Garming Sam
2017-Sep-28 21:21 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
Did you check that these groups were actually consistent before you upgraded (have you got a backup to look at the old groups)? The consistency checking definitely got stricter in 4.7, but there may still be a bug here. Cheers, Garming On 29/09/17 10:02, Arthur Ramsey via samba wrote:> I fixed this with the following process. > > 1. Identify affected groups with "samba-tool dbcheck --cross-ncs", > which reports errors like "ERROR: orphaned backlink attribute > 'memberOf'". > 2. Create new group > 3. Execute "perl ad_clone_group.pl 'Foobar_Group' ''New_Group" to copy > members from broken group to new group: https://pastebin.com/6L8NZPRC > 4. Delete bad group > 5. Rename new group to name of bad group > 6. Expunge tombstone with "samba-tool domain tombstones expunge > --tombstone-lifetime=0" > 7. Check with "samba-tool dbcheck --cross-ncs --fix" again > > Thanks, > Arthur > > > > This e-mail and any attachments may contain CONFIDENTIAL information, > including PROTECTED HEALTH INFORMATION. If you are not the intended > recipient, any use or disclosure of this information is STRICTLY > PROHIBITED; you are requested to delete this e-mail and any > attachments, notify the sender immediately, and notify the Mediture > Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2017-Sep-28 22:05 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
I think there were some conflicts between the DCs that got resolved badly after the upgrade. There were no orphaned backlinks though. I looked at a backup of the ldb files to confirm. Thanks, Arthur On 09/28/2017 04:21 PM, Garming Sam wrote:> Did you check that these groups were actually consistent before you > upgraded (have you got a backup to look at the old groups)? The > consistency checking definitely got stricter in 4.7, but there may > still be a bug here. > > > Cheers, > > GarmingThis e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.
Arthur Ramsey
2017-Sep-29 16:17 UTC
[Samba] Samba 4.7.0 replication issue: failed get spanning tree edges
Make sure you have a back of your LDB files before you do my procedure or a dump of your SID and GIDs. ldbsearch -H *.ldb '(objectClass=group)' | egrep 'dn:|gidNumber:|objectSid:' Thanks, Arthur This e-mail and any attachments may contain CONFIDENTIAL information, including PROTECTED HEALTH INFORMATION. If you are not the intended recipient, any use or disclosure of this information is STRICTLY PROHIBITED; you are requested to delete this e-mail and any attachments, notify the sender immediately, and notify the Mediture Privacy Officer at privacyofficer at mediture.com.