[Samba] replication issues solved by adding GUID names to /etc/hosts

L.P.H. van Belle belle at bazuin.nl
Wed Aug 27 04:47:47 MDT 2014


and for me the DCs sernet samba 4.1.11 

i now that this : samba-tool drs showrepl =>>  Warning: No NC replicated for Connection! 
is not problem but the serverstat and the subRefs thats a new one for me. 

i'll go have a look into this. 


>-----Oorspronkelijk bericht-----
>Van: heupink at merit.unu.edu 
>[mailto:samba-bounces at lists.samba.org] Namens mourik jan 
>heupink - merit
>Verzonden: woensdag 27 augustus 2014 12:28
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] replication issues solved by adding 
>GUID names to /etc/hosts
>
>I can only say that on my site, the command finds no differences and I 
>have not been happier lately than I am now. :-)
>
>Are you also on 4.1.11? Because having read a little bit about 
>ldapcmp, 
>it seems that at some point it was enhanced a bit, to justify for 
>expected differences between dc's.
>
>Perhaps you are running an older version?
>
>On 8/27/2014 12:24, Rowland Penny wrote:
>> On 27/08/14 11:10, L.P.H. van Belle wrote:
>>>
>>> Good one, that one i didnt check yet..
>>> and argg... damn.. what the...
>>>
>>> Now im getting crazy...
>>>
>>> * Result for [DOMAIN]: FAILURE
>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>     serverState
>>>     msDS-NcType
>>>
>>> * Result for [CONFIGURATION]: FAILURE
>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>     subRefs
>>>     msDS-NcType
>>>
>>> * Result for [SCHEMA]: FAILURE
>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>     msDS-NcType
>>>
>>> * Result for [DNSFOREST]: FAILURE
>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>      msDS-NcType
>>>
>>> ERROR: Compare failed: -1
>>>
>>>
>>> Damn same here
>>> samba-tool drs showrepl
>>> success....
>>>
>>> so i can't trust the samba-tool :-(( ...
>>>
>>> but thanks.. now im into fixing
>>>
>>> Greetz..
>>>
>>> Louis
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: heupink at merit.unu.edu
>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>> heupink - merit
>>>> Verzonden: woensdag 27 augustus 2014 11:34
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>> GUID names to /etc/hosts
>>>>
>>>> Hi Louis,
>>>>
>>>> Ok, thanks for these instruction. I'll update the files, and my own
>>>> documentation to include all this.
>>>>
>>>> Nowadays I don't only check replication with samba-tool 
>drs showrepl,
>>>> because we have had issues (which were solved using the EXCELLENT
>>>> support from sernet!) where showrepl showed no errors, but 
>in fact the
>>>> DomainDnsZones were NOT in sync.
>>>>
>>>> So, in addition to showrepl I also use
>>>>
>>>> samba-tool ldapcmp ldap://dc2.samba.company.com
>>>> ldap://dc4.samba.company.com
>>>>
>>>> If that one also gives only "SUCCESS" then I trust my replication.
>>>>
>>>> I'm planning to write a little script to automatically verify my
>>>> databases regularly using the above two methods. If corruption ever
>>>> occurs again, I'd like to know about it immediately.
>>>>
>>>> Mourik Jan
>>>>
>>>> On 8/27/2014 11:15, L.P.H. van Belle wrote:
>>>>> Hai Mourik Jan,
>>>>>
>>>>> the hosts file.
>>>>> set it for all your servers like :
>>>>> 127.0.0.1    localhost (optional with: localhost.localdomain
>>>>   ( <== as is dont change localdomain ) )
>>>>> 192.87.x.y   dc4.company.com       dc4
>>>>>
>>>>> the 127.0.1.1 was put in your hosts because you installed
>>>> with a DHCP ip number at install and not a static ip.
>>>>> and for the resolv.conf
>>>>>
>>>>> search company.com
>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>
>>>>> nameserver 192.87.x.1 (=caching external dns)   ( <  should
>>>> not be needed, if you have the forwarders in bind )
>>>>> but imo cant harm, os resolving looks in resolv.conf and
>>>> processes in that order.
>>>>> and i suggest you check the dns entries with the windows
>>>> tool for dc2 and dc4 check the A and PTR records.
>>>>> If all is set ok, reboot the servers.
>>>>> and check again with samba-tool drs showrepl
>>>>>
>>>>> Louis
>>>>>
>>>>>
>>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: heupink at merit.unu.edu
>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>> heupink - merit
>>>>>> Verzonden: woensdag 27 augustus 2014 10:39
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>> GUID names to /etc/hosts
>>>>>>
>>>>>> Hi Louis,
>>>>>>
>>>>>> I tested name resolution using "host GUID._msdcs..." with all the
>>>>>> correct answers on all dc's, only ping failed.
>>>>>>
>>>>>> I now notice a small (but vital?) difference between
>>>> /etc/hosts on the
>>>>>> two DC's, and also in /etc/resolv.conf
>>>>>>
>>>>>> root at dc4:~# cat /etc/hosts
>>>>>> 127.0.0.1       localhost
>>>>>> 192.87.x.y   dc4.company.com       dc4
>>>>>>
>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>> ::1     localhost ip6-localhost ip6-loopback
>>>>>> ff02::1 ip6-allnodes
>>>>>> ff02::2 ip6-allrouters
>>>>>> root at dc4:~# cat /etc/resolv.conf
>>>>>> search company.com
>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>>
>>>>>>
>>>>>> root at DC2:~# cat /etc/hosts
>>>>>> 127.0.0.1       localhost
>>>>>> 127.0.1.1       DC2.company.com       DC2
>>>>>>
>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>> ::1     localhost ip6-localhost ip6-loopback
>>>>>> ff02::1 ip6-allnodes
>>>>>> ff02::2 ip6-allrouters
>>>>>> root at DC2:~# cat /etc/resolv.conf
>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>> root at DC2:~#
>>>>>>
>>>>>> (obviously these are /etc/hosts before I added the 
>GUID._msdcs...)
>>>>>>
>>>>>> Could these small differences (127.0.1.1 vs 192.87.x.y) 
>and (search
>>>>>> company.com vs no search) be responsible for the 
>observed behaviour?
>>>>>>
>>>>>> MJ
>>>>>>
>>>>>> On 8/27/2014 10:15, L.P.H. van Belle wrote:
>>>>>>> Ok.. wel and your sure the resolv.conf is correct?
>>>>>>> cat you post the hosts file and resolv.conf file. just 
>to be sure.
>>>>>>>
>>>>>>> i noticed, ( sernet samba) that after adding a DC, the
>>>>>> replication didnt work right a way.
>>>>>>> It needed a restart of the server. This was tested with
>>>>>> server samba 4.1.4-4.1.9
>>>>>>> and after the restart replication started working.
>>>>>>>
>>>>>>> Greetz,
>>>>>>>
>>>>>>> Louis
>>>>>>>
>>>>>>>
>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>> heupink - merit
>>>>>>>> Verzonden: woensdag 27 augustus 2014 10:08
>>>>>>>> Aan: samba at lists.samba.org
>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>> GUID names to /etc/hosts
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> Yes, what I'm saying is not that without the guid's in 
>/etc/hosts
>>>>>>>> replication will give errors. (we have had successful
>>>>>> replication here
>>>>>>>> as well)
>>>>>>>>
>>>>>>>> What I'm saying is, that there were some remaining
>>>> WERR_BADFILE repl
>>>>>>>> errors after adding a new dc. After waiting hours,
>>>> restarting samba
>>>>>>>> several times these did not go away.
>>>>>>>>
>>>>>>>> Then I read the post I mentioned, and added the GUID's to
>>>>>> /etc/hosts,
>>>>>>>> and immediately my WERR_BADFILE errors disappeared.
>>>>>>>>
>>>>>>>> I no expert, and again: we've always had successful
>>>>>>>> replication here as
>>>>>>>> well, without the entries in /etc/hosts. But these errors
>>>>>>>> remained, and
>>>>>>>> disappeared immediately after editing /etc/hosts.
>>>>>>>>
>>>>>>>> Plus there have been some more similar reports on this
>>>>>> list, I'd say:
>>>>>>>> where there is smoke, there is a fire.
>>>>>>>>
>>>>>>>> Some 'evidence' from the list archives, three different
>>>>>>>> threads over the
>>>>>>>> last year, similar problem, all sharing the same solution:
>>>>>>>>
>>>>>>>> http://marc.info/?l=samba&m=137032630404682&w=2
>>>>>>>> http://marc.info/?l=samba&m=137003992508143&w=2
>>>>>>>> http://marc.info/?l=samba&m=137000020326397&w=2
>>>>>>>>
>>>>>>>> Again: not saying that it will never work without the 
>entries in
>>>>>>>> /etc/hosts, but...
>>>>>>>>
>>>>>>>> Kind regards,
>>>>>>>> Mourik Jan
>>>>>>>>
>>>>>>>> On 8/27/2014 8:22, L.P.H. van Belle wrote:
>>>>>>>>> Hai Mourik Jan,
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> host
>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>> is an alias for rtd-dc1.internal.domain.tld.
>>>>>>>>> rtd-dc1.internal.domain.tld has address 192.168.0.1
>>>>>>>>> root at rtd-dc1:~# ping
>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>> ping: unknown host
