I updated my test environment with 2 Samba AD DCs to 4.5.0rc2. According the release notes, replPropertyMetaData wasn't stored correctly. I run dbcheck --fix on the first DC and all replPropertyMetaData objects were fixed. Then I run the command on the second DC: All objects were fixed - except this one: [root@DC2 samba-4.5.0rc2]# samba-tool dbcheck --cross-ncs --fix Checking 3514 objects CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x0009030e CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090175 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090173 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090001 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020119 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x000200a9 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020002 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020001 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00000003 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00000000 ERROR: unsorted attributeID values in replPropertyMetaData on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com Fix replPropertyMetaData on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com by sorting the attribute list? [y/N/all/none] y Failed to fix attribute replPropertyMetaData : (65, "objectclass_attrs: at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com' wasn't specified!") Checked 3514 objects (1 errors) The fix fails on every try for this entry. Because this is a fix we mention in the release notes, I think it's important that we check if maybe the fix isn't working in all cases and repair it before we release 4.5. Thanks.
Created attachment 12406 [details] Object on DC1 (were the fix was successful)
Created attachment 12407 [details] Object on DC2 (were the fix fails)
Sorry for dropping the ball on this. I think the current workaround is to use --yes on the end which triggers a transaction. It says that it doesn't fix it, but it does actually appear to if you run it again. samba-tool dbcheck --cross-ncs --fix --yes I'll see if there should be any further modifications to avoid this requirement.
(In reply to Garming Sam from comment #3) Garming, I can confirm that your workaround works: [root@DC2 ~]# samba-tool dbcheck --cross-ncs --fix --yes Checking 3518 objects CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x0009030e CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090175 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090173 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00090001 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020119 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x000200a9 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020002 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00020001 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00000003 CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com: 0x00000000 ERROR: unsorted attributeID values in replPropertyMetaData on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com Fix replPropertyMetaData on CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com by sorting the attribute list? [YES] Failed to fix attribute replPropertyMetaData : (65, "objectclass_attrs: at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com' wasn't specified!") Checked 3518 objects (1 errors) [root@DC2 ~]# samba-tool dbcheck --cross-ncs Checking 3518 objects Checked 3518 objects (0 errors) However it would be great if you find a solution to fix this for 4.5 final, because it's very confusing. Let me know if you need more details, or if I can test something.
Created attachment 12409 [details] patch for master This is the patch that should address this issue, plus a fix to the testsuite that ensures that this is not missed next time.
(In reply to Andrew Bartlett from comment #5) I tested the patch with 4.5.0rc2 and can confirm that it fixes the problem. Thanks. Please cherry-pick to the 4.5 branch after the review.
Comment on attachment 12409 [details] patch for master Pushed to master with some formatting improvements and BUG: urls
(In reply to Stefan Metzmacher from comment #7) Stefan, can you please cherry-pick the patch for 4.5?
(In reply to Marc Muehlfeld from comment #8) Hi Marc, please see https://wiki.samba.org/index.php/Samba_Release_Planning#Release_Branch_Checkin_Procedure It's not the job of the release managers to prepare the patches for the backports. I'm happy to give a review+ once someone uploaded the backports. Thanks! metze
(In reply to Stefan Metzmacher from comment #9) Ok, I just noticed that I pushed the patch to master :-) I'll upload patches now...
Created attachment 12417 [details] Patches for v4-5-test
Created attachment 12418 [details] Patches for v4-4-test
Created attachment 12419 [details] Patches for v4-3-test
Pushed to autobuild-v4-5-test.
Pushed to v4-5-test.
Pushed to autobuild-v4-{3,4}-test.
Pushed to all branches. Closing out bug report. Thanks!