Samba 4rc3 join to existing domain errors // Kerberos related ?
Joe Comeaux
joe.comeaux at worleyco.com
Thu Oct 25 20:06:34 MDT 2012
> From: "Matthieu Patou" Wednesday, October 24, 2012 11:45:34 PM
> What worries me much with your provision is the
> tdb_mmap failed for size -39583744 (Cannot allocate memory)
> You should run a samba-tool dbcheck on it and tell us what's going
> on.
When upgrading from beta5 to beta8, I remember doing a dbcheck --fix on the database which seemed to resolve a bunch of the corrupted objects. The tdb_mmap errors have existed for months, but never seemed to have an impact, so I ignored them.
The corrupted objects were all basically just missing GUID components, --fix did the trick to remedy all of those erros (44 since the last time it was run).
I ran dbcheck three times in total. Once by itself, it reported 44 problems, once with --fix which fixed the 44 problems, and one after that which reported no problems (although it did spit up the nasty tdb_mmap error).
root at atlas:/usr/local/samba# (kill samba process)
root at atlas:/usr/local/samba# /usr/local/samba/bin/samba-tool dbcheck
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=WCRHAMMOND,DC=WORLEYCO,DC=SMB.ldb): tdb_mmap failed for size -39583744 (Cannot allocate memory)
Checking 17061 objects
ERROR: missing GUID component for objectCategory in object CN=daily_dashboard,OU=Groups,DC=wcrhammond,DC=worleyco,DC=smb - CN=Group,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
ERROR: missing GUID component for objectCategory in object CN=W011069-hp Las0029162905,CN=W011069,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Print-Queue,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
ERROR: missing GUID component for objectCategory in object CN=W012077,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
ERROR: missing GUID component for objectCategory in object CN=JCOMEAUX,OU=Domain Controllers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
ERROR: missing GUID component for objectCategory in object OU=A,OU=Adjusters,OU=Worley,DC=wcrhammond,DC=worleyco,DC=smb - CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
... ( various lines cut -- mostly recently created OU's )
ERROR: missing GUID component for objectCategory in object CN=W011656,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
ERROR: missing GUID component for objectCategory in object CN=W011048,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Not fixing missing GUID
Please use --fix to fix these errors
Checked 17061 objects (44 errors)
root at atlas:/usr/local/samba# date;/usr/local/samba/bin/samba-tool dbcheck --fix;date
Thu Oct 25 20:23:48 CDT 2012
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=WCRHAMMOND,DC=WORLEYCO,DC=SMB.ldb): tdb_mmap failed for size -39583744 (Cannot allocate memory)
Checking 17061 objects
ERROR: missing GUID component for objectCategory in object CN=daily_dashboard,OU=Groups,DC=wcrhammond,DC=worleyco,DC=smb - CN=Group,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=7a7a2d24-0eae-4910-bd5c-5489015b084f>;CN=Group,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [y/N/all/none] all
Fixed missing GUID on attribute objectCategory
ERROR: missing GUID component for objectCategory in object CN=W011069-hp Las0029162905,CN=W011069,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Print-Queue,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=a3fdeb2a-864c-4cf4-9dbe-dacccc7ed584>;CN=Print-Queue,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
ERROR: missing GUID component for objectCategory in object CN=W012077,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=9e973d36-cc8d-4b31-9206-0b37d0958cc5>;CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
ERROR: missing GUID component for objectCategory in object CN=JCOMEAUX,OU=Domain Controllers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=9e973d36-cc8d-4b31-9206-0b37d0958cc5>;CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
ERROR: missing GUID component for objectCategory in object OU=A,OU=Adjusters,OU=Worley,DC=wcrhammond,DC=worleyco,DC=smb - CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=cb6d8669-89ff-40a8-a53a-53f612c29bf2>;CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
... ( various lines cut -- mostly recently created OU's )
ERROR: missing GUID component for objectCategory in object CN=W011656,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=9e973d36-cc8d-4b31-9206-0b37d0958cc5>;CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
ERROR: missing GUID component for objectCategory in object CN=W011048,CN=Computers,DC=wcrhammond,DC=worleyco,DC=smb - CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb
Change DN to <GUID=9e973d36-cc8d-4b31-9206-0b37d0958cc5>;CN=Computer,CN=Schema,CN=Configuration,DC=wcrhammond,DC=worleyco,DC=smb? [YES]
Fixed missing GUID on attribute objectCategory
Checked 17061 objects (44 errors)
Thu Oct 25 20:29:20 CDT 2012
root at atlas:/usr/local/samba# date;/usr/local/samba/bin/samba-tool dbcheck --fix;date
Thu Oct 25 20:29:36 CDT 2012
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=WCRHAMMOND,DC=WORLEYCO,DC=SMB.ldb): tdb_mmap failed for size -39583744 (Cannot allocate memory)
Checking 17061 objects
Checked 17061 objects (0 errors)
Thu Oct 25 20:35:01 CDT 2012
> Also what kinit administrator at REALM returns on the atlas host ?
root at atlas:~# klist -e
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
root at atlas:~# kinit administrator at WCRHAMMOND.WORLEYCO.SMB
kinit: Cannot contact any KDC for realm 'WCRHAMMOND.WORLEYCO.SMB' while getting initial credentials
root at atlas:~# /usr/local/samba/sbin/samba
root at atlas:~# kinit administrator at WCRHAMMOND.WORLEYCO.SMB
Password for administrator at WCRHAMMOND.WORLEYCO.SMB:
root at atlas:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at WCRHAMMOND.WORLEYCO.SMB
Valid starting Expires Service principal
10/25/12 20:45:29 10/26/12 06:45:29 krbtgt/WCRHAMMOND.WORLEYCO.SMB at WCRHAMMOND.WORLEYCO.SMB
renew until 10/26/12 20:45:23, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
I dont have any problems running kinit to create the administrator principal on either the original samba server or the new samba server. The first attempt to run kinit was while there was no samba process running, which confirmed for me that samba was controlling the kerberos authentication.
After doing all of the above, the samba_dnsupdate errors persist on both the original server (samba4beta8) "kinit for ATLAS$@WCRHAMMOND.WORLEYCO.SMB failed (Clients credentials have been revoked)", as well as on the new samba4rc3 server "Check your Kerberos ticket, it may have expired" .
Any ideas on what to do next?
Thanks
-Joe
More information about the samba-technical
mailing list