Re: [Samba] Domain join issues - 4.9.0
- Date: Sun, 18 Nov 2018 21:37:17 +0000
- From: Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Domain join issues - 4.9.0
Thanks Rowland for the advice, I have now tried joining a 4.9.2
machine to the domain, targeting the join at a 4.9.2 DC. Same result
as below, unfortunately - I think you are probably correct with the
bug below (#8929).
On Wed, 14 Nov 2018 at 08:34, Jonathan Hunter <jmhunter1@xxxxxxxxx> wrote:
> > > $ sudo samba-tool domain join mydomain.org DC -U myadmin --site=mysite
> > > --server=dc3
> > > [...]
> > > Replicating critical objects from the base DN of the domain
> > > [...]
> > > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in
> > > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for
> > > index on servicePrincipalName, duplicate of objectGUID
> > > 00000000-1111-2222-3333-444444444444 in
> > > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC
> > > [lots of these]
> > I think you may be running into this bug:
> > https://bugzilla.samba.org/show_bug.cgi?id=8929
> > You may have duplicate SPN's e.g. one 'HOST/somePC' and another
> > 'host/somepc'
I am sure that this is what is happening for me.. but it looks as
though I am now unable to join any new DCs into my domain, until I can
figure out how to work around this.
Is there a way I can maybe use ldbedit to manually adjust the
database, and remove duplicates somehow? (That seems risky to me, but
I don't know what alternative I have..)
In my database, as reported by the domain join command above, I have
five duplicates 'for index on servicePrincipalName', plus 107
duplicates for index on a custom LDAP attribute I am using. If there's
a correct way I can step through these one by one, and remove the
duplicates, I am happy to try...
Or - is anybody working on bug 8929?
Currently I am one DC down, and don't think I can re-add it as things
stand.. so I'm willing to try manually editing if that will help.
"If we knew what it was we were doing, it would not be called
research, would it?"
- Albert Einstein
To unsubscribe from this list go to the following URL and read the