Bug 11995 - cloned DC fail when i launch samba git master version and previous
Summary: cloned DC fail when i launch samba git master version and previous
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: unspecified
Hardware: x86 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-25 08:17 UTC by morphing
Modified: 2016-06-27 06:33 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description morphing 2016-06-25 08:17:57 UTC
me@dbox:~$ sudo samba -V
Version 4.5.0pre1-GIT-030fd72

me@dbox:~$ uname -a
Linux dbox 4.6.0-1-686-pae #1 SMP Debian 4.6.1-1 (2016-06-06) i686 GNU/Linux

but..

same problem on debian stable version and samba 4.4.4

i do a backup with samba-tool

me@dbox:~$ samba-tool drs clone-dc-database --include-secrets --targetdir ANYDIR SOMEDOMAIN.COM -k 1

working fine...

just for testings i try to launch samba server with the DC cloned.


like this...
me@dbox:~$sudo samba -d 10 -s ANYDIR/etc/smb.conf
and 
me@dbox:~$sudo samba -i -d 10 -s ANYDIR/etc/smb.conf 

with this result...

resumed;
.................................................
.................................................
ldb: ldb_trace_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0x83266618

ldb: Added timed event "ltdb_timeout": 0x81a5dbb8

ldb: Running timer event 0x83266618 "ltdb_callback"

ldb: Destroying timer event 0x81a5dbb8 "ltdb_timeout"

ldb: Ending timer event 0x83266618 "ltdb_callback"

ldb: no modules required by the db
ldb: No modules specified for this database
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
 control: <NONE>

ldb: ldb_asprintf/set_errstring: unable to find module or backend to handle operation: request
ldb: ldb_trace_request: SEARCH
 dn: <rootDSE>
 scope: base
 expr: (objectClass=*)
 attr: rootDomainNamingContext
 attr: configurationNamingContext
 attr: schemaNamingContext
 attr: defaultNamingContext
 control: <NONE>

ldb: ldb_trace_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0x8194b9a8

ldb: Added timed event "ltdb_timeout": 0x83a442e8

ldb: Running timer event 0x8194b9a8 "ltdb_callback"

ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
ldb: Destroying timer event 0x83a442e8 "ltdb_timeout"

ldb: Ending timer event 0x8194b9a8 "ltdb_callback"

ldb_wrap open of privilege.ldb
directory_create_or_exist_strict: invalid ownership on directory /home/me/ANYDIR/private/msg.sock
STATUS=daemon failed to start: Samba failed to setup parent messaging, error code -1073741801


thank you!
Comment 1 Andrew Bartlett 2016-06-25 08:40:29 UTC
G'Day,

I'm sorry you mistook this command for a backup tool.  To backup your DC, see https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC.

samba-tool drs clone-dc-database makes a copy of a DC's database, and without passwords by default.  However, as the help text indicates, it does not join it, and so the clone cannot function as a DC.  Specifically, no valid secrets.ldb is created, as we don't know the original password, only the hash values.

I'm happy to improve the wording if you can suggest some, but for now I'll mark this as INVALID so we don't leave this around in bugzilla. 

Thanks,

Andrew Bartlett
Comment 2 morphing 2016-06-26 21:52:26 UTC
Ok but the domain DC is windows server... its the same?

what do u think about this...

samba-tool drs clone-dc-database --include-secrets --targetdir TESTDOM TESTDOMAIN.COM -k 1

...........................................................
Replicating critical objects from the base DN of the domain
Partition[DC=testdomain,DC=com] objects[80] linked_values[5]
Partition[DC=testdomain,DC=com] objects[100] linked_values[2043]
Partition[DC=testdomain,DC=com] objects[142] linked_values[513]
Partition[DC=testdomain,DC=com] objects[222] linked_values[5]
Partition[DC=testdomain,DC=com] objects[300] linked_values[13]
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:3983: Failed to rename conflict dn 'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=testdomain,DC=com' to 'CN=S-1-5-11\0ACNF:971cd081-386a-4c8b-bb11-2a6f3129f917,CN=ForeignSecurityPrincipals,DC=testdomain,DC=com' - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=S-1-5-11\0ACNF:971cd081-386a-4c8b-bb11-2a6f3129f917,CN=ForeignSecurityPrincipals,DC=testdomain,DC=com - ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=S-1-5-11\0ACNF:971cd081-386a-4c8b-bb11-2a6f3129f917,CN=ForeignSecurityPrincipals,DC=testdomain,DC=co�
Failed to commit objects: WERR_GENERAL_FAILURE
Join failed - cleaning up

thank you for ur time :)