DNS scavenging, big DCDOMAINZONES ldb etc.

Stefan Metzmacher metze at samba.org
Wed Jul 29 10:33:25 UTC 2015 

Am 29.07.2015 um 11:45 schrieb Лыков Михаил:
> Hi all list members!
> 
> I encounter a problem with size and growth a
> /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb
> file, and after googling I see that problem is a common.
> 
> I setup a 2 debian servers with 2 DC's, unfortunately before jessie
> release, and i have a 4.1.9+dfsg-1~bpo70 samba release from
> wheezy-backports in production.
> 
> Domain size is around 150 workstations now, and ldb size like 500Mbs
> 
> on dc1 I have a
> 
> ldbsearch -H
> /var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb
> 'isDeleted' dn
> # 81723 entries
> on dc2 it is
> # 81718 entries
> 
> In dns zones properties (on windows client) I try to set(enable)  a
> scavenging properties and get an "function unimplemented" responce.
> 
> After googling and trying to find an some actual info (among 2-5 years
> ago posts) I found that in current jessie version (4.1.17) this problem
> may be resolved.
> 
> Is it true?

https://bugzilla.samba.org/show_bug.cgi?id=10749 was fixed in 4.1.12.

But https://bugzilla.samba.org/show_bug.cgi?id=10812 is still open,
but that's not as critical.

> If so, are there an upgrade-and-configure instructions?
> 
> Is I must setup a new DC, join it, then second new DC, transfer roles
> and shut down and old DCs?

Grep the objectGUID from all deleted objects on *one* dc
and write a write that removes all of them by using
'<GUID=${objectGUID}>' as
dn, you'll need to use the show deleted and relax controlls.
The removing step needs to run on all servers (not at the same time),
but you need to use exactly the same list of objectGUIDs on all servers.

Do that on one server at a time, maybe offline directly on the sam.ldb
The server will be busy a hours or days.... The 'TDB_NO_FSYNC=1' env var
might
speed it up but we lead to corruption on a hard reset of the box.

If that's done you can do the following (OFFLINE! check with lsof -n
|grep ldb)

cd /var/lib/samba/private/sam.ldb.d/
mv DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb
DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig
tdbbackup DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig
tdbbackup DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak
rm DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak
mv DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak.bak
DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb

tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb | md5sum
and
tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig

should match now...

> What about a scavenging properties enabling?

See https://bugzilla.samba.org/show_bug.cgi?id=10812, still TODO.

> And what about a sysvol replication (some offtopic), now it done by cron
> + rsync, it is realized internally?

No not yet.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150729/49cd8f94/signature.sig>

More information about the samba-technical mailing list