Multi DC domain issues

Chris Alavoine chrisa at acs-info.co.uk
Wed Oct 1 05:34:16 MDT 2014 

Hi Stefan,

Thanks for this very interesting info.

Unfortunately, I cannot at present get beyond version 4.1.8 on Ubuntu
12.04. When I restart samba after compiling it refuses to start. I haven't
had time to fully debug this yet, but am going to attempt a clean build /
compile in my test lab and see how far I can get.

I am using Samba Internal DNS, and my attempts at moving to Bind DLZ on my
test setup have so far proven fruitless.

Can you see any danger in me attempted to delete the isDeleted records
using the above method (even on Samba Internal DNS)? At moment I have
lowered my tombstoneLifetime on all DC's to 15 and the number of records is
slowly reducing on a number of them. Some of them appear to broken as they
are stuck and not reducing at all.

Thanks,
Chris.


On 1 October 2014 12:23, Stefan (metze) Metzmacher <metze at samba.org> wrote:

> Hi Chris,
>
> your problem was fixed via
> https://bugzilla.samba.org/show_bug.cgi?id=10749
> in 4.1.12.
>
> Am 23.09.2014 um 14:58 schrieb Chris Alavoine:
> > Some extra info.
> >
> > When I try a join (via a working DC) I get this:
> >
> > Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> > objects[63919/322492] linked_values[0/0]
> > Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> > objects[64321/322492] linked_values[0/0]
> > Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> > objects[64723/322492] linked_values[0/0]
> > Partition[DC=DomainDnsZones,DC=essence,DC=internal,DC=com]
> > objects[65125/322492] linked_values[0/0]
> >
> > As you can see there are 322492 objects in DomainDnsZones which takes a
> > long time to complete. Have checked here:
> >
> > /usr/local/samba/private/sam.ldb.d/
> >
> > And this is the contents:
> >
> > /usr/local/samba/private/sam.ldb.d# ls -ltrh
> > total 4.1G
> > -rw-r----- 1 root root 812K Sep 23 08:38 metadata.tdb
> > -rw------- 1 root root  10M Sep 23 08:44
> > CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root 4.1M Sep 23 08:48
> > DC=FORESTDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root 4.0G Sep 23 08:50
> > DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root  10M Sep 23 08:50
> > CN=SCHEMA,CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root  38M Sep 23 08:51
> DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> >
> > On my broken FSMO DC this is the same folder:
> >
> > /usr/local/samba/private/sam.ldb.d# ls -ltrh
> > total 3.1G
> > -rw-r----- 1 root root 412K Sep 23 13:00 metadata.tdb
> > -rw------- 1 root root  16M Sep 23 13:03
> > CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root 4.1M Sep 23 13:48
> > DC=FORESTDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root  10M Sep 23 13:50
> > CN=SCHEMA,CN=CONFIGURATION,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root  86M Sep 23 13:50
> DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> > -rw------- 1 root root 3.0G Sep 23 13:50
> > DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> >
> > Also, when I try and join another DC via the FSMO DC there are only
> 88,000
> > objects in DomainDnsZones.
> >
> > I know that I don't have that many entries in my DNS, is there any way I
> > can reduce the overhead on this? Safely?
>
> The trick is to remove all deleted objects
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -s one -b 'CN=Deleted
> Objects,DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM' --show-recycled
> objectGUID > deleted.ldif
>
> for each objectGUID value you get out of 'grep objectGUID deleted.ldif'
> you need to run something like this:
>
> ldbdel -H /var/lib/samba/private/sam.ldb --show-recycled --relax
> '<GUID=4fdf6aab-344d-42b8-8d09-c6bc45765953>'
>
> You need do that on every DC and can be run online.
> (better not on all DCs at the same time...)
>
> This will take a few days to complete.
>
> Take a look at 'tdbtool
> DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb info'
> from time to time to see much records are still in the file.
> Note that the filesize on disk stays that large.
>
> At the end need to run the following OFFLINE, making sure
> no samba/smbd related process is running anymore!!!
> And make sure you have enough diskspace the
> DC=DOMAINDNSZONES,DC=EXAMPLE,DC=INTERNAL,DC=COM.ldb
> needs to fit 2 additional times.
>
> OFFLINE!!!
>
>
> tdbbackup DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb
> tdbbackup DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak
>
> tdbdump DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb | md5sum
> tdbdump DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak.bak | md5sum
>
> If the md5sums are the same go on:
>
> mv DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb
> DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.orig
> mv DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb.bak.bak
> DC\=DOMAINDNSZONES\,DC\=EXAMPLE\,DC\=COM.ldb
>
> Keep backups!
>
> metze
>
>


-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

More information about the samba-technical mailing list