[Samba] replication issues solved by adding GUID names to /etc/hosts

L.P.H. van Belle belle at bazuin.nl
Wed Aug 27 04:10:28 MDT 2014 


Good one, that one i didnt check yet.. 
and argg... damn.. what the... 

Now im getting crazy... 

* Result for [DOMAIN]: FAILURE
Attributes found only in ldap://dc1.internal.domain.tld
	serverState
	msDS-NcType

* Result for [CONFIGURATION]: FAILURE
Attributes found only in ldap://dc1.internal.domain.tld
	subRefs
	msDS-NcType

* Result for [SCHEMA]: FAILURE
Attributes found only in ldap://dc1.internal.domain.tld
	msDS-NcType

* Result for [DNSFOREST]: FAILURE
Attributes found only in ldap://dc1.internal.domain.tld
    msDS-NcType

ERROR: Compare failed: -1


Damn same here 
samba-tool drs showrepl 
success.... 

so i can't trust the samba-tool :-(( ... 

but thanks.. now im into fixing 

Greetz.. 

Louis

>-----Oorspronkelijk bericht-----
>Van: heupink at merit.unu.edu 
>[mailto:samba-bounces at lists.samba.org] Namens mourik jan 
>heupink - merit
>Verzonden: woensdag 27 augustus 2014 11:34
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] replication issues solved by adding 
>GUID names to /etc/hosts
>
>Hi Louis,
>
>Ok, thanks for these instruction. I'll update the files, and my own 
>documentation to include all this.
>
>Nowadays I don't only check replication with samba-tool drs showrepl, 
>because we have had issues (which were solved using the EXCELLENT 
>support from sernet!) where showrepl showed no errors, but in fact the 
>DomainDnsZones were NOT in sync.
>
>So, in addition to showrepl I also use
>
>samba-tool ldapcmp ldap://dc2.samba.company.com 
>ldap://dc4.samba.company.com
>
>If that one also gives only "SUCCESS" then I trust my replication.
>
>I'm planning to write a little script to automatically verify my 
>databases regularly using the above two methods. If corruption ever 
>occurs again, I'd like to know about it immediately.
>
>Mourik Jan
>
>On 8/27/2014 11:15, L.P.H. van Belle wrote:
>> Hai Mourik Jan,
>>
>> the hosts file.
>> set it for all your servers like :
>> 127.0.0.1    localhost (optional with: localhost.localdomain 
>  ( <== as is dont change localdomain ) )
>> 192.87.x.y   dc4.company.com       dc4
>>
>> the 127.0.1.1 was put in your hosts because you installed 
>with a DHCP ip number at install and not a static ip.
>>
>> and for the resolv.conf
>>
>> search company.com
>> nameserver 192.87.x.y5 (=dc2)
>> nameserver 192.87.x.y4 (=dc4)
>>
>> nameserver 192.87.x.1 (=caching external dns)   ( <  should 
>not be needed, if you have the forwarders in bind )
>> but imo cant harm, os resolving looks in resolv.conf and 
>processes in that order.
>>
>> and i suggest you check the dns entries with the windows 
>tool for dc2 and dc4 check the A and PTR records.
>> If all is set ok, reboot the servers.
>> and check again with samba-tool drs showrepl
>>
>> Louis
>>
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: heupink at merit.unu.edu
>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>> heupink - merit
>>> Verzonden: woensdag 27 augustus 2014 10:39
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>> GUID names to /etc/hosts
>>>
>>> Hi Louis,
>>>
>>> I tested name resolution using "host GUID._msdcs..." with all the
>>> correct answers on all dc's, only ping failed.
>>>
>>> I now notice a small (but vital?) difference between 
>/etc/hosts on the
>>> two DC's, and also in /etc/resolv.conf
>>>
>>> root at dc4:~# cat /etc/hosts
>>> 127.0.0.1       localhost
>>> 192.87.x.y   dc4.company.com       dc4
>>>
>>> # The following lines are desirable for IPv6 capable hosts
>>> ::1     localhost ip6-localhost ip6-loopback
>>> ff02::1 ip6-allnodes
>>> ff02::2 ip6-allrouters
>>> root at dc4:~# cat /etc/resolv.conf
>>> search company.com
>>> nameserver 192.87.x.y5 (=dc2)
>>> nameserver 192.87.x.y4 (=dc4)
>>> nameserver 192.87.x.1 (=caching external dns)
>>>
>>>
>>> root at DC2:~# cat /etc/hosts
>>> 127.0.0.1       localhost
>>> 127.0.1.1       DC2.company.com       DC2
>>>
>>> # The following lines are desirable for IPv6 capable hosts
>>> ::1     localhost ip6-localhost ip6-loopback
>>> ff02::1 ip6-allnodes
>>> ff02::2 ip6-allrouters
>>> root at DC2:~# cat /etc/resolv.conf
>>> nameserver 192.87.x.y4 (=dc4)
>>> nameserver 192.87.x.y5 (=dc2)
>>> nameserver 192.87.x.1 (=caching external dns)
>>> root at DC2:~#
>>>
>>> (obviously these are /etc/hosts before I added the GUID._msdcs...)
>>>
>>> Could these small differences (127.0.1.1 vs 192.87.x.y) and (search
>>> company.com vs no search) be responsible for the observed behaviour?
>>>
>>> MJ
>>>
>>> On 8/27/2014 10:15, L.P.H. van Belle wrote:
>>>> Ok.. wel and your sure the resolv.conf is correct?
>>>> cat you post the hosts file and resolv.conf file. just to be sure.
>>>>
>>>> i noticed, ( sernet samba) that after adding a DC, the
>>> replication didnt work right a way.
>>>> It needed a restart of the server. This was tested with
>>> server samba 4.1.4-4.1.9
>>>> and after the restart replication started working.
>>>>
>>>> Greetz,
>>>>
>>>> Louis
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: heupink at merit.unu.edu
>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>> heupink - merit
>>>>> Verzonden: woensdag 27 augustus 2014 10:08
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>> GUID names to /etc/hosts
>>>>>
>>>>> Hi,
>>>>>
>>>>> Yes, what I'm saying is not that without the guid's in /etc/hosts
>>>>> replication will give errors. (we have had successful
>>> replication here
>>>>> as well)
>>>>>
>>>>> What I'm saying is, that there were some remaining 
>WERR_BADFILE repl
>>>>> errors after adding a new dc. After waiting hours, 
>restarting samba
>>>>> several times these did not go away.
>>>>>
>>>>> Then I read the post I mentioned, and added the GUID's to
>>> /etc/hosts,
>>>>> and immediately my WERR_BADFILE errors disappeared.
>>>>>
>>>>> I no expert, and again: we've always had successful
>>>>> replication here as
>>>>> well, without the entries in /etc/hosts. But these errors
>>>>> remained, and
>>>>> disappeared immediately after editing /etc/hosts.
>>>>>
>>>>> Plus there have been some more similar reports on this
>>> list, I'd say:
>>>>> where there is smoke, there is a fire.
>>>>>
>>>>> Some 'evidence' from the list archives, three different
>>>>> threads over the
>>>>> last year, similar problem, all sharing the same solution:
>>>>>
>>>>> http://marc.info/?l=samba&m=137032630404682&w=2
>>>>> http://marc.info/?l=samba&m=137003992508143&w=2
>>>>> http://marc.info/?l=samba&m=137000020326397&w=2
>>>>>
>>>>> Again: not saying that it will never work without the entries in
>>>>> /etc/hosts, but...
>>>>>
>>>>> Kind regards,
>>>>> Mourik Jan
>>>>>
>>>>> On 8/27/2014 8:22, L.P.H. van Belle wrote:
>>>>>> Hai Mourik Jan,
>>>>>>
>>>>>>
>>>>>> host
>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>
>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>> is an alias for rtd-dc1.internal.domain.tld.
>>>>>> rtd-dc1.internal.domain.tld has address 192.168.0.1
>>>>>> root at rtd-dc1:~# ping
