[Samba] samba-tool dbcheck on 4.7.5, after bug 13228
- Date: Fri, 9 Feb 2018 10:20:38 +0000
- From: Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] samba-tool dbcheck on 4.7.5, after bug 13228
Have changed the subject line to make my question clearer :)
What is the expected behaviour of 'samba-tool dbcheck --fix'? Should
running this command two times still produce the same output?
I think I was bitten by bug 13228, but am not sure if I'm running the right
command to resolve.
On 7 February 2018 at 23:44, Jonathan Hunter <jmhunter1@xxxxxxxxx> wrote:
> Firstly thank you to all the Samba team for continued help & support.. and
> thank you to those involved in resolving bug 13228, which might well
> explain a number of issues I was having recently (I had thought
> coincidentally, after upgrading to 4.7.4)
> Can I check the expected behaviour of 'samba-tool dbcheck --cross-ncs
> On 7 February 2018 at 08:59, Karolin Seeger via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
>> o BUG 13228: This is a major issue in Samba's ActiveDirectory domain
>> controller code. It might happen that AD objects have missing or broken
>> linked attributes. This could lead to broken group memberships e.g.
>> All Samba AD domain controllers set up with Samba 4.6 or lower and then
>> upgraded to 4.7 are affected. The corrupt database can be fixed with
>> 'samba-tool dbcheck --cross-ncs --fix'.
> What is the expected behaviour of this command if run consecutively?
> On my DCs, freshly upgraded from 4.7.4 to 4.7.5, I have run the following
> two commands in sequence:
> $ sudo samba-tool dbcheck --cross-ncs --fix --yes > ~/samba-fix-01 2>&1
> $ sudo samba-tool dbcheck --cross-ncs --fix --yes > ~/samba-fix-02 2>&1
> The files produced by each run are identical in size.. but I would have
> instead expected file 02 to be smaller than file 01, since all the issues
> should have been fixed first time round..?
> Can I first check that I'm not missing something in syntax etc., before I
> spam the list with more details?
> I'm seeing output along the following lines, during *both* runs of
> samba-tool dbcheck:
> WARNING: no target object found for GUID component for DN value
> msDS-NC-Replica-Locations in object CN=aaaaaaaa-bbbb-cccc-dddd-
> eeeeeeeeeeee,CN=Partitions,CN=Configuration,DC=mydomain [....]
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object
> Target GUID points at deleted DN [....]
> Remove stale DN link? [YES]
> Removed deleted DN on attribute msDS-NC-Replica-Locations
> plus many more; the output files are 13KB each on this DC, and contain 47
> fixes according to
> $ cat samba-fix-01 | grep "[YES]" | wc -l
> I already know (I think) that I need to run the command on each DC.. but
> before going further I just wanted to check I'm at least trying the correct
> approach for dbcheck itself.
> "If we knew what it was we were doing, it would not be called research,
> would it?"
> - Albert Einstein
"If we knew what it was we were doing, it would not be called research,
- Albert Einstein
To unsubscribe from this list go to the following URL and read the