[Samba] Samba 4 Cleanup Managing and Otherwise

tms3 at tms3.com tms3 at tms3.com
Fri Jun 18 07:06:55 MDT 2010 




>
> --- Original message ---
> Subject: Re: [Samba] Samba 4 Cleanup Managing and Otherwise
> From: Michael Wood <esiotrot at gmail.com>
> To: <tms3 at tms3.com>
> Cc: <samba at lists.samba.org>
> Date: Friday, 18/06/2010  5:34 AM
>
> On 17 June 2010 04:49,  <tms3 at tms3.com> wrote:
>>
>> OK, there has got to be a way to work with this thing other than 
>> wiping the
>> Domain every time an error pops up.
>>
>> Trying to resolve problems I did a git upgrade and:
>>
>> setup# /usr/local/samba/sbin/upgradeprovision
>>
>> Which provided the unhelpful:
>>
>> Found 3 domain controllers, for the moment upgradeprovision is not 
>> able to
>> handle upgrade on domain with more than one DC, please demote the 
>> other(s)
>> DC(s) before upgrading
>>
>> As I am actually trying to clean up an orphaned DC due to the fact 
>> that
>> dcpromo fails to remove AD from a windows server I am in even worse 
>> shape
>> than before the git upgrade.
>>
>> As I don't have unlimited funds, and the M$ software is outrageously
>> expensive, I can't keep blowing Windows servers out and reprovisioning 
>> them.
>>
>> Any ideas would be greatly appreciated here.
>
> Maybe running ldapcmp against the samba box and the Windows box will
> tell you something.  Also, maybe what you could do is get an LDIF
> export of the directory, then add another Samba box to the domain and
> get another LDIF export and compare them to see what was added.  Then
> you should be able to know exactly what needs to be deleted again
> afterwards.

Interestingly, after I wrote the above, I accessed the W2K3R2 DC and 
was able to use "sites and services" to delete the NTDS settings under 
the still listed orphaned DC, then go about manually deleting it from 
the rep lists for each server, then actually delete the server itself 
from the list, which is better than I was able to do.  It is now gone 
and Samba4 is no longer calling for it.

However, I am in a quandry over this mess now:

Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for 
CN=Schema,CN=Configuration,DC=tms3,DC=com - 
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for 
CN=Schema,CN=Configuration,DC=tms3,DC=com - 
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for 
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER : 
WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for 
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER : 
WERR_INVALID_PARAM

It has been suggested that it is a kerberos problem, but I'm stymied 
as to WHAT the problem is:

root at T3:/usr/local/samba/var# kinit administrator at TMS3.COM
administrator at TMS3.COM's Password:
root at T3:/usr/local/samba/var# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: administrator at TMS3.COM

  Issued           Expires          Principal
Jun 18 06:05:36  Jun 18 16:05:36  krbtgt/TMS3.COM at TMS3.COM
root at T3:/usr/local/samba/var#

Anywho, enough poking around for now.

Cheers,

TMS III


>
>
> I haven't had a chance to try the above yet, though.
>
> P.S.  I know the upgradeprovision script is being worked on at the
> moment, so this might all be fixed soon, but maybe you should mention
> it on the samba-technical list.
>
> --
> Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list