Web lists-archives.com

Re: [Samba] dbtool --cross-ncs and undeletable errors..




On Tue, 22 Jan 2019, Rowland Penny via samba wrote:

On Tue, 22 Jan 2019 14:20:21 -0500 (EST)
"Vincent S. Cojot via samba" <samba@xxxxxxxxxxxxxxx> wrote:


Hi All,

On my two-DC setup (dc00 and dc01 - Used to be a 4-Dc setup but 02
and 03 are gone), I've noticed the following errors which I am unable
to fix.. Any hints?

* Basic dbcheck is clean.

[root@dc00 ~]# samba-tool dbcheck
Checking 327 objects
Checked 327 objects (0 errors)

* Cross-NCS shows two errors related to a de-comissionned DC (dc02)
and cannot auto-fix this.. How do I fix those errors?

[root@dc00 ~]# samba-tool dbcheck --cross-ncs --fix --yes
Checking 3574 objects
ERROR: no target object found for GUID component for link fromServer
in object CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn ERROR: target DN is deleted for fromServer in object CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn - <GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS Settings\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn Target GUID points at deleted DN '<GUID=c8bf60b8-c3b9-442f-a330-d706221bc889>;CN=NTDS Settings\\0ADEL:c8bf60b8-c3b9-442f-a330-d706221bc889,CN=DC02\\0ADEL:53a02791-a186-4a2f-aef9-6e180b814d8a,CN=Servers,CN=Krynn,CN=Sites,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn'
Remove DN link? [YES]
ERROR: Failed to remove deleted DN attribute fromServer : (65, "objectclass_attrs: at least one mandatory attribute ('fromServer') on entry 'CN=4b3f95b1-7774-42cf-8bc0-755c7d29f6cc,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=lasthome,DC=solace,DC=krynn' wasn't specified!")


Thanks for any hints/pointers.

Vincent


This isn't an error, if you look very carefully at the 'link' you will
see 'DEL'. This means the record is a 'DELETED' record, you cannot
delete a 'DELETED' record ;-)

If you wait for 180 days minus the number of days since you
decommissioned the DC, the record will just go away.

Rowland

Hi Rowland,
Thank you for your quick reply. Is there a way to force an expire on those things so I can get past those errors and only consider new errors as 'new'? It's been about 4-5 months since I removed those DCs but an ldbsearch shows more objects in need of purge (Computers that were removed, users too). If I wanted to clean this manually, I guess I could do the following (but I'm sure I'd -want- to do that):

export LDB_MODULES_PATH=/usr/lib64/samba/ldb
ldbedit -e nano -H /var/lib/samba/private/sam.ldb --cross-ncs  \
--show-deleted --show-deactivated-link --extended-dn
(and then light a few candles, I guess)..

Is there a way to do that saefly using RSAT?

Thanks,

Vincent

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba