Univention Corporate Server (UCS) » Services for Windows

ID #1282

Re-Provisioning Samba4 on a DC Master

Produktlogo UCS UCS 4


This article describes the re-provision of a Samba 4 DC Master. Please see http://sdb.univention.de/1353 if a UCS@school environment is used.



Several Samba 4 data is either lost or or corrupt

The LDB-Data of  Samba 4 (z.B. /var/lib/samba/private/sam.ldb) is corrupted/broken/lost and Samba 4 has to be re-provisioned.



Samba 4 can be re-provisioned with the help of the existing LDAP data

The following steps will describe the needed procedure:



1. Stop Samba 4 on all connected systems in the environment

If there are other Samba 4 systems available, samba 4 has to be stopped there - the nameing of the init scripts changed to UCS 4 - both variants are explained:

# UCS 4:
invoke-rc.d samba stop
# UCS 3:
invoke-rc.d samba4 stop

2. Sync time on DC Master:
rdate ptbtime1.ptb.de
3. Save RID Pools on DC Master:

ldbsearch -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)" > /root/ridpool.ldif

4. Stop Samba 4 and S4-Connector on DC Master

# UCS 4:
invoke-rc.d samba stop
invoke-rc.d univention-s4-connector stop
# UCS 3:
invoke-rc.d samba4 stop
invoke-rc.d univention-s4-connector stop

5. Move/Delete Samba 4 and S4-Connector data on DC Master
find /etc/univention/connector/ \( -name "s4*.sqlite" -o -name "lockingdb.sqlite" \) -exec mv "{}" "{}.bak_$(date +%s)" \;
rm -f /var/lib/univention-connector/s4/*
mv /var/lib/samba/private "/var/lib/samba/private.bak_$(date +%s)"
6. Remove Samba 4 and S4-Connector packages on DC Master

univention-remove univention-samba4 univention-s4-connector

7. Set needed UCR-Variables for re-provision on DC Master

ucr set connector/s4/mapping/group/grouptype='false' \
connector/s4/mapping/sid_to_s4='true' \

8. Install Samba 4 and S4-Connector packkages on DC Master

univention-install univention-s4-connector univention-samba4

9. Remove UCR variables which were set for re-provision on DC Master

ucr unset samba4/provision/primary \

10. Correct newly created RID-Pool with the help of the saved data on DC Master

A new RID-Pool was created by re-provision - it has to be corrected with the help of tha saved data - see pt.3:

ldbedit -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)"

The following attributes has to be corrected:


Please also see SDB-Artikel  Samba 4 - RID Pool renewal


After the steps 1-10 the (test)-system should be rebooted and tested.

If there were other systems using samba 4 in this environment, all of them have to be re-joined!


Tags: UCS 4

Related entries:

Last update: 2016-02-04 08:53
Author: Samba Maintainers
Revision: 1.10

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 4 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry