Web lists-archives.com

Re: [Samba] [Patches] for dbcheck (Re: [Patches] AD Database corruption after upgrade from <= 4.6 to 4.7 (bug #13228))




Hi Stefan

Please let me know which other information is required to investigate and
fix these errors. The drs replication is working between the DC's but on
both the DC's the dbcheck is giving these errors which cannot be fixed.

*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA






On Wed, Jan 31, 2018 at 3:36 PM, Stefan Metzmacher <metze@xxxxxxxxx> wrote:

> Hi Harsh,
>
> sorry, but you're problem is not related to my patches.
>
> This may need further investigation.
>
> metze
>
> Am 31.01.2018 um 12:45 schrieb Harsh Kukreja:
> > Hi Stefan
> >
> > I am also one of the Sernet customer. Can you guide me how to run the
> patch
> > to fix the bug.
> >
> > I am running 2 DC's Sernet Samba 4.7.4 with 2 RODC's running Sernet Samba
> > 4.7.4. Whenever I run samba-tool drs replicate --fix --yes command on the
> > DC it shows the below errors which cannot be fixed:
> >
> > Failed to remove deleted DN attribute fromServer : (65,
> "objectclass_attrs:
> > at least one mandatory attribute ('fromServer') on entry
> > 'CN=79fbbaa2-a6b5-4dfd-a7f4-26aaa568f74e,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na'
> > wasn't specified!")
> > ERROR: no target object found for GUID component for link lastKnownParent
> > in object
> > CN=79fbbaa2-a6b5-4dfd-a7f4-26aaa568f74e,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na
> > ERROR: target DN is deleted for lastKnownParent in object
> > CN=79fbbaa2-a6b5-4dfd-a7f4-26aaa568f74e,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na
> > Target GUID points at deleted DN
> > '<GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na'
> > Remove DN link? [YES]
> > Failed to remove deleted DN attribute lastKnownParent : (65,
> > "objectclass_attrs: at least one mandatory attribute ('fromServer') on
> > entry
> > 'CN=79fbbaa2-a6b5-4dfd-a7f4-26aaa568f74e,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na'
> > wasn't specified!")
> > WARNING: no target object found for GUID component for DN value
> fromServer
> > in object
> > CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=3da7e1da-33b5-428b-9313-2ae48ddfee10>;CN=NTDS
> > Settings,CN=IUMONGDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > WARNING: target DN is deleted for fromServer in object
> > CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=3da7e1da-33b5-428b-9313-2ae48ddfee10>;CN=NTDS
> > Settings,CN=IUMONGDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > Target GUID points at deleted DN
> > '<GUID=3da7e1da-33b5-428b-9313-2ae48ddfee10>;CN=NTDS
> > Settings,CN=IUMONGDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
> Configuration,DC=iumnet,DC=edu,DC=na'
> > Remove stale DN link? [YES]
> > Failed to remove deleted DN attribute fromServer : (65,
> "objectclass_attrs:
> > at least one mandatory attribute ('fromServer') on entry
> > 'CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na'
> > wasn't specified!")
> > ERROR: no target object found for GUID component for link lastKnownParent
> > in object
> > CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na
> > ERROR: target DN is deleted for lastKnownParent in object
> > CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na
> > - <GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na
> > Target GUID points at deleted DN
> > '<GUID=fbd5524d-78fb-4313-a62a-96dc802dd9e2>;CN=NTDS
> > Settings\\0ADEL:fbd5524d-78fb-4313-a62a-96dc802dd9e2,CN=
> LostAndFoundConfig,CN=Configuration,DC=iumnet,DC=edu,DC=na'
> > Remove DN link? [YES]
> > Failed to remove deleted DN attribute lastKnownParent : (65,
> > "objectclass_attrs: at least one mandatory attribute ('fromServer') on
> > entry
> > 'CN=6eba8ddc-5f5b-4bf5-8025-772ec80a29e2,CN=LostAndFoundConfig,CN=
> Configuration,DC=iumnet,DC=edu,DC=na'
> > wasn't specified!")
> > Checked 5920 objects (13 errors)
> >
> > Can you please suggest if this patch is going to fix these errors.
> >
> > Thanks n Regards
> >
> > Harsh
> >
> > *Harsh Kukreja *Systems Administrator
> > *International University of Namibia *Tel: 061-4336000 - E-mail:
> h.kukreja
> > @ium.edu.na - Web:
> > *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
> > 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
> >
> >
> >
> >
> >
> >
> > On Tue, Jan 30, 2018 at 8:56 PM, Stefan Metzmacher via samba <
> > samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> Hi,
> >>
> >> as a lot of SerNet customers are having trouble with corrupted
> >> linked attributes, my colleague Ralph Böhme and I developed
> >> patches for 'samba-tool dbcheck' to recover the missing
> >> forward links (in most cases missing member attributes).
> >>
> >> I'm currently running a private autobuild with these patches
> >> and my colleague Björn Baumbach is currently testing SAMBA+
> >> packages with the patches included, which will be released
> >> as soon as possible.
> >>
> >> As the patches re-add members to groups administrators may want
> >> avoid using '--yes' and ack the re-added members explicitly.
> >>
> >> The patches have enough review tags already, additional
> >> review isn't required, we'll wait a bit to collect some feedback
> >> from others, before pushing.
> >>
> >> Once the patches are reviewed for master, we'll also release
> >> a new upstream 4.7 release with the fixes included.
> >>
> >> More technical details:
> >>
> >> As we lost the replication meta data for the forward link,
> >> we create them using a special invocationId
> >> ffffffff-4700-4700-4700-000000b13228 and an originating_usn
> >> of 1. The add/changetime/local_usn are the one from the last
> >> 'objectClass' modification (which typically never changes and therefor
> >> matches the object creation time). We also use version = 0
> >> in order to match the link creation of 4.7 and older releases.
> >>
> >> This way we can easily identify recreated forward links
> >> and we avoid a new meta data stamp and incrementing of
> >> the highestCommitedUSN. So each affected dc will just recover
> >> the value in the local database. And any incoming
> >> replication should overwrite the value again.
> >>
> >> See also https://bugzilla.samba.org/show_bug.cgi?id=13228
> >>
> >> metze
> >>
> >> Am 22.01.2018 um 10:49 schrieb Stefan Metzmacher via samba-technical:
> >>> Hi,
> >>>
> >>> here're patches to avoid a database corruption with linked attributes,
> >>> e.g. member/memberOf.
> >>>
> >>> See https://bugzilla.samba.org/show_bug.cgi?id=13228
> >>>
> >>> As a temporary solution admins can add "server services = -kcc" to the
> >>> global section of smb.conf.
> >>>
> >>> Also DO NOT repair the following errors with samba-tool dbcheck!
> >>> "Remove duplicate links in attribute"
> >>> and
> >>> "ERROR: orphaned backlink"
> >>> as this removes the ability to repair the database
> >>> in the next round of patches!
> >>>
> >>> Please review and push:-)
> >>>
> >>> Thanks!
> >>> metze
> >>>
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
>
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba