Web lists-archives.com

Re: [Samba] Make Samba 4 as Additional DC to Windows Server 2003R2

Hello Andrew,

A gentle reminder for the patch.

Can you share the patch as you mentioned?


Thanks & Regards,

Anantha Raghava

Do not print this e-mail unless required. Save Paper & trees.

On 29/10/17 11:57 AM, Andrew Bartlett wrote:
On Sun, 2017-10-29 at 09:11 +0530, Anantha Raghava wrote:

I did upgrade the server to Windows Server 2008 R2 along with AD.
However, when I attempt to add Samba-4 as additional domain controller, it is able to provision the Domain and starts to replicate the data. However, while replicating, it throws up an error as shown below and stops. Samba-4 will remove itself being additional domain controller.
I tried this migration using Samba Version 4.7 and BIND9_DLZ as dns backend.
Error message:
/lib/ldb/ldb_tdb/ldb_index.c:1189: unique index violation on objectSid in CN=TDS COMMON\0ADEL:dae6fa1e-21c5-4837-9d8c-a9356794c897,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com, conficts with CN=SUDIKSHA VILAS MHATRE\0ADEL:0b07eb12-99bd-4688-956f-55003920aa8f,CN=Deleted Objects,DC=corp,DC=dtdc,DC=com in @INDEX:OBJECTSID::AQUAAAAAAAUVAAAAu/PHIwO8muhtdxC5k7cDAA==

Is this error something to do with Windows Domain Controller?
I have a patch for this, developed for a customer who hit the same
thing, remind me if you don't get it from me tomorrow, and given the
additional interest I'll figure a way to get it upstream.

Samba is just stricter than windows in this area, not allowing a SID to
be deleted or be a conflict object and also exist normally.

Until your mail, I didn't think this could happen other than as a
foreignSecurityPrincipal however, and I don't think the source domain
is entirely healthy if an objectSid can be allocated to two different
users, even if they are now deleted.

I hope this helps,

Andrew Bartlett

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba