Univention Bugzilla – Bug 34754
dns-service account missing after re-join of DC backup
Last modified: 2014-06-05 15:33:16 CEST
After re-joining a DC backup no accounts can be created locally any longer. As a result the join.log shows that the dns-service account is not created. I guess that DDNS updates will fail in this case. We already had this once, see Bug #28373. I think this is a regression due to the changes of Bug #32595. join.log: =================================================================== Configure 96univention-samba4.inst Tue Jan 7 15:02:45 CET 2014 [...] keeping existing samaccount: CN=BACKUP41,OU=Domain Controllers,DC=ar320i1,DC=qa Deleted CN=dns-backup41,CN=Users,DC=ar320i1,DC=qa Deleted CN=2fec9585-e6ce-45da-8c9a-04631eff01d0,CN=NTDS Settings,CN=BACKUP41,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ar320i1,DC=qa Deleted CN=NTDS Settings,CN=BACKUP41,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ar320i1,DC=qa Deleted CN=BACKUP41,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ar320i1,DC=qa Adding CN=BACKUP41,OU=Domain Controllers,DC=ar320i1,DC=qa Adding CN=BACKUP41,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ar320i1,DC=qa Adding CN=NTDS Settings,CN=BACKUP41,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ar320i1,DC=qa Adding SPNs to CN=BACKUP41,OU=Domain Controllers,DC=ar320i1,DC=qa [...] Configure 98univention-samba4-dns.inst Tue Jan 7 15:03:58 CET 2014 Waiting for RID Pool replication: done. ERROR(ldb): Failed to add user 'dns-backup41': - ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=dns-backup41,CN=Users,DC=ar320i1,DC=qa - ../ldb_tdb/ldb_index.c:1148: unique index violation on object Sid in CN=dns-backup41,CN=Users,DC=ar320i1,DC=qa =================================================================== Looks like the "RID Set" information got lost during rejoin: =================================================================== dn: CN=dns-backup41\0ADEL:e003cdd0-8023-4709-95d4-36be33390736,CN=Deleted Objects,DC=ar320i1,DC=qa objectSid: S-1-5-21-2504708665-2173701359-1147132429-1601 sAMAccountName: dns-backup41 =================================================================== The RID Set lost track of the rIDNextRID: =================================================================== dn: CN=RID Set,CN=BACKUP41,OU=Domain Controllers,DC=ar320i1,DC=qa objectClass: rIDSet rIDAllocationPool: 1600-2099 rIDUsedPool: 0 rIDNextRID: ## this attribute is missing =================================================================== +++ This bug was initially created as a clone of Bug #32595 +++
I think we should revert the changes of Bug #32595 and fix the original issue instead: =============================================================================== ERROR(<type 'exceptions.TypeError'>): uncaught exception - join_DC() got an unexpected keyword argument 'keep_existing' File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.6/dist-packages/samba/netcmd/domain.py", line 560, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) ===============================================================================
Created attachment 5935 [details] save_and_restore_rid_pool.patch Patch for the joinscript, taken from the script implemented for Bug 32187.
Advisory: 2014-05-28-univention-samba4.yaml
Code: OK YAML: OK Tests: OK
http://errata.univention.de/ucs/3.2/119.html