Multi DC domain issues

Stefan (metze) Metzmacher metze at samba.org
Wed Oct 1 05:23:50 MDT 2014 

Hi Chris,

your problem was fixed via https://bugzilla.samba.org/show_bug.cgi?id=10749
in 4.1.12.

Am 23.09.2014 um 14:58 schrieb Chris Alavoine:
> Some extra info.
> 
> When I try a join (via a working DC) I get this:
> 
> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> objects[63919/322492] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> objects[64321/322492] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> objects[64723/322492] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> objects[65125/322492] linked_values[0/0]
> 
> As you can see there are 322492 objects in DomainDnsZones which takes a
> long time to complete. Have checked here:
> 
> /usr/local/samba/private/sam.ldb.d/
> 
> And this is the contents:
> 
> /usr/local/samba/private/sam.ldb.d# ls -ltrh
> total 4.1G
> -rw-r----- 1 root root 812K Sep 23 08:38 metadata.tdb
> -rw------- 1 root root  10M Sep 23 08:44
> CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root 4.1M Sep 23 08:48
> DC=FORESTDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root 4.0G Sep 23 08:50
> DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root  10M Sep 23 08:50
> CN=SCHEMA,CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root  38M Sep 23 08:51 DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> 
> On my broken FSMO DC this is the same folder:
> 
> /usr/local/samba/private/sam.ldb.d# ls -ltrh
> total 3.1G
> -rw-r----- 1 root root 412K Sep 23 13:00 metadata.tdb
> -rw------- 1 root root  16M Sep 23 13:03
> CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root 4.1M Sep 23 13:48
> DC=FORESTDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root  10M Sep 23 13:50
> CN=SCHEMA,CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root  86M Sep 23 13:50 DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> -rw------- 1 root root 3.0G Sep 23 13:50
> DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> 
> Also, when I try and join another DC via the FSMO DC there are only 88,000
> objects in DomainDnsZones.
> 
> I know that I don't have that many entries in my DNS, is there any way I
> can reduce the overhead on this? Safely?

The trick is to remove all deleted objects

ldbsearch -H /var/lib/samba/private/sam.ldb -s one -b 'CN=Deleted
Objects,DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM' --show-recycled
objectGUID > deleted.ldif

for each objectGUID value you get out of 'grep objectGUID deleted.ldif'
you need to run something like this:

ldbdel -H /var/lib/samba/private/sam.ldb --show-recycled --relax
'<GUID=4fdf6aab-344d-42b8-8d09-c6bc45765953>'

You need do that on every DC and can be run online.
(better not on all DCs at the same time...)

This will take a few days to complete.

Take a look at 'tdbtool
DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb info'
from time to time to see much records are still in the file.
Note that the filesize on disk stays that large.

At the end need to run the following OFFLINE, making sure
no samba/smbd related process is running anymore!!!
And make sure you have enough diskspace the
DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
needs to fit 2 additional times.

OFFLINE!!!


tdbbackup DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb
tdbbackup DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak

tdbdump DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb | md5sum
tdbdump DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak.bak | md5sum

If the md5sums are the same go on:

mv DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb
DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.orig
mv DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak.bak
DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb

Keep backups!

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141001/c3ef653c/attachment.pgp>

More information about the samba-technical mailing list