Univention Bugzilla – Bug 47618
samba-tool dbcheck --fix fails: "Attribute member already deleted for target GUID" (4.3)
Last modified: 2021-05-14 16:34:23 CEST
+++ This bug was initially created as a clone of Bug #43126 +++ In two customer environments (one UCS@school and one plain UCS) we found the following error, which samba-tool dbcheck (from samba 4.5.1) cannot fix: ============================================================================ ERROR: incorrect GUID component for member in object CN=DC Slave Hosts,CN=Groups,DC=domain,DC=local - <GUID=7f95b5151561c24eaf99d804b6a4671a>;<RMD_ADDTIME=130936344750000000>;<RMD_CHANGETIME=131057144670000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c867a5c459679b67bfe60f35e1914597>;<RMD_LOCAL_USN=53251>;<RMD_ORIGINATING_USN=53251>;<RMD_VERSION=1>;<SID=010500000000000515000000123456789abcdefabcedef0000>;CN=FOO,OU=Domain Controllers,DC=domain,DC=local Change DN to <GUID=7fc4721a-17F2-18a4-8ca4-123456789abc>;<SID=S-1-5-21-1234567890-123456789-123456789-abcde>;CN=FOO,OU=Domain Controllers,DC=domain,DC=local? [YES] ERROR: Failed to fix incorrect GUID on attribute member : (53, 'Attribute member already deleted for target GUID 15b5957f-6115-4ec2-af99-d804b6a4671a') ===================================================================== Intense research of one of both cases didn't reveal where samba-tool dbcheck finds this GUID "15b5957f-6115-4ec2-af99-d804b6a4671a" that the final error message refers to. I also search the output of tdbdump for the binary NDR encoded value. root@slave:~# univention-s4search "CN=FOO" objectguid # record 1 dn: CN=FOO,OU=Domain Controllers,DC=domain,DC=local objectGUID: 7fc4721a-17F2-18a4-8ca4-123456789abc root@slave:~# python >>> from samba.dcerpc import misc >>> from samba.ndr import ndr_pack, ndr_unpack >>> ndr_pack(misc.GUID("15b5957f-6115-4ec2-af99-d804b6a4671a")) '\x7f\x95\xb5\x15\x15a\xc2N\xaf\x99\xd8\x04\xb6\xa4g\x1a' Then I looked for \\F3S\\B3Z\\B5C in tdbdump /var/lib/samba/private/sam.ldb.d/DC\=DOMAIN\,DC\=LOCAL.ldb | less The recommendation from http://www.spinics.net/lists/samba/msg137293.html didn't help. There doesn't seem to be any visible consequence for this error though. Samba finds the machine in the group: root@slave:~# samba-tool group listmembers "DC Slave Hosts" | grep FOO FOO$ And group membership is also Ok in OpenLDAP (and thus in getent group).
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.