Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Replication Problem with Deleted Object on Samba 4.1.17
626 views
Skip to first unread message
Achim Gottinger
Jul 21, 2015, 2:50:03 PM7/21/15
to
Hello List,
Im running an network with five samba 4 addc, all on debian wheezy with
the sernet packages. Recently an replication error showed up for an
single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from the
domain deleted it's record from dc1 manually on the other dc's it had
been removed automaticaly during unjoin.
Now I get the following error
[2015/07/21 20:15:40.113205, 0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
ldb: No objectClass found in replPropertyMetaData for
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=domain,DC=local!
[2015/07/21 20:15:40.113772, 0]
../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit)
Failed to apply records: replmd_replicated_apply_add: error during
DRS repl ADD: No objectClass found in replPropertyMetaData for
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=domain,DC=local!
: Object class violation
[2015/07/21 20:15:40.114277, 0]
../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger)
Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
Joing does not help the Computer shows up on dc's 2-4 but not on dc1.
On dc1 there is no record for win7-m-admin neighter an deleted one.
samba-tool dbcheck -cross-ncs show's no errors on all dc's.
samba-tool ldbcmp detects an missing win7-m-admin record on dc1.
An year back it was possible to remove Deleted Object with ldbdel
Now:
ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb -b
"CN=Deleted Objects,DC=domain,DC=local"
'<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>'
Results in:
delete of '' failed - (Unwilling to perform) Refusing to delete
tombstone object
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=fot,DC=local. This check is to prevent corruption of the
replicated state.
I'd just purge this record from dc's 2-4 and rejoin the computer once
again but unfortunately this is no longer possible because of this new
check. Is there an way to force the deletion, because the replicated
state is already corrupted?
Thanks in advance
Achim~
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Im running an network with five samba 4 addc, all on debian wheezy with
the sernet packages. Recently an replication error showed up for an
single Computer (WIN7-M-ADMIN) record. So I unjoined the pc from the
domain deleted it's record from dc1 manually on the other dc's it had
been removed automaticaly during unjoin.
Now I get the following error
[2015/07/21 20:15:40.113205, 0]
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
ldb: No objectClass found in replPropertyMetaData for
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=domain,DC=local!
[2015/07/21 20:15:40.113772, 0]
../source4/dsdb/repl/replicated_objects.c:783(dsdb_replicated_objects_commit)
Failed to apply records: replmd_replicated_apply_add: error during
DRS repl ADD: No objectClass found in replPropertyMetaData for
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=domain,DC=local!
: Object class violation
[2015/07/21 20:15:40.114277, 0]
../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger)
Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
Joing does not help the Computer shows up on dc's 2-4 but not on dc1.
On dc1 there is no record for win7-m-admin neighter an deleted one.
samba-tool dbcheck -cross-ncs show's no errors on all dc's.
samba-tool ldbcmp detects an missing win7-m-admin record on dc1.
An year back it was possible to remove Deleted Object with ldbdel
Now:
ldbdel --show-deleted --extended-dn -H /var/lib/samba/private/sam.ldb -b
"CN=Deleted Objects,DC=domain,DC=local"
'<GUID=a8530d8e-1767-4f6b-8fe9-ce11a51b295c>'
Results in:
delete of '' failed - (Unwilling to perform) Refusing to delete
tombstone object
CN=WIN7-M-ADMIN\0ADEL:a8530d8e-1767-4f6b-8fe9-ce11a51b295c,CN=Deleted
Objects,DC=fot,DC=local. This check is to prevent corruption of the
replicated state.
I'd just purge this record from dc's 2-4 and rejoin the computer once
again but unfortunately this is no longer possible because of this new
check. Is there an way to force the deletion, because the replicated
state is already corrupted?
Thanks in advance
Achim~
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Achim Gottinger
Jul 21, 2015, 8:10:05 PM7/21/15
to
samba-tool drs replicate dc2 dc1 DC=fot,DC=local --full-sync
and so on till samba-tool drs showrepl showed no more errors on all dc's.
Achim Gottinger
Jul 21, 2015, 9:10:03 PM7/21/15
to
0 new messages