Web lists-archives.com

[Samba] ERROR: missing backlink attribute 'memberOf'




Good Morning (or not),

I am running three Samba AD DCs all at version 4.7.2 on Ubuntu 16.04.  All three have run flawlessly for over a year. Last night one of the DCs started failing Replication with both the other DCs so I decided to run samba-tool dbcheck .
Resulting in several:

ERROR: orphaned backlink attribute 'memberOf' in CN=Annamarie Foyles,CN=Users,DC=cy,DC=cybernetics,DC=com for link member in CN=CY Folder Redirect (Win 7),CN=Users,DC=cy,DC=cybernetics,DC=com
Not removing orphaned backlink memberOf

ERROR: orphaned backlink attribute 'memberOf' in CN=Darran T. Price,CN=Users,DC=cy,DC=cybernetics,DC=com for link member in CN=CY Folder Redirect (Win 7),CN=Users,DC=cy,DC=cybernetics,DC=com
Not removing orphaned backlink memberOf

So I ran samba-tool dbcheck --fix which fixed a few of them and actually got the replications working again, But there are several of those same errors on all three DCs.  I have searched the list and see that the cause of the Backlink removal error has been fixed in version 4.7.1 but the db needs to be cleaned manually.  Just to let you know,  samba-tool dbcheck --cross-ncs passed with no errors following the upgrade to 4.7.0, 4.7.1 and 4.7.2 so i'm not sure how the errors are here now.

MY QUESTION IS: Could anyone provide me with the directions I need to use to safely manually remove the troubled orphaned backlink attributes so the DCs are happy again.  At the moment everything is working fine, I just need to get the db healthy.

Probably not needed but my smb.conf is posted below:

[global]
        netbios name = CY-DC
        realm = CY.DOMAIN.COM
        workgroup = CY
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        idmap config CY:unix_nss_info = yes
        ldap server require strong auth = no
        allow dns updates = nonsecure and secure
        log level = 2

# stops cups errors in log file
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

[netlogon]
        path = /var/lib/samba/sysvol/cy.domain.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


Thank you all for this wonderful product and your help.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba