Web lists-archives.com

Re: [Samba] possible to use ldbedit in a safe way




On 10/16/2017 11:13 AM, Rowland Penny via samba wrote:
On Mon, 16 Oct 2017 16:53:17 +0200
mj via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,

dbcheck tells us we have two "dangling forward links" that I am
trying to get rid of. On my test domain, I have simply done

ldbedit -e nano -H ./CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM

to remove them.

While that seems to have worked nicely, dbcheck report zero errors
now, it is something that I should never have done, or do in
production, according to Andrew:

"We realise this is a difficult problem for you and other users, but
NEVER, EVER do that."

So, question: is there a SAFE way to easily get rid of those two
"dangling forward links"?

(they are Replica-Locations for a DC that has been removed years ago)

MJ

If you need to edit the NCs in sam.ldb.d, use '--cross-ncs' with the
ldb command, this allows you safely change things. There have been
reports of AD being destroyed by directly editing the ldb's in sam.ldb.d

Rowland

Mj,

    You should be able to safely remove those dangling forward links with

#samba-tool domain tombstones expunge


--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba