12967 – Linked attributes from extended schema not found for object classes

Bug 12967 - Linked attributes from extended schema not found for object classes

Summary: Linked attributes from extended schema not found for object classes

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.6.7
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andrew Bartlett
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:
Blocks:

Reported:	2017-08-15 13:12 UTC by Evgeny Sinelnikov
Modified:	2023-04-12 12:26 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Evgeny Sinelnikov 2017-08-15 13:12:32 UTC

Some linked attributes (particularly msExchDomainRestrictionBL) not found in dsdb for object classes. This problem looks like trouble during multiple processes:

1) KCC:

[2017/08/15 10:50:52.156495,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
[2017/08/15 10:50:52.156854,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: Traceback (most recent call last):
[2017/08/15 10:50:52.156881,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/sbin/samba_kcc", line 337, in <module>
[2017/08/15 10:50:52.156905,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     attempt_live_connections=opts.attempt_live_connections)
[2017/08/15 10:50:52.156928,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/__init__.py", line 2650, in run
[2017/08/15 10:50:52.156977,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     self.translate_ntdsconn()
[2017/08/15 10:50:52.157001,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/__init__.py", line 1042, in translate_ntdsconn
[2017/08/15 10:50:52.157027,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     n_rep.commit_repsFrom(self.samdb)
[2017/08/15 10:50:52.157049,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/kcc_utils.py", line 396, in commit_repsFrom
[2017/08/15 10:50:52.157071,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     (self.nc_dnstr, estr))
[2017/08/15 10:50:52.157093,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: samba.kcc.kcc_utils.KCCError: Could not set repsFrom for (DC=dp,DC=mosreg,DC=ru) - ((65, "objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!"))
[2017/08/15 10:50:52.157162,  3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
  Child /usr/sbin/samba_kcc exited with status 1

2) Store object class attributes:

[2017/08/15 10:55:18.557890,  2] ../source4/dsdb/repl/replicated_objects.c:1016(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=ForestDnsZones,DC=dp,DC=mosreg,DC=ru
[2017/08/15 10:55:18.603617,  2] ../source4/dsdb/repl/replicated_objects.c:1016(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=DomainDnsZones,DC=dp,DC=mosreg,DC=ru
[2017/08/15 10:55:18.623839,  2] ../source4/dsdb/repl/replicated_objects.c:1016(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=dp,DC=mosreg,DC=ru
[2017/08/15 10:55:18.661123,  2] ../source4/dsdb/repl/replicated_objects.c:1016(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=dp,DC=mosreg,DC=ru
[2017/08/15 10:55:18.722053,  2] ../source4/dsdb/repl/replicated_objects.c:1016(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=dp,DC=mosreg,DC=ru
[2017/08/15 10:55:18.740877,  0] ../source4/dsdb/common/util.c:3283(dsdb_savereps)
  Failed to store repsFrom - objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!
[2017/08/15 10:55:18.741248,  2] ../source4/dsdb/repl/drepl_out_pull.c:85(drepl_reps_update)
  drepl_reps_update: Failed to save repsFrom for DC=dp,DC=mosreg,DC=ru: WERR_DS_DRA_INTERNAL_ERROR

3) Replication process:

[2017/08/15 11:00:04.671277,  3] ../source4/rpc_server/drsuapi/getncchanges.c:2602(dcesrv_drsuapi_DsGetNCChanges)
  UpdateRefs on getncchanges for eb2d1557-6bd7-45d5-8864-e74073ef6752
[2017/08/15 11:00:04.696601,  3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
  Child /usr/sbin/samba_spnupdate exited with status 0
[2017/08/15 11:00:04.696662,  3] ../source4/dsdb/dns/dns_update.c:315(dnsupdate_spnupdate_done)
  Completed SPN update check OK
[2017/08/15 11:00:04.701173,  0] ../source4/dsdb/common/util.c:3283(dsdb_savereps)
  Failed to store repsTo - objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!
[2017/08/15 11:00:04.701493,  0] ../source4/rpc_server/drsuapi/updaterefs.c:217(drsuapi_UpdateRefs)
  Failed to add repsTo for eb2d1557-6bd7-45d5-8864-e74073ef6752: WERR_DS_DRA_INTERNAL_ERROR
[2017/08/15 11:00:04.702124,  0] ../source4/rpc_server/drsuapi/getncchanges.c:2623(dcesrv_drsuapi_DsGetNCChanges)
  ../source4/rpc_server/drsuapi/getncchanges.c:2623: Failed UpdateRefs on <GUID=0a0c6920-60b3-47ce-b215-0f976e17e1db>;<SID=S-1-5-21-698140489-3825754665-3897753990>;DC=dp,DC=mosreg,DC=ru for eb2d1557-6bd7-45d5-8864-e74073ef6752._msdcs.dp.mosreg.ru in DsGetNCChanges - WERR_DS_DRA_INTERNAL_ERROR

Discussion on samba-technical@ 
https://lists.samba.org/archive/samba-technical/2017-August/122357.html

Comment 1 Stefan Metzmacher 2017-08-15 13:50:05 UTC

4.7 might some improvements in that area.
Can you check if it works with 4.7.0rc4?

Comment 2 Evgeny Sinelnikov 2017-08-15 14:11:02 UTC

Yes, I do it ASAP.

Comment 3 Evgeny Sinelnikov 2017-08-15 14:27:45 UTC

It no so easy to merge it on top of release:
[sin@tor samba.git]$ git merge samba-4.7.0rc4
Auto-merging wscript_configure_system_mitkrb5
Auto-merging wscript
Auto-merging testsuite/unittests/wscript
CONFLICT (content): Merge conflict in testsuite/unittests/wscript
Auto-merging testprogs/blackbox/subunit.sh
Auto-merging testprogs/blackbox/dbcheck-links.sh
CONFLICT (content): Merge conflict in testprogs/blackbox/dbcheck-links.sh
Auto-merging source4/torture/vfs/vfs.c
CONFLICT (content): Merge conflict in source4/torture/vfs/vfs.c
Auto-merging source4/torture/vfs/fruit.c
CONFLICT (content): Merge conflict in source4/torture/vfs/fruit.c
Auto-merging source4/torture/smb2/smb2.c
CONFLICT (content): Merge conflict in source4/torture/smb2/smb2.c
Auto-merging source4/torture/smb2/rename.c
Auto-merging source4/torture/smb2/oplock.c
CONFLICT (content): Merge conflict in source4/torture/smb2/oplock.c
Auto-merging source4/torture/smb2/lease.c
CONFLICT (content): Merge conflict in source4/torture/smb2/lease.c
Auto-merging source4/torture/smb2/dir.c
Auto-merging source4/torture/ndr/spoolss.c
...
Auto-merging docs-xml/Samba-Developers-Guide/Tracing.xml
Auto-merging docs-xml/Samba-Developers-Guide/CodingSuggestions.xml
Auto-merging ctdb/wscript
CONFLICT (content): Merge conflict in ctdb/wscript
Auto-merging ctdb/tools/ctdb_event.c
Auto-merging ctdb/tools/ctdb.c
Removing ctdb/tests/eventscripts/50.samba.monitor.107.sh
Removing ctdb/tests/eventscripts/50.samba.monitor.051.sh
Removing ctdb/tests/eventscripts/50.samba.monitor.050.sh
Removing ctdb/tests/eventscripts/49.winbind.monitor.051.sh
Removing ctdb/tests/eventscripts/49.winbind.monitor.050.sh
Auto-merging ctdb/server/eventscript.c
CONFLICT (content): Merge conflict in ctdb/server/eventscript.c
Auto-merging ctdb/server/ctdb_takeover_helper.c
CONFLICT (content): Merge conflict in ctdb/server/ctdb_takeover_helper.c
Auto-merging ctdb/server/ctdb_recovery_helper.c
CONFLICT (content): Merge conflict in ctdb/server/ctdb_recovery_helper.c
Auto-merging ctdb/server/ctdb_recoverd.c
Auto-merging ctdb/server/ctdb_recover.c
Auto-merging ctdb/server/ctdb_lock_helper.c
CONFLICT (content): Merge conflict in ctdb/server/ctdb_lock_helper.c
Auto-merging ctdb/server/ctdb_lock.c
Auto-merging ctdb/server/ctdb_call.c
CONFLICT (content): Merge conflict in ctdb/server/ctdb_call.c
Removing ctdb/packaging/mkversion.sh
Auto-merging ctdb/doc/ctdb.1.xml
Auto-merging ctdb/config/functions
Auto-merging ctdb/config/events.d/60.nfs
Auto-merging ctdb/common/sock_io.c
Auto-merging ctdb/common/run_proc.c
Auto-merging ctdb/common/logging.c
Auto-merging buildtools/wafsamba/samba_python.py
Auto-merging auth/gensec/spnego.c
CONFLICT (content): Merge conflict in auth/gensec/spnego.c
Auto-merging auth/credentials/credentials_krb5.c
CONFLICT (content): Merge conflict in auth/credentials/credentials_krb5.c
Auto-merging WHATSNEW.txt
CONFLICT (content): Merge conflict in WHATSNEW.txt
Auto-merging VERSION
CONFLICT (content): Merge conflict in VERSION
Automatic merge failed; fix conflicts and then commit the result.

Comment 4 Stefan Metzmacher 2017-08-16 11:13:24 UTC

(In reply to Evgeny Sinelnikov from comment #3)

git merge samba-4.7.0rc4 is not likely to work.

Which branch is currently checked out? 

Maybe something like this:
git checkout -b v4-7-stable origin/v4-7-stable

Comment 5 Evgeny Sinelnikov 2017-08-22 19:38:36 UTC

Update samba to 4.7.0rc4 and run on same configuration:

[2017/08/22 22:27:26.897073,  0] ../source4/smbd/server.c:428(binary_smbd_main)
  samba version 4.7.0rc4 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2017
[2017/08/22 22:27:26.897189,  3] ../source4/smbd/server.c:446(binary_smbd_main)
  Becoming a daemon.
[2017/08/22 22:27:26.899122,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2017/08/22 22:27:26.899171,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2017/08/22 22:27:26.899185,  3] ../auth/gensec/gensec_start.c:977(gensec_register)
[mastersin@kr01-dc-alt-01 log03]$ sudo cat /var/log/samba/log.samba                                                                                                                                                                         
[2017/08/22 22:27:26.897073,  0] ../source4/smbd/server.c:428(binary_smbd_main)
  samba version 4.7.0rc4 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2017
[2017/08/22 22:27:26.897189,  3] ../source4/smbd/server.c:446(binary_smbd_main)
  Becoming a daemon.
...
[2017/08/22 22:27:28.952221,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ authtime: 2017-08-22T22:27:28 starttime: unset endtime: 2017-08-23T08:27:28 renew till: unset
[2017/08/22 22:27:28.952429,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2017/08/22 22:27:28.954862,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ KR01-DC-ALT-01$@DP.MOSREG.RU from ipv4:10.10.51.101:41054 for krbtgt/DP.MOSREG.RU@DP.MOSREG.RU
[2017/08/22 22:27:28.982915,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client sent patypes: encrypted-timestamp
[2017/08/22 22:27:28.982952,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for PKINIT pa-data -- KR01-DC-ALT-01$@DP.MOSREG.RU
[2017/08/22 22:27:28.982964,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Looking for ENC-TS pa-data -- KR01-DC-ALT-01$@DP.MOSREG.RU
[2017/08/22 22:27:28.983017,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: ENC-TS Pre-authentication succeeded -- KR01-DC-ALT-01$@DP.MOSREG.RU using aes256-cts-hmac-sha1-96
[2017/08/22 22:27:28.983064,  3] ../auth/auth_log.c:760(log_authentication_event_human_readable)
  Auth: [Kerberos KDC,ENC-TS Pre-authentication] user [(null)]\[KR01-DC-ALT-01$@DP.MOSREG.RU] at [Tue, 22 Aug 2017 22:27:28.983051 MSK] with [aes256-cts-hmac-sha1-96] status [NT_STATUS_OK] workstation [(null)] remote host [ipv4:10.10.5$
.101:41054] became [DP]\[KR01-DC-ALT-01$] [S-1-5-21-698140489-3825754665-3897753990-114108]. local host [NULL] 
[2017/08/22 22:27:28.994862,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: AS-REQ authtime: 2017-08-22T22:27:28 starttime: unset endtime: 2017-08-23T08:27:28 renew till: unset
[2017/08/22 22:27:28.994921,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, des3-cbc-md5, arcfour-hmac-md5, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
[2017/08/22 22:27:28.995260,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2017/08/22 22:27:28.995325,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2017/08/22 22:27:29.034538,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'gssapi_spnego' registered
[2017/08/22 22:27:29.034762,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'gssapi_krb5' registered
[2017/08/22 22:27:29.034816,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'gssapi_krb5_sasl' registered
[2017/08/22 22:27:29.034856,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'spnego' registered
[2017/08/22 22:27:29.034891,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'schannel' registered
[2017/08/22 22:27:29.034921,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'naclrpc_as_system' registered
[2017/08/22 22:27:29.034941,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'sasl-EXTERNAL' registered
[2017/08/22 22:27:29.034960,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'ntlmssp' registered
[2017/08/22 22:27:29.034979,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/08/22 22:27:29.034997,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'http_basic' registered
[2017/08/22 22:27:29.035022,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'http_ntlm' registered
[2017/08/22 22:27:29.035042,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'krb5' registered
[2017/08/22 22:27:29.035101,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: GENSEC backend 'fake_gssapi_krb5' registered
[2017/08/22 22:27:29.041209,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: TGS-REQ KR01-DC-ALT-01$@DP.MOSREG.RU from ipv4:10.10.51.101:41058 for krbtgt/DP.MOSREG.RU@DP.MOSREG.RU [forwarded, forwardable]
[2017/08/22 22:27:29.071903,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Bad request for forwardable ticket
[2017/08/22 22:27:29.071996,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: Failed building TGS-REP to ipv4:10.10.51.101:41058
[2017/08/22 22:27:29.072255,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2017/08/22 22:27:29.072693,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2017/08/22 22:27:29.098797,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2017/08/22 22:27:29.099049,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: update failed: REFUSED
[2017/08/22 22:27:29.125202,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2017/08/22 22:27:29.125394,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: update failed: REFUSED
[2017/08/22 22:27:29.127619,  2] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_dnsupdate: Failed update of 2 entries
[2017/08/22 22:27:29.164658,  3] ../lib/util/util_runcmd.c:287(samba_runcmd_io_handler)
  samba_runcmd_io_handler: Child /usr/sbin/samba_dnsupdate exited 2
[2017/08/22 22:27:29.164765,  2] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
  s4_tevent: EPOLL_CTL_DEL EBADF for fde[0x555777028440] mpx_fde[(nil)] fd[45] - disabling
[2017/08/22 22:27:29.164796,  0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
  ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 2
[2017/08/22 22:27:31.462689,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered KR01-DC-ALT-01<00> with 10.10.51.101 on interface 10.10.51.255
[2017/08/22 22:27:31.462854,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered KR01-DC-ALT-01<03> with 10.10.51.101 on interface 10.10.51.255
[2017/08/22 22:27:31.462894,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered KR01-DC-ALT-01<20> with 10.10.51.101 on interface 10.10.51.255
[2017/08/22 22:27:31.464037,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DP<1c> with 10.10.51.101 on interface 10.10.51.255
[2017/08/22 22:27:31.464094,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DP<00> with 10.10.51.101 on interface 10.10.51.255
[2017/08/22 22:27:32.516934,  3] ../libcli/nbt/lmhosts.c:184(resolve_lmhosts_file_as_sockaddr)
  resolve_lmhosts: Attempting lmhosts lookup for name eb2d1557-6bd7-45d5-8864-e74073ef6752._msdcs.dp.mosreg.ru<0x20>
[2017/08/22 22:27:32.532894,  3] ../libcli/nbt/lmhosts.c:184(resolve_lmhosts_file_as_sockaddr)
  resolve_lmhosts: Attempting lmhosts lookup for name eb2d1557-6bd7-45d5-8864-e74073ef6752._msdcs.dp.mosreg.ru<0x20>
[2017/08/22 22:27:32.542270,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/08/22 22:27:32.627275,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: TGS-REQ KR01-DC-ALT-01$@DP.MOSREG.RU from ipv4:10.10.51.101:41070 for GC/kr01-dc08-01.dp.mosreg.ru/dp.mosreg.ru@DP.MOSREG.RU [canonicalize]
[2017/08/22 22:27:32.649588,  3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
  Kerberos: TGS-REQ authtime: 2017-08-22T22:27:32 starttime: 2017-08-22T22:27:32 endtime: 2017-08-23T08:27:32 renew till: unset
[2017/08/22 22:27:32.650505,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
[2017/08/22 22:27:32.650582,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED]
[2017/08/22 22:27:32.863000,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/08/22 22:27:32.924292,  3] ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:86(dcesrv_drsuapi_DsBind)
  ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:86: doing DsBind with system_session
[2017/08/22 22:27:32.927040,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/08/22 22:27:32.948441,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1728(getncchanges_collect_objects)
  ../source4/rpc_server/drsuapi/getncchanges.c:1728: getncchanges on DC=ForestDnsZones,DC=dp,DC=mosreg,DC=ru using filter (uSNChanged>=423498)
[2017/08/22 22:27:32.951031,  2] ../source4/rpc_server/drsuapi/getncchanges.c:3003(dcesrv_drsuapi_DsGetNCChanges)
  DsGetNCChanges with uSNChanged >= 423498 flags 0x80000070 on <GUID=643a02f3-9696-4c80-80f2-2bf269c216d4>;DC=ForestDnsZones,DC=dp,DC=mosreg,DC=ru gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-698140489-3825754665-3897753990-
110101))
[2017/08/22 22:27:32.956965,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1728(getncchanges_collect_objects)
  ../source4/rpc_server/drsuapi/getncchanges.c:1728: getncchanges on CN=Schema,CN=Configuration,DC=dp,DC=mosreg,DC=ru using filter (uSNChanged>=423498)
[2017/08/22 22:27:32.999394,  2] ../source4/rpc_server/drsuapi/getncchanges.c:3003(dcesrv_drsuapi_DsGetNCChanges)
  DsGetNCChanges with uSNChanged >= 423498 flags 0x80000070 on <GUID=595c90e7-7933-453f-93f3-169e651954aa>;CN=Schema,CN=Configuration,DC=dp,DC=mosreg,DC=ru gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-698140489-3825754665-38
97753990-110101))
[2017/08/22 22:27:33.006339,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1728(getncchanges_collect_objects)
  ../source4/rpc_server/drsuapi/getncchanges.c:1728: getncchanges on CN=Configuration,DC=dp,DC=mosreg,DC=ru using filter (uSNChanged>=423498)
[2017/08/22 22:27:33.074225,  2] ../source4/rpc_server/drsuapi/getncchanges.c:3003(dcesrv_drsuapi_DsGetNCChanges)
  DsGetNCChanges with uSNChanged >= 423498 flags 0x80000070 on <GUID=988acfbd-3206-43c3-bbeb-4f2fc936df27>;CN=Configuration,DC=dp,DC=mosreg,DC=ru gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-698140489-3825754665-3897753990-1
10101))
[2017/08/22 22:27:33.079512,  2] ../source4/rpc_server/drsuapi/getncchanges.c:1728(getncchanges_collect_objects)
  ../source4/rpc_server/drsuapi/getncchanges.c:1728: getncchanges on DC=DomainDnsZones,DC=dp,DC=mosreg,DC=ru using filter (uSNChanged>=423498)
[2017/08/22 22:27:33.187830,  2] ../source4/rpc_server/drsuapi/getncchanges.c:3003(dcesrv_drsuapi_DsGetNCChanges)
  DsGetNCChanges with uSNChanged >= 423498 flags 0x80000070 on <GUID=8531b891-bfdf-4509-81c8-bec152d994c3>;DC=DomainDnsZones,DC=dp,DC=mosreg,DC=ru gave 0 objects (done 0/0) 0 links (done 0/0 (as S-1-5-21-698140489-3825754665-3897753990-
110101))
[2017/08/22 22:27:42.504346,  2] ../source4/dsdb/kcc/kcc_periodic.c:710(kccsrv_samba_kcc)
  Calling samba_kcc script
[2017/08/22 22:27:42.525867,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=ForestDnsZones,DC=dp,DC=mosreg,DC=ru and looking for deleted objects
[2017/08/22 22:27:42.566554,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 1 objects (0 linked attributes) for DC=ForestDnsZones,DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:42.569702,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=DomainDnsZones,DC=dp,DC=mosreg,DC=ru and looking for deleted objects
[2017/08/22 22:27:43.730426,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=dp,DC=mosreg,DC=ru and looking for deleted objects
[2017/08/22 22:27:45.419699,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2017/08/22 22:27:45.419870,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2017/08/22 22:27:45.419913,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2017/08/22 22:27:45.420145,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2017/08/22 22:27:47.611569,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/08/22 22:27:49.413308,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_RESET'
[2017/08/22 22:27:49.413538,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_RESET]
[2017/08/22 22:27:57.629923,  0] ../source4/rpc_server/common/forward.c:51(dcesrv_irpc_forward_callback)
  IRPC callback failed for DsReplicaSync - NT_STATUS_IO_TIMEOUT
[2017/08/22 22:27:57.630251,  2] default/librpc/gen_ndr/ndr_drsuapi_s.c:395(drsuapi__op_reply)
  dcerpc_fault DCERPC_FAULT_CANT_PERFORM in drsuapi_DsReplicaSync


And got same result:

[2017/08/22 22:27:57.633981,  3] ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:86(dcesrv_drsuapi_DsBind)
  ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:86: doing DsBind with system_session
[2017/08/22 22:27:58.889323,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on CN=Configuration,DC=dp,DC=mosreg,DC=ru and looking for deleted objects
[2017/08/22 22:27:58.909629,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=DomainDnsZones,DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:58.909902,  3] ../source4/dsdb/repl/drepl_service.c:203(_drepl_schedule_replication)
  _drepl_schedule_replication: forcing sync of partition (0a0c6920-60b3-47ce-b215-0f976e17e1db, DC=dp,DC=mosreg,DC=ru, eb2d1557-6bd7-45d5-8864-e74073ef6752._msdcs.dp.mosreg.ru)
[2017/08/22 22:27:58.910014,  3] ../source4/dsdb/repl/drepl_service.c:203(_drepl_schedule_replication)
  _drepl_schedule_replication: forcing sync of partition (0a0c6920-60b3-47ce-b215-0f976e17e1db, DC=dp,DC=mosreg,DC=ru, eb2d1557-6bd7-45d5-8864-e74073ef6752._msdcs.dp.mosreg.ru)
[2017/08/22 22:27:59.596192,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:59.658479,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:59.678353,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
[2017/08/22 22:27:59.678466,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: Traceback (most recent call last):
[2017/08/22 22:27:59.678496,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/sbin/samba_kcc", line 337, in <module>
[2017/08/22 22:27:59.678518,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     attempt_live_connections=opts.attempt_live_connections)
[2017/08/22 22:27:59.678541,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/__init__.py", line 2650, in run
[2017/08/22 22:27:59.678565,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     self.translate_ntdsconn()
[2017/08/22 22:27:59.678587,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/__init__.py", line 1042, in translate_ntdsconn
[2017/08/22 22:27:59.678622,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     n_rep.commit_repsFrom(self.samdb)
[2017/08/22 22:27:59.678642,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:   File "/usr/lib64/python2.7/site-packages/samba/kcc/kcc_utils.py", line 396, in commit_repsFrom
[2017/08/22 22:27:59.678665,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc:     (self.nc_dnstr, estr))
[2017/08/22 22:27:59.678723,  0] ../lib/util/util_runcmd.c:323(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: samba.kcc.kcc_utils.KCCError: Could not set repsFrom for (DC=dp,DC=mosreg,DC=ru) - ((65, "objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified o
bjectclasses!"))
[2017/08/22 22:27:59.680724,  3] ../lib/util/util_runcmd.c:287(samba_runcmd_io_handler)
  samba_runcmd_io_handler: Child /usr/sbin/samba_kcc exited 1
[2017/08/22 22:27:59.686568,  2] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
  s4_tevent: EPOLL_CTL_DEL EBADF for fde[0x555774c4eab0] mpx_fde[(nil)] fd[44] - disabling
[2017/08/22 22:27:59.686610,  0] ../source4/dsdb/kcc/kcc_periodic.c:693(samba_kcc_done)
  ../source4/dsdb/kcc/kcc_periodic.c:693: Failed samba_kcc - NT_STATUS_ACCESS_DENIED
[2017/08/22 22:27:59.706548,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:59.721036,  0] ../source4/dsdb/common/util.c:3289(dsdb_savereps)
  Failed to store repsFrom - objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!
[2017/08/22 22:27:59.721172,  2] ../source4/dsdb/repl/drepl_out_pull.c:85(drepl_reps_update)
  drepl_reps_update: Failed to save repsFrom for DC=dp,DC=mosreg,DC=ru: WERR_DS_DRA_INTERNAL_ERROR
[2017/08/22 22:27:59.735416,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:59.748965,  0] ../source4/dsdb/common/util.c:3289(dsdb_savereps)
  Failed to store repsFrom - objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!
[2017/08/22 22:27:59.749063,  2] ../source4/dsdb/repl/drepl_out_pull.c:85(drepl_reps_update)
  drepl_reps_update: Failed to save repsFrom for DC=dp,DC=mosreg,DC=ru: WERR_DS_DRA_INTERNAL_ERROR
[2017/08/22 22:27:59.760688,  2] ../source4/dsdb/repl/replicated_objects.c:1017(dsdb_replicated_objects_commit)
  Replicated 0 objects (0 linked attributes) for DC=dp,DC=mosreg,DC=ru
[2017/08/22 22:27:59.773541,  0] ../source4/dsdb/common/util.c:3289(dsdb_savereps)
  Failed to store repsFrom - objectclass_attrs: attribute 'msExchDomainRestrictionBL' on entry 'DC=dp,DC=mosreg,DC=ru' does not exist in the specified objectclasses!
[2017/08/22 22:27:59.773629,  2] ../source4/dsdb/repl/drepl_out_pull.c:85(drepl_reps_update)
  drepl_reps_update: Failed to save repsFrom for DC=dp,DC=mosreg,DC=ru: WERR_DS_DRA_INTERNAL_ERROR
[2017/08/22 22:28:09.412309,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'

Comment 6 Evgeny Sinelnikov 2017-08-23 08:33:12 UTC

So, we have a problem with linked attributes from extended schema, localized in 
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c

$ git grep "does not exist in the specified objectclasses!" | cat                                                                                                                                                        
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c:                             ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",

[...]
        must_contain = dsdb_full_attribute_list(ac, ac->schema, oc_element,
                                                DSDB_SCHEMA_ALL_MUST);
        may_contain =  dsdb_full_attribute_list(ac, ac->schema, oc_element,
                                                DSDB_SCHEMA_ALL_MAY);
[...]
        /* Check if all specified attributes are valid in the given
         * objectclasses and if they meet additional schema restrictions. */
        for (i = 0; i < msg->num_elements; i++) {
                attr = dsdb_attribute_by_lDAPDisplayName(ac->schema,
                                                         msg->elements[i].name);
                if (attr == NULL) {
                        if (ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK)) {
                                /* allow this to make it possible for dbcheck
                                   to remove bad attributes */
                                continue;
                        }
                        return ldb_operr(ldb);
                }

                /* We can use "str_list_check" with "strcmp" here since the
                 * attribute information from the schema are always equal
                 * up-down-cased. */
                found = str_list_check(must_contain, attr->lDAPDisplayName);
                if (found) {
                        str_list_remove(found_must_contain, attr->lDAPDisplayName);
                } else {
                        found = str_list_check(may_contain, attr->lDAPDisplayName);
                }
                if (!found) {
                        found = str_list_check(harmless_attrs, attr->lDAPDisplayName);
                }
                if (!found) {
                        /* we allow this for dbcheck to fix the rest of this broken entry */
                        if (!ldb_request_get_control(ac->req, DSDB_CONTROL_DBCHECK) || 
                            ac->req->operation == LDB_ADD) {
                                ldb_asprintf_errstring(ldb, "objectclass_attrs: attribute '%s' on entry '%s' does not exist in the specified objectclasses!",
                                                       msg->elements[i].name,
                                                       ldb_dn_get_linearized(msg->dn));
                                return LDB_ERR_OBJECT_CLASS_VIOLATION;
                        }
                }
        }
[...]

As we see dsdb_attribute_by_lDAPDisplayName() found attribute, but it is not exists in dsdb_full_attribute_list output for DSDB_SCHEMA_ALL_MUST or DSDB_SCHEMA_ALL_MAY lists.

I don't understand yet where and how dsdb full attribute lists initialized.

Comment 7 Stefan Metzmacher 2023-03-21 10:10:47 UTC

While creating a bug for https://gitlab.com/samba-team/samba/-/merge_requests/2978, I found this old bug report...

Comment 8 Samba QA Contact 2023-03-23 08:20:04 UTC

This bug was referenced in samba master:

d43f6fb3004177adc16d1961d9371144ec245db2
21f4317acb9917e9f9394e6c44fcc5ba46f92dfb
bd3596233f26cdc2e3c591bccf09b2cdceeac023
f9391ec448b28fcb3b55b6f70bed980b0422ffb3
e519416e995d8c91653eb01f7f603c602fd282fe
36bd0287ea7d35b03c5cc0e77d00079268192212
c9fac2e912a30d92cceaea63ea684985a6d7c545
2340443c3be8684e102c235c776f47498ecc50d3
8ee7d232b1088f027b5f9d2bb4c11b15c3e9b0be
732bf8164dff8fd3b5892a7858d8baedae6ed46e
ea4f2b9f544324d917d901e427b8629807ea9af1
06fb5cdffdd1c5d7ac85746fd67cd8c30eb5ace4
ad3694c491a6822cb5c571b5017b650a9d1e86c1
e7ef43cead4ddab85e96b176c7c9123c28a033d2

Comment 9 Stefan Metzmacher 2023-04-12 12:26:08 UTC

Will be fixed in 4.19