>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>> and samba-tool drs showrepl shows 0 errors.
>>>>>>>>>
>>>>>>>>> Greetz,
>>>>>>>>>
>>>>>>>>> Louis
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>>>> heupink - merit
>>>>>>>>>> Verzonden: dinsdag 26 augustus 2014 22:59
>>>>>>>>>> Aan: Chan Min Wai; Marc Muehlfeld
>>>>>>>>>> CC: samba at lists.samba.org
>>>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>>>> GUID names to /etc/hosts
>>>>>>>>>>
>>>>>>>>>> Well, I can only tell you what I observed.
>>>>>>>>>>
>>>>>>>>>> Does ping to the GUID name of your DC's work on your
>>>>>>>> install? And for
>>>>>>>>>> others here? I am on regular fresh installed wheezy x64.
>>>>>>>>>>
>>>>>>>>>> MJ
>>>>>>>>>>
>>>>>>>>>> On 08/26/2014 09:06 PM, Chan Min Wai wrote:
>>>>>>>>>>> Dear Mourik Jan,
>>>>>>>>>>>
>>>>>>>>>>> I would have to say that something was not right on your
>>>>>>>>>> system library.
>>>>>>>>>>> I'm sorry that I cannot tell you which one.
>>>>>>>>>>>
>>>>>>>>>>> I was having this issue on my gentoo and recently found the
>>>>>>>>>> problem was
>>>>>>>>>>> with my LDflags..
>>>>>>>>>>> I've to comment the one I normally use and leave it as
>>>> default..
>>>>>>>>>>> Where other are basically unchanged...
>>>>>>>>>>>
>>>>>>>>>>> And now my DC can replicate between each other without the
>>>>>>>> /etc/hosts
>>>>>>>>>>> modification.
>>>>>>>>>>>
>>>>>>>>>>> Hope this help....
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Aug 27, 2014 at 2:36 AM, Marc Muehlfeld
>>>>>>>> <mmuehlfeld at samba.org
>>>>>>>>>>> <mailto:mmuehlfeld at samba.org>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>         Hello Mourik Jan,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>         Am 26.08.2014 20:24, schrieb mourik jan 
>heupink - merit:
>>>>>>>>>>>          > We were having replication issues on wheezy with
>>>>>>>>>> sernet-samba-4.1.11.
>>>>>>>>>>>          >
>>>>>>>>>>>          > Searching the list I found the following post:
>>>>>>>>>>>          > http://marc.info/?l=samba&m=136999742625184&w=2
>>>>>>>>>>>          >
>>>>>>>>>>>          > It says basically that if you are unable 
>to *ping*
>>>>>>>>>> the GUID names for
>>>>>>>>>>>          > your dc's, you might be experiencing a glibc
>>>>>>>> error, where dns
>>>>>>>>>>>         names with
>>>>>>>>>>>          > an underscore are not properly resolved.
>>>>>>>>>>>          >
>>>>>>>>>>>          > Note: dns is basically correct, 'host' 
>gives all the
>>>>>>>>>> correct answers,
>>>>>>>>>>>          > samba_dnsupdate on all dc's says: no dns updates
>>>>>>>> are needed.
>>>>>>>>>>>          >
>>>>>>>>>>>          > The fix in the post, is to add GUID names to
>>>>>>>>>> /etc/hosts which I
>>>>>>>>>>>         did on
>>>>>>>>>>>          > my dc's, and then all of a sudden ping started
>>>>>>>> working like it
>>>>>>>>>>>         should.
>>>>>>>>>>>          > But ALSO replication! Our 'WERR_BADFILE' errors
>>>>>>>> are gone now.
>>>>>>>>>>>          >
>>>>>>>>>>>          > Now, is this not something that should 
>be much more
>>>>>>>>>> prominent in
>>>>>>>>>>>         the docs?
>>>>>>>>>>>
>>>>>>>>>>>         Thanks for providing this information. I'll 
>try finding
>>>>>>>>>> out more about
>>>>>>>>>>>         that and add it to the documentation.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>         Regards,
>>>>>>>>>>>         Marc
>>>>>>>>>>>         --
>>>>>>>>>>>         To unsubscribe from this list go to the 
>following URL
>>>>>>>>>> and read the
>>>>>>>>>>>         instructions:
>>>> https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> To unsubscribe from this list go to the following URL
>>>> and read the
>>>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL 
>and read the
>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL 
>and read the
>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>> Hi Louis, I had never tried that command before, so I did and got the
>> same results as you, quick google told me that the missing attributes
>> are to do with NC replication. Like you, I am now wondering 
>if there is
>> something wrong and if so, how do I fix it.
>>
>> Rowland
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list