Univention Corporate Server (UCS) » Services for Windows

ID #1353

Re-Provisioning Samba4 on a UCS@school DC Master

Produktlogo UCS UCS 4


This article describes the re-provision of a Samba 4 on a UCS@school DC Master. For a non-UCS@school environment http://sdb.univention.de/1282 should be used.



Several Samba 4 data is either lost or or corrupt

The LDB-Data of  Samba 4 (z.B. /var/lib/samba/private/sam.ldb) is corrupted/broken/lost and Samba 4 has to be re-provisioned.



Samba 4 can be re-provisioned with the help of the existing LDAP data

The following steps will describe the needed procedure:



1. Stop Samba 4 on all connected in the environment

If there are other Samba 4 systems available, samba 4 has to be stopped there - the nameing of the init scripts changed to UCS 4 - both variants are explained:

# UCS 4:
invoke-rc.d samba stop
# UCS 3:
invoke-rc.d samba4 stop

2. Sync time on DC Master:
rdate ptbtime1.ptb.de
3. Save RID Pools on DC Master:

ldbsearch -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)" > /root/ridpool.ldif

4. Stop Samba 4 and S4-Connector on DC Master:

# UCS 4:
invoke-rc.d samba stop
invoke-rc.d univention-s4-connector stop
# UCS 3:
invoke-rc.d samba4 stop
invoke-rc.d univention-s4-connector stop

5. Move/Delete Samba 4 and S4-Connector data on DC Master:
find /etc/univention/connector/ \( -name "s4*.sqlite" -o -name "lockingdb.sqlite" \) -exec mv "{}" "{}.bak_$(date +%s)" \;
rm -f /var/lib/univention-connector/s4/*
mv /var/lib/samba/private "/var/lib/samba/private.bak_$(date +%s)"
6. Remove Samba 4 and S4-Connector packages on DC Master:

univention-remove univention-samba4 univention-s4-connector

7. Set UCS variables for re-provision on DC Master:

ucr set connector/s4/allow/secondary='true' \

8. Install Samba 4 and S4-Connector packkages on DC Master:

univention-install univention-s4-connector univention-samba4

9. Correct newly created RID-Pool with the help of the saved data on DC Master:

A new RID-Pool was created by re-provision - it has to be corrected with the help of tha saved data - see pt.3:

ldbedit -H /var/lib/samba/private/sam.ldb CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)"

The following attributes has to be corrected:


Please also see SDB-Artikel  Samba 4 - RID Pool renewal


After the steps 1-9 the (test)-system should be rebooted and tested.

If there were other systems using samba 4 in this environment, all of them have to be re-joined! These systems can be found by using the following search:

univention-ldapsearch -b cn=dc,cn=computers,$(ucr get ldap/base) \
    '(&(univentionService=Samba 4)(!(cn='$(ucr get hostname)')))' \
    cn | sed -ne 's|cn: ||p


Categories for this entry

Tags: samba 4, UCS@school

Related entries:

Last update: 2016-02-04 08:53
Author: Samba Maintainers
Revision: 1.3

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry