DNS scavenging, big DCDOMAINZONES ldb etc.

Лыков Михаил combr at samges.ru
Wed Jul 29 13:27:00 UTC 2015 

29.07.2015 14:33, Stefan Metzmacher пишет:

>> Is it true?
> https://bugzilla.samba.org/show_bug.cgi?id=10749 was fixed in 4.1.12.
> But https://bugzilla.samba.org/show_bug.cgi?id=10812 is still open,
> but that's not as critical.

Ok, thanks.
On new version records not grow insanely, but old records will be still 
here until i delete it as below?

> Grep the objectGUID from all deleted objects on *one* dc

I have a search result like

# record 1
dn: DC=SAMG62\0ADEL:c39c5d9f-2dca-437d-832e-f57830f02fa5,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
isDeleted: TRUE

# record 2
dn: DC=SAMG122\0ADEL:22f9115b-1ee2-4f56-9dd7-8b728c66b8e2,CN=Deleted 
Objects,DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
isDeleted: TRUE

Where is I find that ObjectGUID-s?

> and write a write that removes all of them by using
> '<GUID=${objectGUID}>' as
> dn, you'll need to use the show deleted and relax controlls.

I'm not sure that I understand this part correctly, can you explain how 
to get that GUID list and what a command to remove its?

If I have 2 DC's, may I run this online on one, that on two then?

> The removing step needs to run on all servers (not at the same time),
> but you need to use exactly the same list of objectGUIDs on all servers.
>
> Do that on one server at a time, maybe offline directly on the sam.ldb
> The server will be busy a hours or days.... The 'TDB_NO_FSYNC=1' env var
> might
> speed it up but we lead to corruption on a hard reset of the box.

Ok, it's clear.

> If that's done you can do the following (OFFLINE! check with lsof -n
> |grep ldb)
>
> cd /var/lib/samba/private/sam.ldb.d/
> mv DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb
> DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig
> tdbbackup DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig
> tdbbackup DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak
> rm DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak
> mv DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig.bak.bak
> DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb
>
> tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb | md5sum
> and
> tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig
>
> should match now...

maybe
tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb | md5sum
  and
tdbdump DC=DOMAINDNSZONES,DC=DC,DC=SAMGES,DC=RU.ldb.orig | md5sum

?

>> And what about a sysvol replication (some offtopic), now it done by cron
>> + rsync, it is realized internally?
> No not yet.

I got it.


-- 
Mike Lykov, system administrator

More information about the samba-technical mailing list