samba - Nov 2022 - Samba does not replicate attributes added via ldbmodify

On Thu, 2022-10-13 at 08:21 +0200, Ralf Spenneberg
wrote:
> Hi Andrew,
> Am 13.10.22 um 08:14 schrieb Andrew Bartlett:
> > > > (And don't worry, it is not case sensitive and is self-
> > > > correcting ofcase, if Samba accepts the modify it should
> > > > replicate, as long as youdon't access the files under
> > > > sam.ldb.d/ directly).
> > > Well, the ldbmodify usedc was:ldbmodify -v -H
> > > 'DC=AD,DC=DOMAIN,DC=DE.ldb'
</root/replace-proxyAddresses.ldif
> > > Does this count as modifying the files directly?
> > 
> > Yes.  Your domain is now (subtly) corrupt.  Do not pass go, do not
> > collect $200. ;-)
> Ok, I already assumed something like that.
> > The file to modify it the sam.ldb file in the directory above, this
> > provides the correct interface.
> So what would have been the correct command?ldapmodify -H
> /var/lib/samba/private/sam.ldb < xxx.ldif?
Yes.
> > dbcheck might fix it.
> I already ran dbcheck. But it did not help. Could I try to repair the
> replication by rejoining the backup dc?
Yes, just join a new DC to the domain (you could rejoin the DC you
modified to the backup), that attribute won't replicate over and it
will all be as if this never happened.
Then demote the existing DC that you modified.  
Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member
(since 2001) https://samba.orgSamba Team Lead, Catalyst IT  
https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open SourceSolutions

Andrew,

thanks a lot for the suggestions and your help.

Ralf

Am 13.10.22 um 08:26 schrieb Andrew Bartlett:
> On Thu, 2022-10-13 at 08:21 +0200, Ralf Spenneberg wrote:
>> Hi Andrew,
>>
>> Am 13.10.22 um 08:14 schrieb Andrew Bartlett:
>>>>> (And don't worry, it is not case sensitive and is
self-correcting of
>>>>> case, if Samba accepts the modify it should replicate, as
long as you
>>>>> don't access the files under sam.ldb.d/ directly).
>>>> Well, the ldbmodify usedc was:
>>>> ldbmodify -v -H 'DC=AD,DC=DOMAIN,DC=DE.ldb' <
>>>> /root/replace-proxyAddresses.ldif
>>>>
>>>> Does this count as modifying the files directly?
>>>
>>> Yes.  Your domain is now (subtly) corrupt.  Do not pass go, do not
collect $200. ;-)
>> Ok, I already assumed something like that.
>>> The file to modify it the sam.ldb file in the directory above, this
provides the correct interface.
>> So what would have been the correct command?
>> ldapmodify -H /var/lib/samba/private/sam.ldb < xxx.ldif?
> 
> Yes.
> 
> 
>>> dbcheck might fix it.
>> I already ran dbcheck. But it did not help. Could I try to repair the
>> replication by rejoining the backup dc?
> 
> Yes, just join a new DC to the domain (you could rejoin the DC you modified
to the backup), that attribute won't replicate over and it will all be as if
this never happened.
> 
> 
> Then demote the existing DC that you modified.
> 
> 
> Andrew Bartlett
> 
> 
> -- 
> 
> Andrew Bartlett (he/him) https://samba.org/~abartlet/ 
> <https://samba.org/~abartlet/>
> Samba Team Member (since 2001) https://samba.org <https://samba.org>
> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba 
> <https://catalyst.net.nz/services/samba>
> 
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions

Hi Andrew,

I never got back to you. The rejoining worked fine. The attributes 
replicated once they were added correctly.

Thanks a lot,

Ralf

Am 13.10.22 um 08:54 schrieb Ralf Spenneberg via samba:
> Andrew,
> 
> thanks a lot for the suggestions and your help.
> 
> Ralf
> 
> Am 13.10.22 um 08:26 schrieb Andrew Bartlett:
>> On Thu, 2022-10-13 at 08:21 +0200, Ralf Spenneberg wrote:
>>> Hi Andrew,
>>>
>>> Am 13.10.22 um 08:14 schrieb Andrew Bartlett:
>>>>>> (And don't worry, it is not case sensitive and is
self-correcting of
>>>>>> case, if Samba accepts the modify it should replicate,
as long as you
>>>>>> don't access the files under sam.ldb.d/ directly).
>>>>> Well, the ldbmodify usedc was:
>>>>> ldbmodify -v -H 'DC=AD,DC=DOMAIN,DC=DE.ldb' <
>>>>> /root/replace-proxyAddresses.ldif
>>>>>
>>>>> Does this count as modifying the files directly?
>>>>
>>>> Yes.? Your domain is now (subtly) corrupt.? Do not pass go, do
not
>>>> collect $200. ;-)
>>> Ok, I already assumed something like that.
>>>> The file to modify it the sam.ldb file in the directory above,
this
>>>> provides the correct interface.
>>> So what would have been the correct command?
>>> ldapmodify -H /var/lib/samba/private/sam.ldb < xxx.ldif?
>>
>> Yes.
>>
>>
>>>> dbcheck might fix it.
>>> I already ran dbcheck. But it did not help. Could I try to repair
the
>>> replication by rejoining the backup dc?
>>
>> Yes, just join a new DC to the domain (you could rejoin the DC you 
>> modified to the backup), that attribute won't replicate over and it
>> will all be as if this never happened.
>>
>>
>> Then demote the existing DC that you modified.
>>
>>
>> Andrew Bartlett
>>
>>
>> -- 
>>
>> Andrew Bartlett (he/him) https://samba.org/~abartlet/ 
>> <https://samba.org/~abartlet/>
>> Samba Team Member (since 2001) https://samba.org
<https://samba.org>
>> Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba 
>> <https://catalyst.net.nz/services/samba>
>>
>> Samba Development and Support, Catalyst IT - Expert Open Source
>> Solutions
>