Web lists-archives.com

Re: [Samba] Make Samba 4 as Additional DC to Windows Server 2003R2




Hi,

I did upgrade the server to Windows Server 2008 R2 along with AD.

However, when I attempt to add Samba-4 as additional domain controller, it is able to provision the Domain and starts to replicate the data. However, while replicating, it throws up an error as shown below and stops. Samba-4 will remove itself being additional domain controller.

I tried this migration using Samba Version 4.7 and BIND9_DLZ as dns backend.

Error message:

-------------------------------------------------------------------------------------------

/lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com in @INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA== ../lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com in @INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA== ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:4824: Failed to rename conflict dn 'CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com' to 'CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com' - ../lib/ldb/ldb_tdb/ldb_index.c:1272: Failed to re-index objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com - ../lib/ldb/ldb_tdb/ldb_index.c:1196: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897\0ACNF:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com
Failed to commit objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=corp,DC=dtdc,DC=com
Deleted CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=dtdc,DC=com Deleted CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=dtdc,DC=com ERROR(runtime): uncaught exception - (31, "Failed to process 'chunk' of DRS replicated objects: WERR_GEN_FAILURE")   File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1377, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 936, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 295, in replicate
    schema=schema, req_level=req_level, req=req)
--------------------------------------------------------------------------------------------------------------

Is this error something to do with Windows Domain Controller?

--

Thanks & Regards,


Anantha Raghava


Do not print this e-mail unless required. Save Paper & trees.

On 28/10/17 4:45 PM, Andrew Bartlett wrote:
On Sat, 2017-10-28 at 16:11 +0530, Anantha Raghava via samba wrote:
Hi,

I am trying to make Samba 4 as additional DC to a Domain Hosted in
Windows Server 2003 R2. Is it possible? Or do we have to first migrate
to Windows Server 2008 R2 and then to Samba?

samba-toll domain join command comes upto Domain Provision and it
reports OK. However when the replication starts it fails. Error thrown is:

"Failed to bind to uuid e35*****-****-****-****-************/00000****
...........NT_STATUS_LOGON_FAILURE"
That is interesting.  It should work, but an upgrade to 2008R2 first
would be advised for the migration, as that will allow you to get you a
2008R2 schema and functional level, which you want.

Andrew Bartlett


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba