Bug 12385 - Tombstone expunge does not remove links to recycled objects
Summary: Tombstone expunge does not remove links to recycled objects
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.5.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 12453
Blocks: 12297
  Show dependency treegraph
 
Reported: 2016-10-21 03:38 UTC by Garming Sam
Modified: 2019-07-31 07:52 UTC (History)
7 users (show)

See Also:


Attachments
Patch to detect recycled objects (8.40 KB, application/mbox)
2016-10-21 03:39 UTC, Garming Sam
no flags Details
Patch to detect recycled objects (8.40 KB, patch)
2016-10-21 03:40 UTC, Garming Sam
abartlet: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Garming Sam 2016-10-21 03:38:06 UTC

    
Comment 1 Garming Sam 2016-10-21 03:39:52 UTC
Created attachment 12593 [details]
Patch to detect recycled objects
Comment 2 Garming Sam 2016-10-21 03:40:24 UTC
Created attachment 12594 [details]
Patch to detect recycled objects
Comment 3 Andrew Bartlett 2016-10-21 06:27:02 UTC
Alisson,

Can you please try the patch by garming at attachment 12594 [details]?

We simulated what we hope is the issue you have seen, and we think this fixes it, unlike my previous untested patch on bug 12297 (which didn't).

Again, the patch is on master, and then we want you to run 'samba-tool domain tombstones expunge'.

Thanks,
Comment 4 Alisson 2016-10-21 11:39:53 UTC
(In reply to Andrew Bartlett from comment #3)

After patch work it. No more erros when running 'samba-tool dbcheck' and the output of 'samba-tool domain tombstones expunge' said:
Deleting deleted linked attribute member to 215b99e2-226e-4e99-b2ea-9d0afb44399b, because vanish_links control is set
Deleting deleted linked attribute member to 4522f25b-b4d5-4192-8be2-6b4aee097575, because vanish_links control is set
Deleting deleted linked attribute member to a00c6f5c-74d5-4452-b1c6-3f455c67f6eb, because vanish_links control is set
Deleting deleted linked attribute member to b69fb088-21e1-4862-b4d5-1f16412ed9ec, because vanish_links control is set
Deleting deleted linked attribute member to ee285a7f-2e74-482e-9791-13459862a552, because vanish_links control is set
Comment 5 Andrew Bartlett 2016-10-21 18:55:45 UTC
Comment on attachment 12594 [details]
Patch to detect recycled objects

Thanks!  I'll review this patch onto master shortly, and then we can apply for this to get into 4.5.
Comment 6 Adam Tauno Williams 2017-01-16 19:58:48 UTC
I have attempted to use "tombstones expunge" from master on the DC described in https://lists.samba.org/archive/samba/2017-January/205925.html
It it not remove the dead links; in this case to a l-o-n-g extinct domain controller.

[root@larkin28 samba]# bin/samba-tool dbcheck --cross-ncs -H /var/lib/samba/private/sam.ldb
Checking 8412 objects
ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object CN=3ad6381a-9725-4e28-8157-a5a3fde68a43,CN=Partitions,CN=Configuration,DC=micore,DC=us - <GUID=7d3f95a5cdfa1246b1fb2fcd16e5f877>;<RMD_ADDTIME=130000065100000000>;<RMD_CHANGETIME=130000065100000000>;<RMD_FLAGS=0>;<RMD_INVOCID=01db57fd8d4ddd469aee9cbd36abb3e1>;<RMD_LOCAL_USN=5149>;<RMD_ORIGINATING_USN=3630>;<RMD_VERSION=0>;CN=NTDS Settings,CN=BARBEL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
Not removing dangling forward link
ERROR: no target object found for GUID component for msDS-NC-Replica-Locations in object CN=55b4d7f1-b1b1-4843-ae00-7908adf44ffa,CN=Partitions,CN=Configuration,DC=micore,DC=us - <GUID=7d3f95a5cdfa1246b1fb2fcd16e5f877>;<RMD_ADDTIME=130000065100000000>;<RMD_CHANGETIME=130000065100000000>;<RMD_FLAGS=0>;<RMD_INVOCID=01db57fd8d4ddd469aee9cbd36abb3e1>;<RMD_LOCAL_USN=5124>;<RMD_ORIGINATING_USN=3629>;<RMD_VERSION=0>;CN=NTDS Settings,CN=BARBEL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
Not removing dangling forward link
Please use --fix to fix these errors
Checked 8412 objects (2 errors)

[root@larkin28 samba]# bin/samba-tool domain tombstones expunge  -H /var/lib/samba/private/sam.ldb Removed 0 objects and 0 links successfully

Same error from dbcheck occurs after the tombstones expunge.
Comment 7 Thomas Maerz 2017-04-17 23:59:56 UTC
I am also experiencing this on 4.5.7 from sernet:
[root@auth1 ~]# samba-tool domain tombstones expunge
Doing a full scan on CN=Configuration,DC=ad,DC=brewerscience,DC=com and looking for deleted objects
Doing a full scan on DC=ad,DC=brewerscience,DC=com and looking for deleted objects
Doing a full scan on DC=DomainDnsZones,DC=ad,DC=brewerscience,DC=com and looking for deleted objects
Doing a full scan on DC=ForestDnsZones,DC=ad,DC=brewerscience,DC=com and looking for deleted objects
Removed 0 objects and 0 links successfully
[root@auth1 ~]# samba-tool dbcheck --cross-ncs --fix --yes 'fix_replmetadata_unsorted_attid'
Checking 5120 objects
ERROR: no target object found for GUID component for lastKnownParent in object CN=0a821ff8-9d9e-43f6-a987-abbb847a8d2f\0ADEL:2e98b595-bf3c-474e-a1c9-94abea77f74c,CN=Deleted Objects,CN=Configuration,DC=ad,DC=brewerscience,DC=com - <GUID=149d1bf7-5937-489b-b86e-1b7665ddabe6>;CN=NTDS Settings\0ACNF:149d1bf7-5937-489b-b86e-1b7665ddabe6,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com
Not removing dangling forward link
ERROR: missing GUID component for lastKnownParent in object CN=NTDS Settings\0ADEL:bade4d5a-4fba-465f-ba0b-86884eeb7d8d,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com - CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com
unable to find object for DN CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com - (No such Base DN: CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com)
Not removing dangling forward link
ERROR: missing GUID component for lastKnownParent in object CN=NTDS Settings\0ADEL:ce80cc79-de40-41ff-9b4c-9535606995ec,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com - CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com
unable to find object for DN CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com - (No such Base DN: CN=NOAUTH,CN=Servers,CN=NoAuth,CN=Sites,CN=Configuration,DC=ad,DC=brewerscience,DC=com)
Not removing dangling forward link
ERROR: no target object found for GUID component for lastKnownParent in object CN=903c87ec-d844-47ee-8f42-9f0fb3bba244\0ADEL:e6c8df1c-42db-4382-bc72-34ac96c87f9b,CN=Deleted Objects,CN=Configuration,DC=ad,DC=brewerscience,DC=com - <GUID=149d1bf7-5937-489b-b86e-1b7665ddabe6>;CN=NTDS Settings\0ACNF:149d1bf7-5937-489b-b86e-1b7665ddabe6,CN=LostAndFoundConfig,CN=Configuration,DC=ad,DC=brewerscience,DC=com
Not removing dangling forward link
Checked 5120 objects (4 errors)
[root@auth1 ~]# smbstatus

Samba version 4.5.7-SerNet-RedHat-16.el6
Comment 8 Engel, Johannes 2017-07-23 21:47:28 UTC
Seems to be still present in 4.6.6 Was the patch dropped for some reason, or does the same behaviour have a different reason now?
Comment 9 Stefan Metzmacher 2019-07-31 07:52:12 UTC
This was pushed as ef7e46d68a6596be6e904caaa04e917c576dd9d3 for 4.6.0