samba - May 2017 - attributeID is not known in our schema, not fixing replPropertyMetaData

Hi
 
We migrated Windows 2003 with Exchange to Samba 4.2.14, 4.3.11 (we have few
Samba DCs). Exchange is not needed. Joining was OK but replication is not
working.
 
Forcing sync with all attributes from the original WIN DC does not work
 
Seems like the most accurate Samba 4.2.14 (used for changing passwords, adding
users etc) has DB error:
 
samba-tool dbcheck :
 
ERROR(<type 'exceptions.KeyError'>): uncaught exception -
"Failed to find attribute '0xb7d8382'"
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
 
It exits on first error
 
 
 
On 4.3.11 the check continue with one error only at a Deleted Object:
 
ERROR: attributeID 0XB7D8382 is not known in our schema, not fixing
replPropertyMetaData
 
 
 
 
we even tried 4.5 but we still have the error. Is there a way to reset
replPropertyMetaData? How to fix this?
 
This attribute is present on most Users and there is one more that appears on
few computers. It is Exchange related.

I expected that someone had the same problem before.

DBchecker module does not provide fix for this. The implication is that the main
Samba DC is working fine but does not allow replication with other DCs. They
report WERR_DS_DRA_INTERNAL_ERROR in samba-tool dsr showrepl for two two
sections: Configuration and the main one that contains the users. Other sections
replicate fine.

Promoting new DC also does not work. Data (both new and old) are locked in this
single DC 4.2.14. Exporting the database and importing it in 4.6.3 fix some
things but not this one.

We found that replPropertyMetaData is uniquie for each user, setting it empty
"fix the error' but breaks the user object.

How to recreate this attribute properly? How to remove all entries about
attributeId 0XB7D8382? It was inherited from Exchange.



> Sent: Monday, May 22, 2017 at 10:10 AM
> From: "Karan Blas via samba" <samba at lists.samba.org>
> To: samba at lists.samba.org
> Subject: [Samba] attributeID is not known in our schema, not fixing
replPropertyMetaData
>
> Hi
>  
> We migrated Windows 2003 with Exchange to Samba 4.2.14, 4.3.11 (we have few
Samba DCs). Exchange is not needed. Joining was OK but replication is not
working.
>  
> Forcing sync with all attributes from the original WIN DC does not work
>  
> Seems like the most accurate Samba 4.2.14 (used for changing passwords,
adding users etc) has DB error:
>  
> samba-tool dbcheck :
>  
> ERROR(<type 'exceptions.KeyError'>): uncaught exception -
"Failed to find attribute '0xb7d8382'"
>   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,
in _run
>     return self.run(*args, **kwargs)
>  
> It exits on first error
>  
>  
>  
> On 4.3.11 the check continue with one error only at a Deleted Object:
>  
> ERROR: attributeID 0XB7D8382 is not known in our schema, not fixing
replPropertyMetaData
>  
>  
>  
>  
> we even tried 4.5 but we still have the error. Is there a way to reset
replPropertyMetaData? How to fix this?
>  
> This attribute is present on most Users and there is one more that appears
on few computers. It is Exchange related.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On Fri, 26 May 2017 13:32:52 +0200
Karan Blas via samba <samba at lists.samba.org> wrote:
> I expected that someone had the same problem before.
> 
> DBchecker module does not provide fix for this. The implication is
> that the main Samba DC is working fine but does not allow replication
> with other DCs. They report WERR_DS_DRA_INTERNAL_ERROR in samba-tool
> dsr showrepl for two two sections: Configuration and the main one
> that contains the users. Other sections replicate fine.
> 
> Promoting new DC also does not work. Data (both new and old) are
> locked in this single DC 4.2.14. Exporting the database and importing
> it in 4.6.3 fix some things but not this one.
> 
> We found that replPropertyMetaData is uniquie for each user, setting
> it empty "fix the error' but breaks the user object.
> 
> How to recreate this attribute properly? How to remove all entries
> about attributeId 0XB7D8382? It was inherited from Exchange.
As far as I am aware, you cannot use exchange with a Samba AD DC, so
I think you need to remove all the exchange schema etc from your Samba
AD. I do not know of a way of doing this.

If you still have the windows server, it may be easier to remove
exchange from this and then migrate again.

I did a quick internet search and found this:

https://social.technet.microsoft.com/Forums/exchange/en-US/7ad33f2c-b34c-44d0-93bb-b71b2019f932/uninstallremove-exchange-2010-from-ad

Don't know if it will work and if you try, try it on a test machine and
don't blame me if it doesn't work ;-)

Rowland

On Fri, 2017-05-26 at 13:32 +0200, Karan Blas via samba
wrote:
> I expected that someone had the same problem before.
> 
> DBchecker module does not provide fix for this. The implication is
> that the main Samba DC is working fine but does not allow replication
> with other DCs. They report WERR_DS_DRA_INTERNAL_ERROR in samba-tool
> dsr showrepl for two two sections: Configuration and the main one
> that contains the users. Other sections replicate fine.
> 
> Promoting new DC also does not work. Data (both new and old) are
> locked in this single DC 4.2.14. Exporting the database and importing
> it in 4.6.3 fix some things but not this one.
> 
> We found that replPropertyMetaData is uniquie for each user, setting
> it empty "fix the error' but breaks the user object.
Correct, if you delete replPropertyMetaData in any way, you totally
break replication. 
> How to recreate this attribute properly? How to remove all entries
> about attributeId 0XB7D8382? It was inherited from Exchange.
Have you tried to remove the exchange schema from Samba?

As you are probably aware by now, it is not permitted to remove schema,
it will just break the directory.  Additionally, we have had various
bugs around the schema allocation for the ID numbers, and this is
probably where things have gone wrong for you.  This is fixed in 4.5.

If this entry is on a deleted object, you could use samba-tool domain
tombstones expunge to wipe it by choosing a shorter lifetime than 180
days.  That would be the easiest way out of your pickle. 

For others, we hope to support the exchange schema soon, via the 2012
schema.

I hope this helps,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba