[Samba] replication issues solved by adding GUID names to /etc/hosts

mourik jan heupink - merit heupink at merit.unu.edu
Wed Aug 27 04:20:18 MDT 2014 

Disturbing, isn't it??

On 8/27/2014 12:10, L.P.H. van Belle wrote:
>
>
> Good one, that one i didnt check yet..
> and argg... damn.. what the...
>
> Now im getting crazy...
>
> * Result for [DOMAIN]: FAILURE
> Attributes found only in ldap://dc1.internal.domain.tld
> 	serverState
> 	msDS-NcType
>
> * Result for [CONFIGURATION]: FAILURE
> Attributes found only in ldap://dc1.internal.domain.tld
> 	subRefs
> 	msDS-NcType
>
> * Result for [SCHEMA]: FAILURE
> Attributes found only in ldap://dc1.internal.domain.tld
> 	msDS-NcType
>
> * Result for [DNSFOREST]: FAILURE
> Attributes found only in ldap://dc1.internal.domain.tld
>      msDS-NcType
>
> ERROR: Compare failed: -1
>
>
> Damn same here
> samba-tool drs showrepl
> success....
>
> so i can't trust the samba-tool :-(( ...
>
> but thanks.. now im into fixing
>
> Greetz..
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: heupink at merit.unu.edu
>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink - merit
>> Verzonden: woensdag 27 augustus 2014 11:34
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] replication issues solved by adding
>> GUID names to /etc/hosts
>>
>> Hi Louis,
>>
>> Ok, thanks for these instruction. I'll update the files, and my own
>> documentation to include all this.
>>
>> Nowadays I don't only check replication with samba-tool drs showrepl,
>> because we have had issues (which were solved using the EXCELLENT
>> support from sernet!) where showrepl showed no errors, but in fact the
>> DomainDnsZones were NOT in sync.
>>
>> So, in addition to showrepl I also use
>>
>> samba-tool ldapcmp ldap://dc2.samba.company.com
>> ldap://dc4.samba.company.com
>>
>> If that one also gives only "SUCCESS" then I trust my replication.
>>
>> I'm planning to write a little script to automatically verify my
>> databases regularly using the above two methods. If corruption ever
>> occurs again, I'd like to know about it immediately.
>>
>> Mourik Jan
>>
>> On 8/27/2014 11:15, L.P.H. van Belle wrote:
>>> Hai Mourik Jan,
>>>
>>> the hosts file.
>>> set it for all your servers like :
>>> 127.0.0.1    localhost (optional with: localhost.localdomain
>>   ( <== as is dont change localdomain ) )
>>> 192.87.x.y   dc4.company.com       dc4
>>>
>>> the 127.0.1.1 was put in your hosts because you installed
>> with a DHCP ip number at install and not a static ip.
>>>
>>> and for the resolv.conf
>>>
>>> search company.com
>>> nameserver 192.87.x.y5 (=dc2)
>>> nameserver 192.87.x.y4 (=dc4)
>>>
>>> nameserver 192.87.x.1 (=caching external dns)   ( <  should
>> not be needed, if you have the forwarders in bind )
>>> but imo cant harm, os resolving looks in resolv.conf and
>> processes in that order.
>>>
>>> and i suggest you check the dns entries with the windows
>> tool for dc2 and dc4 check the A and PTR records.
>>> If all is set ok, reboot the servers.
>>> and check again with samba-tool drs showrepl
>>>
>>> Louis
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: heupink at merit.unu.edu
>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>> heupink - merit
>>>> Verzonden: woensdag 27 augustus 2014 10:39
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>> GUID names to /etc/hosts
>>>>
>>>> Hi Louis,
>>>>
>>>> I tested name resolution using "host GUID._msdcs..." with all the
>>>> correct answers on all dc's, only ping failed.
>>>>
>>>> I now notice a small (but vital?) difference between
>> /etc/hosts on the
>>>> two DC's, and also in /etc/resolv.conf
>>>>
>>>> root at dc4:~# cat /etc/hosts
>>>> 127.0.0.1       localhost
>>>> 192.87.x.y   dc4.company.com       dc4
>>>>
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1     localhost ip6-localhost ip6-loopback
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters
>>>> root at dc4:~# cat /etc/resolv.conf
>>>> search company.com
>>>> nameserver 192.87.x.y5 (=dc2)
>>>> nameserver 192.87.x.y4 (=dc4)
>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>
>>>>
>>>> root at DC2:~# cat /etc/hosts
>>>> 127.0.0.1       localhost
>>>> 127.0.1.1       DC2.company.com       DC2
>>>>
>>>> # The following lines are desirable for IPv6 capable hosts
>>>> ::1     localhost ip6-localhost ip6-loopback
>>>> ff02::1 ip6-allnodes
>>>> ff02::2 ip6-allrouters
>>>> root at DC2:~# cat /etc/resolv.conf
>>>> nameserver 192.87.x.y4 (=dc4)
>>>> nameserver 192.87.x.y5 (=dc2)
>>>> nameserver 192.87.x.1 (=caching external dns)
>>>> root at DC2:~#
>>>>
>>>> (obviously these are /etc/hosts before I added the GUID._msdcs...)
>>>>
>>>> Could these small differences (127.0.1.1 vs 192.87.x.y) and (search
>>>> company.com vs no search) be responsible for the observed behaviour?
>>>>
>>>> MJ
>>>>
>>>> On 8/27/2014 10:15, L.P.H. van Belle wrote:
>>>>> Ok.. wel and your sure the resolv.conf is correct?
>>>>> cat you post the hosts file and resolv.conf file. just to be sure.
>>>>>
>>>>> i noticed, ( sernet samba) that after adding a DC, the
>>>> replication didnt work right a way.
>>>>> It needed a restart of the server. This was tested with
>>>> server samba 4.1.4-4.1.9
>>>>> and after the restart replication started working.
>>>>>
>>>>> Greetz,
>>>>>
>>>>> Louis
>>>>>
>>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: heupink at merit.unu.edu
>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>> heupink - merit
>>>>>> Verzonden: woensdag 27 augustus 2014 10:08
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>> GUID names to /etc/hosts
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Yes, what I'm saying is not that without the guid's in /etc/hosts
>>>>>> replication will give errors. (we have had successful
>>>> replication here
>>>>>> as well)
>>>>>>
>>>>>> What I'm saying is, that there were some remaining
>> WERR_BADFILE repl
>>>>>> errors after adding a new dc. After waiting hours,
>> restarting samba
>>>>>> several times these did not go away.
>>>>>>
>>>>>> Then I read the post I mentioned, and added the GUID's to
>>>> /etc/hosts,
>>>>>> and immediately my WERR_BADFILE errors disappeared.
>>>>>>
>>>>>> I no expert, and again: we've always had successful
>>>>>> replication here as
>>>>>> well, without the entries in /etc/hosts. But these errors
>>>>>> remained, and
>>>>>> disappeared immediately after editing /etc/hosts.
>>>>>>
>>>>>> Plus there have been some more similar reports on this
>>>> list, I'd say:
>>>>>> where there is smoke, there is a fire.
>>>>>>
>>>>>> Some 'evidence' from the list archives, three different
>>>>>> threads over the
>>>>>> last year, similar problem, all sharing the same solution:
>>>>>>
>>>>>> http://marc.info/?l=samba&m=137032630404682&w=2
>>>>>> http://marc.info/?l=samba&m=137003992508143&w=2
>>>>>> http://marc.info/?l=samba&m=137000020326397&w=2
>>>>>>
>>>>>> Again: not saying that it will never work without the entries in
>>>>>> /etc/hosts, but...
>>>>>>
>>>>>> Kind regards,
>>>>>> Mourik Jan
>>>>>>
>>>>>> On 8/27/2014 8:22, L.P.H. van Belle wrote:
>>>>>>> Hai Mourik Jan,
>>>>>>>
>>>>>>>
>>>>>>> host
>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>
>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>> is an alias for rtd-dc1.internal.domain.tld.
>>>>>>> rtd-dc1.internal.domain.tld has address 192.168.0.1
>>>>>>> root at rtd-dc1:~# ping
>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>> ping: unknown host
>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>
>>>>>>> and samba-tool drs showrepl shows 0 errors.
