Created attachment 12593 [details] Patch to detect recycled objects
Created attachment 12594 [details] Patch to detect recycled objects
Alisson, Can you please try the patch by garming at attachment 12594 [details]? We simulated what we hope is the issue you have seen, and we think this fixes it, unlike my previous untested patch on bug 12297 (which didn't). Again, the patch is on master, and then we want you to run 'samba-tool domain tombstones expunge'. Thanks,
(In reply to Andrew Bartlett from comment #3) After patch work it. No more erros when running 'samba-tool dbcheck' and the output of 'samba-tool domain tombstones expunge' said: Deleting deleted linked attribute member to 215b99e2-226e-4e99-b2ea-9d0afb44399b, because vanish_links control is set Deleting deleted linked attribute member to 4522f25b-b4d5-4192-8be2-6b4aee097575, because vanish_links control is set Deleting deleted linked attribute member to a00c6f5c-74d5-4452-b1c6-3f455c67f6eb, because vanish_links control is set Deleting deleted linked attribute member to b69fb088-21e1-4862-b4d5-1f16412ed9ec, because vanish_links control is set Deleting deleted linked attribute member to ee285a7f-2e74-482e-9791-13459862a552, because vanish_links control is set
Comment on attachment 12594 [details] Patch to detect recycled objects Thanks! I'll review this patch onto master shortly, and then we can apply for this to get into 4.5.
I have attempted to use "tombstones expunge" from master on the DC described in https://lists.samba.org/archive/samba/2017-January/205925.html It it not remove the dead links; in this case to a l-o-n-g extinct domain controller. [root@larkin28 samba]# bin/samba-tool dbcheck --cross-ncs -H /var/lib/samba/private/sam.ldb Checking 8412 objects ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object CN=3ad6381a-9725-4e28-8157-a5a3fde68a43,CN=Partitions,CN=Configuration,DC=micore,DC=us - <GUID=7d3f95a5cdfa1246b1fb2fcd16e5f877>;<RMD_ADDTIME=130000065100000000>;<RMD_CHANGETIME=130000065100000000>;<RMD_FLAGS=0>;<RMD_INVOCID=01db57fd8d4ddd469aee9cbd36abb3e1>;<RMD_LOCAL_USN=5149>;<RMD_ORIGINATING_USN=3630>;<RMD_VERSION=0>;CN=NTDS Settings,CN=BARBEL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us Not removing dangling forward link ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object CN=55b4d7f1-b1b1-4843-ae00-7908adf44ffa,CN=Partitions,CN=Configuration,DC=micore,DC=us - <GUID=7d3f95a5cdfa1246b1fb2fcd16e5f877>;<RMD_ADDTIME=130000065100000000>;<RMD_CHANGETIME=130000065100000000>;<RMD_FLAGS=0>;<RMD_INVOCID=01db57fd8d4ddd469aee9cbd36abb3e1>;<RMD_LOCAL_USN=5124>;<RMD_ORIGINATING_USN=3629>;<RMD_VERSION=0>;CN=NTDS Settings,CN=BARBEL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us Not removing dangling forward link Please use --fix to fix these errors Checked 8412 objects (2 errors) [root@larkin28 samba]# bin/samba-tool domain tombstones expunge -H /var/lib/samba/private/sam.ldb Removed 0 objects and 0 links successfully Same error from dbcheck occurs after the tombstones expunge.
I am also experiencing this on 4.5.7 from sernet: [root@auth1 ~]# samba-tool domain tombstones expunge Doing a full scan on CN=Configuration,DC=ad,DC=brewerscience,DC=com and looking for deleted objects Doing a full scan on DC=ad,DC=brewerscience,DC=com and looking for deleted objects Doing a full scan on DC=DomainDnsZones,DC=ad,DC=brewerscience,DC=com and looking for deleted objects Doing a full scan on DC=ForestDnsZones,DC=ad,DC=brewerscience,DC=com and looking for deleted objects Removed 0 objects and 0 links successfully [root@auth1 ~]# samba-tool dbcheck --cross-ncs --fix --yes 'fix_replmetadata_unsorted_attid' Checking 5120 objects ERROR: no target object found for GUID component for lastKnownParent in object CN=0a821ff8-9d9e-43f6-a987-abbb847a8d2f\0ADEL:2e98b595-bf3c-474e-a1c9-94abea77f74c,CN=Deleted Objects,CN=Configuration,DC=ad,DC=brewerscience,DC=com - <GUID=149d1bf7-5937-489b-b86e-1b7665ddabe6>;CN=NTDS Settings\0ACNF:149d1bf7-5937-489b-b86e-1b7665ddabe6,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com Not removing dangling forward link ERROR: missing GUID component for lastKnownParent in object CN=NTDS Settings\0ADEL:bade4d5a-4fba-465f-ba0b-86884eeb7d8d,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com - CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com unable to find object for DN CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com - (No such Base DN: CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com) Not removing dangling forward link ERROR: missing GUID component for lastKnownParent in object CN=NTDS Settings\0ADEL:ce80cc79-de40-41ff-9b4c-9535606995ec,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com - CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com unable to find object for DN CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com - (No such Base DN: CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com) Not removing dangling forward link ERROR: no target object found for GUID component for lastKnownParent in object CN=903c87ec-d844-47ee-8f42-9f0fb3bba244\0ADEL:e6c8df1c-42db-4382-bc72-34ac96c87f9b,CN=Deleted Objects,CN=Configuration,DC=ad,DC=brewerscience,DC=com - <GUID=149d1bf7-5937-489b-b86e-1b7665ddabe6>;CN=NTDS Settings\0ACNF:149d1bf7-5937-489b-b86e-1b7665ddabe6,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com Not removing dangling forward link Checked 5120 objects (4 errors) [root@auth1 ~]# smbstatus Samba version 4.5.7-SerNet-RedHat-16.el6
Seems to be still present in 4.6.6 Was the patch dropped for some reason, or does the same behaviour have a different reason now?
This was pushed as ef7e46d68a6596be6e904caaa04e917c576dd9d3 for 4.6.0