Hi Guys. Today i experienced a problem with my samba 4 AD. I have a master(AD1) and a member(AD2) in a replicated environment. I´ve just checked that my AD2 has some issues when i did this test: ---------------------------------------------------------------------------------- ldbsearch --url=/usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local objectGUID: 3b885301-279f-4dd7-92ce-cc6f6dfd5e34 # record 2 dn: CN=NTDS Settings,CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local objectGUID: 21a051e3-0e5c-4ffd-af1b-a7edeb348325 ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=250263808 search error - Indexed and full searches both failed! ---------------------------------------------------------------------------------- In my AD1 everything is ok. Do you known if there is a way to repair my AD2 ? Thanks! -- ------------------------------------------- Edson Tadeu Almeida Silveira http://sites.google.com/site/edsontadeu/ -------------------------------------------
On Mon, 2017-05-22 at 12:28 -0300, Edson Tadeu Almeida da Silveira via samba wrote:> Hi Guys. > > Today i experienced a problem with my samba 4 AD. > > I have a master(AD1) and a member(AD2) in a replicated environment. > > I´ve just checked that my AD2 has some issues when i did this test: > > ------------------------------------------------------------------- > --------------- > ldbsearch --url=/usr/local/samba/private/sam.ldb '(invocationid=*)' > --cross-ncs objectguid > > # record 1 > dn: CN=NTDS > Settings,CN=AD2,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=domain,DC=local > objectGUID: 3b885301-279f-4dd7-92ce-cc6f6dfd5e34 > > # record 2 > dn: CN=NTDS > Settings,CN=AD1,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=domain,DC=local > objectGUID: 21a051e3-0e5c-4ffd-af1b-a7edeb348325 > > ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb): > tdb_rec_read bad magic 0xd9fee666 at offset=250263808 > > search error - Indexed and full searches both failed! > ------------------------------------------------------------------- > --------------- > > In my AD1 everything is ok. > > Do you known if there is a way to repair my AD2 ? > > Thanks!If you do not have any data stranded on AD2, just demote it (samba-tool domain demote --remove-other-dead-server) and re-join it. However do carefully inspect your hardware, this should only happen if you have bad hardware or a VM environment that is not propagating write barriers. If you keep backups you may be able to work out when it happened and correlate with an unexpected poweroff etc. I wrote with Rusty a tool ldbdump to recover data from such databases, if you have stranded data, but returning it to the replicated state is still non-trivial. I hope this helps, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Resync the good db to the other server. samba-tool drs replicate DC2 DC2 DC=YOUR,DC=DOMAIN,DC=TLD --full-sync Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Edson Tadeu Almeida da Silveira via samba > Verzonden: maandag 22 mei 2017 17:29 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Samba4 AD Corrupted Member > > Hi Guys. > > Today i experienced a problem with my samba 4 AD. > > I have a master(AD1) and a member(AD2) in a replicated environment. > > I´ve just checked that my AD2 has some issues when i did this test: > > -------------------------------------------------------------- > -------------------- > ldbsearch --url=/usr/local/samba/private/sam.ldb '(invocationid=*)' > --cross-ncs objectguid > > # record 1 > dn: CN=NTDS > Settings,CN=AD2,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=domain,DC=local > objectGUID: 3b885301-279f-4dd7-92ce-cc6f6dfd5e34 > > # record 2 > dn: CN=NTDS > Settings,CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=domain,DC=local > objectGUID: 21a051e3-0e5c-4ffd-af1b-a7edeb348325 > > ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb): > tdb_rec_read bad magic 0xd9fee666 at offset=250263808 > > search error - Indexed and full searches both failed! > -------------------------------------------------------------- > -------------------- > > In my AD1 everything is ok. > > Do you known if there is a way to repair my AD2 ? > > Thanks! > > -- > > ------------------------------------------- > Edson Tadeu Almeida Silveira > http://sites.google.com/site/edsontadeu/ > ------------------------------------------- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Tue, 2017-05-23 at 08:46 +0200, L.P.H. van Belle via samba wrote:> Resync the good db to the other server. > > samba-tool drs replicate DC2 DC2 DC=YOUR,DC=DOMAIN,DC=TLD --full-syncI'm sorry, but: This is not a correct solution when there is TDB level corruption. The DC must be demoted and re-joined to address corruption at the TDB level. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi Andrew! Thanks for you suggest. I did that. I have Demoted my DC2 and promoted with a clear configuration and everything is ok again. I really don´t known i could this happen. I keep my two Domain controller in two different environment, DC1 with Vmware and DC2 with Xenserver. Thanks again!!! 2017-05-22 21:44 GMT-03:00 Andrew Bartlett <abartlet at samba.org>:> On Mon, 2017-05-22 at 12:28 -0300, Edson Tadeu Almeida da Silveira via > samba wrote: > > Hi Guys. > > > > Today i experienced a problem with my samba 4 AD. > > > > I have a master(AD1) and a member(AD2) in a replicated environment. > > > > I´ve just checked that my AD2 has some issues when i did this test: > > > > ------------------------------------------------------------------- > > --------------- > > ldbsearch --url=/usr/local/samba/private/sam.ldb '(invocationid=*)' > > --cross-ncs objectguid > > > > # record 1 > > dn: CN=NTDS > > Settings,CN=AD2,CN=Servers,CN=Default-First-Site- > > Name,CN=Sites,CN=Configuration,DC=domain,DC=local > > objectGUID: 3b885301-279f-4dd7-92ce-cc6f6dfd5e34 > > > > # record 2 > > dn: CN=NTDS > > Settings,CN=AD1,CN=Servers,CN=Default-First-Site- > > Name,CN=Sites,CN=Configuration,DC=domain,DC=local > > objectGUID: 21a051e3-0e5c-4ffd-af1b-a7edeb348325 > > > > ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAIN,DC=LOCAL.ldb): > > tdb_rec_read bad magic 0xd9fee666 at offset=250263808 > > > > search error - Indexed and full searches both failed! > > ------------------------------------------------------------------- > > --------------- > > > > In my AD1 everything is ok. > > > > Do you known if there is a way to repair my AD2 ? > > > > Thanks! > > If you do not have any data stranded on AD2, just demote it (samba-tool > domain demote --remove-other-dead-server) and re-join it. > > However do carefully inspect your hardware, this should only happen if > you have bad hardware or a VM environment that is not propagating > write barriers. > > If you keep backups you may be able to work out when it happened and > correlate with an unexpected poweroff etc. > > I wrote with Rusty a tool ldbdump to recover data from such databases, > if you have stranded data, but returning it to the replicated state is > still non-trivial. > > I hope this helps, > > Andrew Bartlett > > -- > Andrew Bartlett > https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Development and Support, Catalyst IT > https://catalyst.net.nz/services/samba > > > > >-- ------------------------------------------- Edson Tadeu Almeida Silveira http://sites.google.com/site/edsontadeu/ -------------------------------------------
Apparently Analagous Threads
- Samba4 AD Corrupted Member
- Samba4 AD Corrupted Member
- Fail to login from trusted AD: NT_STATUS_TRUSTED_DOMAIN_FAILURE
- Problems with Samba 4.5.16 - configuring a second failover AD DC and joining this to an existing domain SAMDOM
- Samba 4 AD replication issues