>>>>>>>
>>>>>>> Greetz,
>>>>>>>
>>>>>>> Louis
>>>>>>>
>>>>>>>
>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>> heupink - merit
>>>>>>>> Verzonden: dinsdag 26 augustus 2014 22:59
>>>>>>>> Aan: Chan Min Wai; Marc Muehlfeld
>>>>>>>> CC: samba at lists.samba.org
>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>> GUID names to /etc/hosts
>>>>>>>>
>>>>>>>> Well, I can only tell you what I observed.
>>>>>>>>
>>>>>>>> Does ping to the GUID name of your DC's work on your
>>>>>> install? And for
>>>>>>>> others here? I am on regular fresh installed wheezy x64.
>>>>>>>>
>>>>>>>> MJ
>>>>>>>>
>>>>>>>> On 08/26/2014 09:06 PM, Chan Min Wai wrote:
>>>>>>>>> Dear Mourik Jan,
>>>>>>>>>
>>>>>>>>> I would have to say that something was not right on your
>>>>>>>> system library.
>>>>>>>>> I'm sorry that I cannot tell you which one.
>>>>>>>>>
>>>>>>>>> I was having this issue on my gentoo and recently found the
>>>>>>>> problem was
>>>>>>>>> with my LDflags..
>>>>>>>>> I've to comment the one I normally use and leave it as
>> default..
>>>>>>>>>
>>>>>>>>> Where other are basically unchanged...
>>>>>>>>>
>>>>>>>>> And now my DC can replicate between each other without the
>>>>>> /etc/hosts
>>>>>>>>> modification.
>>>>>>>>>
>>>>>>>>> Hope this help....
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Aug 27, 2014 at 2:36 AM, Marc Muehlfeld
>>>>>> <mmuehlfeld at samba.org
>>>>>>>>> <mailto:mmuehlfeld at samba.org>> wrote:
>>>>>>>>>
>>>>>>>>>         Hello Mourik Jan,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>         Am 26.08.2014 20:24, schrieb mourik jan heupink - merit:
>>>>>>>>>          > We were having replication issues on wheezy with
>>>>>>>> sernet-samba-4.1.11.
>>>>>>>>>          >
>>>>>>>>>          > Searching the list I found the following post:
>>>>>>>>>          > http://marc.info/?l=samba&m=136999742625184&w=2
>>>>>>>>>          >
>>>>>>>>>          > It says basically that if you are unable to *ping*
>>>>>>>> the GUID names for
>>>>>>>>>          > your dc's, you might be experiencing a glibc
>>>>>> error, where dns
>>>>>>>>>         names with
>>>>>>>>>          > an underscore are not properly resolved.
>>>>>>>>>          >
>>>>>>>>>          > Note: dns is basically correct, 'host' gives all the
>>>>>>>> correct answers,
>>>>>>>>>          > samba_dnsupdate on all dc's says: no dns updates
>>>>>> are needed.
>>>>>>>>>          >
>>>>>>>>>          > The fix in the post, is to add GUID names to
>>>>>>>> /etc/hosts which I
>>>>>>>>>         did on
>>>>>>>>>          > my dc's, and then all of a sudden ping started
>>>>>> working like it
>>>>>>>>>         should.
>>>>>>>>>          > But ALSO replication! Our 'WERR_BADFILE' errors
>>>>>> are gone now.
>>>>>>>>>          >
>>>>>>>>>          > Now, is this not something that should be much more
>>>>>>>> prominent in
>>>>>>>>>         the docs?
>>>>>>>>>
>>>>>>>>>         Thanks for providing this information. I'll try finding
>>>>>>>> out more about
>>>>>>>>>         that and add it to the documentation.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>         Regards,
>>>>>>>>>         Marc
>>>>>>>>>         --
>>>>>>>>>         To unsubscribe from this list go to the following URL
>>>>>>>> and read the
>>>>>>>>>         instructions:
>> https://lists.samba.org/mailman/options/samba
>>>>>>>>>
>>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL
>> and read the
>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list