoine > mob +44 (0)7724 710 730 > www.alavoinecs.co.uk > http://twitter.com/#!/alavoinecs > http://www.linkedin.com/pub/chris-alavoine/39/606/192 >-- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192
Rowland Penny
2016-Oct-17 16:52 UTC
[Samba] Joining a Windows Server 2008 R2 to existing Samba4 domain
On Mon, 17 Oct 2016 17:32:34 +0100 Chris Alavoine via samba <samba at lists.samba.org> wrote:> Hi Marc, > > Unfortunately, I have around 600 of these errors. > > I've tested manually deleting an offending entry using ldbedit -H and > the subsequent dbcheck test goes down by 1 so this would suggest that > I can fix it this way... although not sure if this is: > > a. A good idea > b: The best way to fix this. > > Any pointers most welcome. >Further to what I posted last time, to get the tombstone expunge command, you will need domain.py from git. Rowland
Chris Alavoine
2016-Oct-18 15:27 UTC
[Samba] Joining a Windows Server 2008 R2 to existing Samba4 domain
Hi Rowland, Just saw your message on the lists about adding a tombstone command by using domain.py. I appear to have domain.py in /usr/local/samba/lib/python2.7/site-packages/samba/netcmd, do I need to do something to activate this? Thanks, Chris. On 17 October 2016 at 17:32, Chris Alavoine <chrisa at acs-info.co.uk> wrote:> Hi Marc, > > Unfortunately, I have around 600 of these errors. > > I've tested manually deleting an offending entry using ldbedit -H and the > subsequent dbcheck test goes down by 1 so this would suggest that I can fix > it this way... although not sure if this is: > > a. A good idea > b: The best way to fix this. > > Any pointers most welcome. > > Thanks, > Chris. > > On 14 October 2016 at 15:35, Chris Alavoine <chrisa at acs-info.co.uk> wrote: > >> Hi Marc, >> >> Thanks for your reply. >> >> We are using BIND9_DLZ currently as the DNS backend >> >> I manually selected a replication partner (the FSMO roles DC). >> >> We do have some errors when doing a dbcheck but I'm not able to fix them. >> I've detailed this in another post. >> >> Here is an example of each type: >> >> Example1: >> *ERROR: incorrect GUID component for member in object >> CN=examplegroup,OU=Groups,DC=example,DC=internal,DC=com - >> <GUID=77ad92b5ade70e449dcc481624928310>;<RMD_ADDTIME=1303934 >> 76680000000>;<RMD_CHANGETIME=130976799640000000>;<RMD_ >> FLAGS=1>;<RMD_INVOCID=98307faefea70749933e6946b1b14420>;< >> RMD_LOCAL_USN=1445979>;<RMD_ORIGINATING_USN=303848>;<RMD_ >> VERSION=1>;<SID=010500000000000515000000e8e83f391df4408a63c6 >> a6b4d25a0000>;CN=simon.test,CN=Users,DC=example,DC=internal,DC=com* >> >> Example2: >> *ERROR: incorrect DN string component for member in object >> CN=admin-group-001,OU=Groups,DC=example,DC=internal,DC=com - >> <GUID=38370cfc-6751-49bb-945e-d2b5e028f0f3>;<RMD_ADDTIME=130 >> 941544260000000>;<RMD_CHANGETIME=130941560040000000>;<RMD_ >> FLAGS=1>;<RMD_INVOCID=a65d0f39-311e-4031-aa56-a8585bfc1b8f>; >> <RMD_LOCAL_USN=1443123>;<RMD_ORIGINATING_USN=1443123>;<RMD_ >> VERSION=1>;<SID=S-1-5-21-960489704-2319512605-303082864 >> 3-1219569>;CN=user.test,OU=Test >> OU,DC=example,DC=internal,DC=com* >> >> Example3: >> *unable to find object for DN >> CN=test.user2,CN=Users,DC=example,DC=internal,DC=com - (No such Base DN: >> CN=test.user2,CN=Users,DC=example,DC=internal,DC=com)* >> *Not removing dangling forward link* >> >> I have edited these entries to maintain anonymity. >> >> Any ideas on how to remove these errors? >> >> Thanks again, >> Chris. >> >> On 14 October 2016 at 15:17, Marc Muehlfeld <mmuehlfeld at samba.org> wrote: >> >>> Hi Chris, >>> >>> Am 14.10.2016 um 11:53 schrieb Chris Alavoine via samba: >>> > https://wiki.samba.org/index.php/Joining_a_Windows_Server_20 >>> 08_/_2008_R2_DC_to_a_Samba_AD >>> > >>> > but have never managed to get full replication working. >>> > >>> > Could this be because I'm coming from a classicupgrade? Has anyone >>> else out >>> > there managed to get this working? >>> >>> I'm the author of this documentation. I recently rewrote it and at the >>> same time retested the procedure with 4.5.0 and everything worked. >>> However, I know this does not help you. :-) >>> >>> * What DNS back end do you use? Internal or BIND9_DLZ? >>> >>> * Did you let 2008 auto-select a replication partner during the dcpromo >>> or did you select a specific DC? >>> >>> * Does "samba-tool dbcheck --cross-ncs" shows any errors? Fix them. >>> >>> >>> Regards, >>> Marc >>> >> >> >> >> -- >> ACS (Alavoine Computer Services Ltd) >> Chris Alavoine >> mob +44 (0)7724 710 730 >> www.alavoinecs.co.uk >> http://twitter.com/#!/alavoinecs >> http://www.linkedin.com/pub/chris-alavoine/39/606/192 >> > > > > -- > ACS (Alavoine Computer Services Ltd) > Chris Alavoine > mob +44 (0)7724 710 730 > www.alavoinecs.co.uk > http://twitter.com/#!/alavoinecs > http://www.linkedin.com/pub/chris-alavoine/39/606/192 >-- ACS (Alavoine Computer Services Ltd) Chris Alavoine mob +44 (0)7724 710 730 www.alavoinecs.co.uk http://twitter.com/#!/alavoinecs http://www.linkedin.com/pub/chris-alavoine/39/606/192