samba - Jun 2024 - Issues joining DC

Dear all.

Let me make a shot brief of the issue I'm currently experiencing that 
has been published in a couple of threads. Now I'm going to join them here.

Current scenario.
Centos7 running a Samba 4.6.5. Any kind of problem at client side, all 
seems to runs fine. But in some cases the AD objects appears on Windows 
clients as their SID instead of their name.

Rowland has suggested to upgrade Samba (very good proposal). To do this 
the better steps are:
1.- Install another computer.
2.- Joining it to the domain as a DC.
3.- Migrate FSMO roles from old one to new one.
4.- Demote old DC and remove from AD.

So, hands on. Following Luis recommendations, I installed a fresh Debian 
12 and followed their setup guide 
(http://samba.bigbird.es/doku.php?id=samba:start) that is really good.
All steps ran fine. But when samba-tool domain join is launched an error 
appears:

Join failed - cleaning up

Another time, thanks to Rowland, I used the -d10 parameter to send 
stdout and stderr to files when launching the samba-tool.
Reading the more than 200MB file I can see an error 
"WERR_DS_DRA_INTERNAL_ERROR". This error appears after lot of AD
objects
has been processed to be replicated.

So this drives me to think that something is failed on AD database.

I usually use samba-tool dbcheck (because I don't have any replica) and 
always the result is OK. But I tried to run samba-tool dbcheck 
--cross-ncs and this error appears

    ltdb:
   
tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAINNAME,DC=LAN.ldb):
    tdb_rec_read bad magic 0xd9fee666 at offset=3878500

    ERROR(ldb): uncaught exception - Indexed and full searches both failed!

     ? File
   
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
    line 176, in _run
     ??? return self.run(*args, **kwargs)
     ? File
   
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py",
    line 157, in run
     ??? controls=controls, attrs=attrs)
     ? File
   
"/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py",
    line 188, in check_database
     ??? res = self.samdb.search(base=DN, scope=scope, attrs=['dn'],
    controls=controls)

Could this error the reason I can't merge new DC to the domain?
Can this be solved?

Thanks a lot for your valuable help.

-- 
------------------------------------------------------------------------
Josep M. Gorro <mailto:jmgorro at gmail.com>
*Systems engineer*

-- 
Este correo electr?nico ha sido analizado en busca de virus por el software
antivirus de Avast.
www.avast.com

Try this and revert back.
samba-tool dbcheck --cross-ncs --fix --yes


LP
On 15 Jun 2024 at 20:29 +0100, Josep Maria Gorro via samba <samba at
lists.samba.org>, wrote:
> Dear all.
>
> Let me make a shot brief of the issue I'm currently experiencing that
> has been published in a couple of threads. Now I'm going to join them
here.
>
> Current scenario.
> Centos7 running a Samba 4.6.5. Any kind of problem at client side, all
> seems to runs fine. But in some cases the AD objects appears on Windows
> clients as their SID instead of their name.
>
> Rowland has suggested to upgrade Samba (very good proposal). To do this
> the better steps are:
> 1.- Install another computer.
> 2.- Joining it to the domain as a DC.
> 3.- Migrate FSMO roles from old one to new one.
> 4.- Demote old DC and remove from AD.
>
> So, hands on. Following Luis recommendations, I installed a fresh Debian
> 12 and followed their setup guide
> (http://samba.bigbird.es/doku.php?id=samba:start) that is really good.
> All steps ran fine. But when samba-tool domain join is launched an error
> appears:
>
> Join failed - cleaning up
>
> Another time, thanks to Rowland, I used the -d10 parameter to send
> stdout and stderr to files when launching the samba-tool.
> Reading the more than 200MB file I can see an error
> "WERR_DS_DRA_INTERNAL_ERROR". This error appears after lot of AD
objects
> has been processed to be replicated.
>
> So this drives me to think that something is failed on AD database.
>
> I usually use samba-tool dbcheck (because I don't have any replica) and
> always the result is OK. But I tried to run samba-tool dbcheck
> --cross-ncs and this error appears
>
> ltdb:
>
tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DOMAINNAME,DC=LAN.ldb):
> tdb_rec_read bad magic 0xd9fee666 at offset=3878500
>
> ERROR(ldb): uncaught exception - Indexed and full searches both failed!
>
> ? File
>
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
> ??? return self.run(*args, **kwargs)
> ? File
>
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py",
> line 157, in run
> ??? controls=controls, attrs=attrs)
> ? File
>
"/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py",
> line 188, in check_database
> ??? res = self.samdb.search(base=DN, scope=scope, attrs=['dn'],
> controls=controls)
>
> Could this error the reason I can't merge new DC to the domain?
> Can this be solved?
>
> Thanks a lot for your valuable help.
>
> --
> ------------------------------------------------------------------------
> Josep M. Gorro <mailto:jmgorro at gmail.com>
> *Systems engineer*
>
> --
> Este correo electr?nico ha sido analizado en busca de virus por el software
antivirus de Avast.
> www.avast.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba