On 22/05/2020 13:18, Alex wrote:>> On 22/05/2020 12:59, Alex wrote >>> I apologies, I mistyped the value in grep. This one does find the record in >>> Samba: >>> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'CN=Users,DC=domain,DC=com' -s sub '(objectClass=group)' 2>&1 | grep videdom >>> dn: CN=videdom,CN=Users,DC=domain,DC=com >>> ... >> Try changing the search base to 'CN=Deleted Objects,DC=domain,DC=com' >> and see if the record exists there as well. > Yeah, I've already tried that: > # ldbsearch --cross-ncs --show-binary --show-deleted -H > /usr/local/samba/private/sam.ldb -b 'CN=Deleted Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | wc -l > 496 > > # ldbsearch --cross-ncs --show-binary --show-deleted -H > /usr/local/samba/private/sam.ldb -b 'CN=Deleted Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | grep vided | wc -l > 0 > > Also tried to restart samba - didn't help, errors still present in the log. >That is weird, the deleted object doesn't seem to exist, but replication thinks it does. Wanders off, shaking head and thinking ;-) Rowland
Hello Rowland, JFYI, I was able to fix it by restoring the object in AD on the Windows DC, cleaning up Unix Attributes and then deleting it again. Looks like the issue happened b/c I deleted the object with Unix Attributes (and NIS group) set up.> On 22/05/2020 13:18, Alex wrote: >>> On 22/05/2020 12:59, Alex wrote >>>> I apologies, I mistyped the value in grep. This one does find the record in >>>> Samba: >>>> # ldbsearch --cross-ncs --show-binary -H /usr/local/samba/private/sam.ldb -b 'CN=Users,DC=domain,DC=com' -s sub '(objectClass=group)' 2>&1 | grep videdom >>>> dn: CN=videdom,CN=Users,DC=domain,DC=com >>>> ... >>> Try changing the search base to 'CN=Deleted Objects,DC=domain,DC=com' >>> and see if the record exists there as well. >> Yeah, I've already tried that: >> # ldbsearch --cross-ncs --show-binary --show-deleted -H >> /usr/local/samba/private/sam.ldb -b 'CN=Deleted Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | wc -l >> 496 >> >> # ldbsearch --cross-ncs --show-binary --show-deleted -H >> /usr/local/samba/private/sam.ldb -b 'CN=Deleted Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | grep vided | wc -l >> 0 >> >> Also tried to restart samba - didn't help, errors still present in the log. >> > That is weird, the deleted object doesn't seem to exist, but replication > thinks it does.-- Best regards, Alex
Thanks for getting back to us. As re-deleting the object seems to have fixed things, perhaps there were attributes that should have been cleaned up still on the deleted object. We do have code for that but there have been some issues there, mostly for multi-valued links (groups) where the other end has already gone away. Anyway, I'm glad it is all working for you. Andrew Bartlett On Mon, 2020-05-25 at 18:27 +0300, Alex via samba wrote:> Hello Rowland, > > JFYI, I was able to fix it by restoring the object in AD on the > Windows DC, > cleaning up Unix Attributes and then deleting it again. > Looks like the issue happened b/c I deleted the object with Unix > Attributes (and > NIS group) set up. > > > On 22/05/2020 13:18, Alex wrote: > > > > On 22/05/2020 12:59, Alex wrote > > > > > I apologies, I mistyped the value in grep. This one does find > > > > > the record in > > > > > Samba: > > > > > # ldbsearch --cross-ncs --show-binary -H > > > > > /usr/local/samba/private/sam.ldb -b > > > > > 'CN=Users,DC=domain,DC=com' -s sub '(objectClass=group)' 2>&1 > > > > > | grep videdom > > > > > dn: CN=videdom,CN=Users,DC=domain,DC=com > > > > > ... > > > > > > > > Try changing the search base to 'CN=Deleted > > > > Objects,DC=domain,DC=com' > > > > and see if the record exists there as well. > > > > > > Yeah, I've already tried that: > > > # ldbsearch --cross-ncs --show-binary --show-deleted -H > > > /usr/local/samba/private/sam.ldb -b 'CN=Deleted > > > Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | wc -l > > > 496 > > > > > > # ldbsearch --cross-ncs --show-binary --show-deleted -H > > > /usr/local/samba/private/sam.ldb -b 'CN=Deleted > > > Objects,DC=domain,DC=com' -s sub '(objectClass=group)' | grep > > > vided | wc -l > > > 0 > > > > > > Also tried to restart samba - didn't help, errors still present > > > in the log. > > > > > > > That is weird, the deleted object doesn't seem to exist, but > > replication > > thinks it does. > > -- > Best regards, > Alex > >-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba