Univention Bugzilla – Bug 27893
Backup2Master entfernt Master nicht aus Samba 4 Replikationstoplogie
Last modified: 2013-11-19 06:43:47 CET
Backup2Master entfernt Master nicht aus der Samba 4 Replikationtoplogie. Dadurch liefert z.B. samba-tool drs showrepl Replikationsfehler zu dem deaktivierten System. Um zu sehen, was hier zu tun ist, kann man sich ggf an der neuen upstream "samba-tool domain demote" Funktion orientieren (die sich allerdings nur auf dem jeweiligen DC lokal ausführen lässt). +++ This bug was initially created as a clone of Bug #26986 +++
If sam.ldb is found then univention-backup2master now removes * the machine account with the account name of the old master from samdb * the objectClass=server object related to the old master from samdb * the related NTDS-objectGUID DNS alias Additionally the "dns-$old_master_hostname" account is removed.
Changelog: OK (In reply to Arvid Requate from comment #1) > If sam.ldb is found then univention-backup2master now removes > * the machine account with the account name of the old master from samdb OK > * the objectClass=server object related to the old master from samdb OK > * the related NTDS-objectGUID DNS alias OK > Additionally the "dns-$old_master_hostname" account is removed. That didn't work in my test, it seems the user is removed in OpenLDAP and the connector is initialized later and then synced back from S4 to OpenLDAP: root@backup132:~# egrep "(dns-master|97univention-s4-connector.inst)" /var/log/univention/backup2master.log ++ udm users/user list --filter username=dns-master131 + dns_service_account_dn=uid=dns-master131,cn=users,dc=deadlock13,dc=local + '[' -n uid=dns-master131,cn=users,dc=deadlock13,dc=local ']' + univention-directory-manager users/user remove --dn uid=dns-master131,cn=users,dc=deadlock13,dc=local Running 97univention-s4-connector.inst done root@backup132:~#
The DNS service account for the old master is now also removed in the samba4 backend.
(In reply to Arvid Requate from comment #3) > The DNS service account for the old master is now also removed in the samba4 > backend. The account is still available after backup2master.
Strangely the deleted dns service account was resurrected by the initialization of the s4connector listener (Bug 32263). As a workaround the account is now deleted after initialization of the s4connector listener. Another issue was fixed: removal of the NTDS alias record now also works.
Test S4: OK Test S3: OK Changelog: OK
UCS 3.2 has been released: http://docs.univention.de/release-notes-3.2-en.html http://docs.univention.de/release-notes-3.2-de.html If this error occurs again, please use "Clone This Bug".