Re-Provisioning Samba4 on a DC Master

samba-ad
ucs-4
servicesforwindows

#1

This article describes the re-provision of a Samba 4 DC Master. Please see http://sdb.univention.de/1353 if a UCS@school environment is used.

Problem:

Several Samba 4 data is either lost or corrupt

The LDB-Data of Samba 4 (z.B. /var/lib/samba/private/sam.ldb) is corrupted/broken/lost and Samba 4 has to be re-provisioned.

Solution:

Samba 4 can be re-provisioned with the help of the existing LDAP data

The following steps will describe the needed procedure:

1. Stop Samba 4 on all connected systems in the environment

If there are other Samba 4 systems available, samba 4 has to be stopped there - the naming of the init scripts changed to UCS 4 - both variants are explained:

# UCS 4:
invoke-rc.d samba stop
# UCS 3:
invoke-rc.d samba4 stop

2. Sync time on DC Master:

rdate ptbtime1.ptb.de

3. Save RID Pools on DC Master: {#save-rid-pools-on-dc-master .ace-line}

ldbsearch -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)" > /root/ridpool.ldif

4. Stop Samba 4 and S4-Connector on DC Master

# UCS 4:
invoke-rc.d samba stop
invoke-rc.d univention-s4-connector stop
# UCS 3:
invoke-rc.d samba4 stop
invoke-rc.d univention-s4-connector stop

5. Move/Delete Samba 4 and S4-Connector data on DC Master

find /etc/univention/connector/ \( -name "s4*.sqlite" -o -name "lockingdb.sqlite" \) -exec mv "{}" "{}.bak_$(date +%s)" \;

rm -f /var/lib/univention-connector/s4/*
mv /var/lib/samba/private "/var/lib/samba/private.bak_$(date +%s)"

6. Remove Samba 4 and S4-Connector packages on DC Master

univention-remove univention-samba4 univention-s4-connector

7. Set needed UCR-Variables for re-provision on DC Master

ucr set connector/s4/mapping/group/grouptype='false' \
connector/s4/mapping/sid_to_s4='true' \
samba4/provision/primary='true'

8. Install Samba 4 and S4-Connector packkages on DC Master

univention-install univention-s4-connector univention-samba4

9. Remove UCR variables which were set for re-provision on DC Master

ucr unset samba4/provision/primary \
connector/s4/mapping/sid_to_s4

10. Correct newly created RID-Pool with the help of the saved data on DC Master

A new RID-Pool was created by re-provision - it has to be corrected with the help of tha saved data - see pt.3:

ldbedit -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)"

The following attributes has to be corrected:

rIDAllocationPool
rIDPreviousAllocationPool
rIDNextRID

Please also see SDB-Artikel {.intfaqlink}Samba 4 - RID Pool renewal

After the steps 1-10 the (test)-system should be rebooted and tested.

If there were other systems using samba 4 in this environment, all of them have to be re-joined!


Samba4 DC-Master funktioniert nicht
Sdb.univention.de
Probleme mit fehlenden "_ldap._tcp.dc._msdcs" DNS-Einträgen
System-Fehlerdiagnose
System-Fehlerdiagnose Überprüfe Kerberos authentifizierte DNS Updates[gelöst]
Can't join Domain after Takeover - Small Business Server (SBS)