On Thu, 18 Jul 2024 10:29:04 +0200
Heiko Robert via samba <samba at lists.samba.org> wrote:
> > Do not touch 'DC=DOMAINDNSZONES,DC=COMPANY,DC=INTRA.ldb' (or
any of
> > the other files in the same directory) directly, do all changes
> > through sam.ldb, otherwise you have a very good risk of further
> > damaging your database.
>
> I'm not sure if the dup keys in the
> 'DC=DOMAINDNSZONES,DC=COMPANY,DC=INTRA.ldb' is my root issue and
why
> the dbcheck fails with that uncaught exception. How would I fix such
> a duplicate key in that file through sam.ldb?
sam.ldb is the gateway to the files in /var/lib/samba/private/sam.ldb.d
, if you are going to change anything, do it through sam.ldb. You may
find the ldbsearch '--cross-ncs' switch useful here.
>
> To identify the dup key I creted a tdbdump and then counted the keys:
>
> awk '$1 ~ /^key/ {print $3}' DOMAINDNSZONES.tdbdump |sort|uniq -c |
> sort -nr | head
>
> the dupliate entry is
>
> {
> key(42) = "DN=@INDEX:USNCHANGED:p0000000000000048557\00"
> data(116) =
> "h\19\01&\02\00\00\00&\00\00\00 at
INDEX:USNCHANGED:p0000000000000048557\00\00\00\00\00\00)\00\00\00\0B\00\00\00 at
IDXVERSION\00\01\00\00\00\01\01\04\00\00\00 at
IDX\00\01\00\00\00\01\103\00$s$\BB\D6;UJ\B1|\F3\B5\90l6\A4\00"
> }
>
>
> Maybe it is related or not but in log.samba I also see
>
> ldb: acl_read: cannot get descriptor of
> DC=DomainDnsZones,DC=ecm4u,DC=intra: Operations error
>
> I don't know what to do with all this either. The samba-ad ran for
> years and we never realized that there was a problem. Today I know
> that a replication or an online backup would stumble over such errors.
>
> Any kind of feedback is welcome.
>
>
From your error message, it appears that you are attempting to join
another Samba 4.15.13 DC, can I suggest you try with Debian 12 with
Samba from backports, this will get you the very latest Samba 4.20.2
Perhaps this may help.
Rowland