>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>> ping: unknown host
>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>
>>>>>> and samba-tool drs showrepl shows 0 errors.
>>>>>>
>>>>>> Greetz,
>>>>>>
>>>>>> Louis
>>>>>>
>>>>>>
>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>> Van: heupink at merit.unu.edu
>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>> heupink - merit
>>>>>>> Verzonden: dinsdag 26 augustus 2014 22:59
>>>>>>> Aan: Chan Min Wai; Marc Muehlfeld
>>>>>>> CC: samba at lists.samba.org
>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>> GUID names to /etc/hosts
>>>>>>>
>>>>>>> Well, I can only tell you what I observed.
>>>>>>>
>>>>>>> Does ping to the GUID name of your DC's work on your
>>>>> install? And for
>>>>>>> others here? I am on regular fresh installed wheezy x64.
>>>>>>>
>>>>>>> MJ
>>>>>>>
>>>>>>> On 08/26/2014 09:06 PM, Chan Min Wai wrote:
>>>>>>>> Dear Mourik Jan,
>>>>>>>>
>>>>>>>> I would have to say that something was not right on your
>>>>>>> system library.
>>>>>>>> I'm sorry that I cannot tell you which one.
>>>>>>>>
>>>>>>>> I was having this issue on my gentoo and recently found the
>>>>>>> problem was
>>>>>>>> with my LDflags..
>>>>>>>> I've to comment the one I normally use and leave it as 
>default..
>>>>>>>>
>>>>>>>> Where other are basically unchanged...
>>>>>>>>
>>>>>>>> And now my DC can replicate between each other without the
>>>>> /etc/hosts
>>>>>>>> modification.
>>>>>>>>
>>>>>>>> Hope this help....
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 27, 2014 at 2:36 AM, Marc Muehlfeld
>>>>> <mmuehlfeld at samba.org
>>>>>>>> <mailto:mmuehlfeld at samba.org>> wrote:
>>>>>>>>
>>>>>>>>        Hello Mourik Jan,
>>>>>>>>
>>>>>>>>
>>>>>>>>        Am 26.08.2014 20:24, schrieb mourik jan heupink - merit:
>>>>>>>>         > We were having replication issues on wheezy with
>>>>>>> sernet-samba-4.1.11.
>>>>>>>>         >
>>>>>>>>         > Searching the list I found the following post:
>>>>>>>>         > http://marc.info/?l=samba&m=136999742625184&w=2
>>>>>>>>         >
>>>>>>>>         > It says basically that if you are unable to *ping*
>>>>>>> the GUID names for
>>>>>>>>         > your dc's, you might be experiencing a glibc
>>>>> error, where dns
>>>>>>>>        names with
>>>>>>>>         > an underscore are not properly resolved.
>>>>>>>>         >
>>>>>>>>         > Note: dns is basically correct, 'host' gives all the
>>>>>>> correct answers,
>>>>>>>>         > samba_dnsupdate on all dc's says: no dns updates
>>>>> are needed.
>>>>>>>>         >
>>>>>>>>         > The fix in the post, is to add GUID names to
>>>>>>> /etc/hosts which I
>>>>>>>>        did on
>>>>>>>>         > my dc's, and then all of a sudden ping started
>>>>> working like it
>>>>>>>>        should.
>>>>>>>>         > But ALSO replication! Our 'WERR_BADFILE' errors
>>>>> are gone now.
>>>>>>>>         >
>>>>>>>>         > Now, is this not something that should be much more
>>>>>>> prominent in
>>>>>>>>        the docs?
>>>>>>>>
>>>>>>>>        Thanks for providing this information. I'll try finding
>>>>>>> out more about
>>>>>>>>        that and add it to the documentation.
>>>>>>>>
>>>>>>>>
>>>>>>>>        Regards,
>>>>>>>>        Marc
>>>>>>>>        --
>>>>>>>>        To unsubscribe from this list go to the following URL
>>>>>>> and read the
>>>>>>>>        instructions: 
>https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL 
>and read the
>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>>>
>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list