Web lists-archives.com

[Samba] Schema extension reported as schema corruption (Samba 4.5)




Hello,

I've got a domain with two Samba DC's, both running samba 4.5. It started as a network with one DC running samba 4.2, but I upgraded it something over a year ago or so. There's a schema extension installed because the mail system likes to store additional information in AD (Such as is this an active user? Is it an admin? A room?)

I've tried to add a new DC a few days ago so I could then retire the older one, but I'm getting this error:

https://pastebin.com/raw/dEbimdWJ

So I tried to find out what's wrong and started by running "samba-tool dbcheck --cross-ncs", which reports back 4002 errors in 4539 objects. I see lots of mentions of "zarafaAccount" and "zarafaAdmin" and such in there, which leads me to believe that the schema extension or the way newer versions of samba handle it is to blame. (I'm not posting the output here, because it contains the names of every employee.)

Now, obviously running "samba-tool dbcheck --cross-ncs --fix" would in the best case scenario break the mail server. I've got the feeling that it would wreck the whole domain instead, though.

It has worked fine with this extension installed for years, so I'm not sure what changed. I was even able to add the second DC last year as I've written at the beginning.

What can I do to get it working again?

Regards,

mots

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba