[Samba] replication issues solved by adding GUID names to /etc/hosts

mourik jan heupink - merit heupink at merit.unu.edu
Wed Aug 27 05:08:54 MDT 2014 

Ok, here is what sernet just told me on ldapcmp:

<quote>
Yes, there're a few non replicated attributes, which should be generated
localy. This is a known bug, but I not a critical one
as either don't use these attributes or they would just
have the default value anyway.

We could improve ldapcmp, so that it ignores non-replicated attributes
and/or at least meantion that these are non-replicated attributes.
</quote>

This could perhaps this means that:

Perhaps I have no differences NOW, because I just added the dc 
yesterday, everything got replicated, and none of the non-replicated 
attributes have (yet) been altered?

Perhaps your problems are not that big..?

MJ

On 8/27/2014 12:47, L.P.H. van Belle wrote:
> and for me the DCs sernet samba 4.1.11
>
> i now that this : samba-tool drs showrepl =>>  Warning: No NC replicated for Connection!
> is not problem but the serverstat and the subRefs thats a new one for me.
>
> i'll go have a look into this.
>
>
>> -----Oorspronkelijk bericht-----
>> Van: heupink at merit.unu.edu
>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink - merit
>> Verzonden: woensdag 27 augustus 2014 12:28
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] replication issues solved by adding
>> GUID names to /etc/hosts
>>
>> I can only say that on my site, the command finds no differences and I
>> have not been happier lately than I am now. :-)
>>
>> Are you also on 4.1.11? Because having read a little bit about
>> ldapcmp,
>> it seems that at some point it was enhanced a bit, to justify for
>> expected differences between dc's.
>>
>> Perhaps you are running an older version?
>>
>> On 8/27/2014 12:24, Rowland Penny wrote:
>>> On 27/08/14 11:10, L.P.H. van Belle wrote:
>>>>
>>>> Good one, that one i didnt check yet..
>>>> and argg... damn.. what the...
>>>>
>>>> Now im getting crazy...
>>>>
>>>> * Result for [DOMAIN]: FAILURE
>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>      serverState
>>>>      msDS-NcType
>>>>
>>>> * Result for [CONFIGURATION]: FAILURE
>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>      subRefs
>>>>      msDS-NcType
>>>>
>>>> * Result for [SCHEMA]: FAILURE
>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>      msDS-NcType
>>>>
>>>> * Result for [DNSFOREST]: FAILURE
>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>       msDS-NcType
>>>>
>>>> ERROR: Compare failed: -1
>>>>
>>>>
>>>> Damn same here
>>>> samba-tool drs showrepl
>>>> success....
>>>>
>>>> so i can't trust the samba-tool :-(( ...
>>>>
>>>> but thanks.. now im into fixing
>>>>
>>>> Greetz..
>>>>
>>>> Louis
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: heupink at merit.unu.edu
>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>> heupink - merit
>>>>> Verzonden: woensdag 27 augustus 2014 11:34
>>>>> Aan: samba at lists.samba.org
>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>> GUID names to /etc/hosts
>>>>>
>>>>> Hi Louis,
>>>>>
>>>>> Ok, thanks for these instruction. I'll update the files, and my own
>>>>> documentation to include all this.
>>>>>
>>>>> Nowadays I don't only check replication with samba-tool
>> drs showrepl,
>>>>> because we have had issues (which were solved using the EXCELLENT
>>>>> support from sernet!) where showrepl showed no errors, but
>> in fact the
>>>>> DomainDnsZones were NOT in sync.
>>>>>
>>>>> So, in addition to showrepl I also use
>>>>>
>>>>> samba-tool ldapcmp ldap://dc2.samba.company.com
>>>>> ldap://dc4.samba.company.com
>>>>>
>>>>> If that one also gives only "SUCCESS" then I trust my replication.
>>>>>
>>>>> I'm planning to write a little script to automatically verify my
>>>>> databases regularly using the above two methods. If corruption ever
>>>>> occurs again, I'd like to know about it immediately.
>>>>>
>>>>> Mourik Jan
>>>>>
>>>>> On 8/27/2014 11:15, L.P.H. van Belle wrote:
>>>>>> Hai Mourik Jan,
>>>>>>
>>>>>> the hosts file.
>>>>>> set it for all your servers like :
>>>>>> 127.0.0.1    localhost (optional with: localhost.localdomain
>>>>>    ( <== as is dont change localdomain ) )
>>>>>> 192.87.x.y   dc4.company.com       dc4
>>>>>>
>>>>>> the 127.0.1.1 was put in your hosts because you installed
>>>>> with a DHCP ip number at install and not a static ip.
>>>>>> and for the resolv.conf
>>>>>>
>>>>>> search company.com
>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>
>>>>>> nameserver 192.87.x.1 (=caching external dns)   ( <  should
>>>>> not be needed, if you have the forwarders in bind )
>>>>>> but imo cant harm, os resolving looks in resolv.conf and
>>>>> processes in that order.
>>>>>> and i suggest you check the dns entries with the windows
>>>>> tool for dc2 and dc4 check the A and PTR records.
>>>>>> If all is set ok, reboot the servers.
>>>>>> and check again with samba-tool drs showrepl
>>>>>>
>>>>>> Louis
>>>>>>
>>>>>>
>>>>>>
>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>> Van: heupink at merit.unu.edu
>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>> heupink - merit
>>>>>>> Verzonden: woensdag 27 augustus 2014 10:39
>>>>>>> Aan: samba at lists.samba.org
>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>> GUID names to /etc/hosts
>>>>>>>
>>>>>>> Hi Louis,
>>>>>>>
>>>>>>> I tested name resolution using "host GUID._msdcs..." with all the
>>>>>>> correct answers on all dc's, only ping failed.
>>>>>>>
>>>>>>> I now notice a small (but vital?) difference between
>>>>> /etc/hosts on the
>>>>>>> two DC's, and also in /etc/resolv.conf
>>>>>>>
>>>>>>> root at dc4:~# cat /etc/hosts
>>>>>>> 127.0.0.1       localhost
>>>>>>> 192.87.x.y   dc4.company.com       dc4
>>>>>>>
>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>> ::1     localhost ip6-localhost ip6-loopback
>>>>>>> ff02::1 ip6-allnodes
>>>>>>> ff02::2 ip6-allrouters
>>>>>>> root at dc4:~# cat /etc/resolv.conf
>>>>>>> search company.com
>>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>>>
>>>>>>>
>>>>>>> root at DC2:~# cat /etc/hosts
>>>>>>> 127.0.0.1       localhost
>>>>>>> 127.0.1.1       DC2.company.com       DC2
>>>>>>>
>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>> ::1     localhost ip6-localhost ip6-loopback
>>>>>>> ff02::1 ip6-allnodes
>>>>>>> ff02::2 ip6-allrouters
>>>>>>> root at DC2:~# cat /etc/resolv.conf
>>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>>> root at DC2:~#
>>>>>>>
>>>>>>> (obviously these are /etc/hosts before I added the
>> GUID._msdcs...)
>>>>>>>
>>>>>>> Could these small differences (127.0.1.1 vs 192.87.x.y)
>> and (search
>>>>>>> company.com vs no search) be responsible for the
>> observed behaviour?
>>>>>>>
>>>>>>> MJ
>>>>>>>
>>>>>>> On 8/27/2014 10:15, L.P.H. van Belle wrote:
>>>>>>>> Ok.. wel and your sure the resolv.conf is correct?
>>>>>>>> cat you post the hosts file and resolv.conf file. just
>> to be sure.
>>>>>>>>
>>>>>>>> i noticed, ( sernet samba) that after adding a DC, the
>>>>>>> replication didnt work right a way.
>>>>>>>> It needed a restart of the server. This was tested with
>>>>>>> server samba 4.1.4-4.1.9
>>>>>>>> and after the restart replication started working.
>>>>>>>>
>>>>>>>> Greetz,
>>>>>>>>
>>>>>>>> Louis
>>>>>>>>
>>>>>>>>
>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>>> heupink - merit
>>>>>>>>> Verzonden: woensdag 27 augustus 2014 10:08
>>>>>>>>> Aan: samba at lists.samba.org
>>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>>> GUID names to /etc/hosts
>>>>>>>>>
>>>>>>>>> Hi,
>>>>>>>>>
>>>>>>>>> Yes, what I'm saying is not that without the guid's in
>> /etc/hosts
>>>>>>>>> replication will give errors. (we have had successful
>>>>>>> replication here
>>>>>>>>> as well)
>>>>>>>>>
>>>>>>>>> What I'm saying is, that there were some remaining
>>>>> WERR_BADFILE repl
>>>>>>>>> errors after adding a new dc. After waiting hours,
>>>>> restarting samba
>>>>>>>>> several times these did not go away.
>>>>>>>>>
>>>>>>>>> Then I read the post I mentioned, and added the GUID's to
>>>>>>> /etc/hosts,
>>>>>>>>> and immediately my WERR_BADFILE errors disappeared.
>>>>>>>>>
>>>>>>>>> I no expert, and again: we've always had successful
>>>>>>>>> replication here as
>>>>>>>>> well, without the entries in /etc/hosts. But these errors
>>>>>>>>> remained, and
>>>>>>>>> disappeared immediately after editing /etc/hosts.
>>>>>>>>>
>>>>>>>>> Plus there have been some more similar reports on this
>>>>>>> list, I'd say:
>>>>>>>>> where there is smoke, there is a fire.
>>>>>>>>>
>>>>>>>>> Some 'evidence' from the list archives, three different
>>>>>>>>> threads over the
>>>>>>>>> last year, similar problem, all sharing the same solution:
>>>>>>>>>
>>>>>>>>> http://marc.info/?l=samba&m=137032630404682&w=2
>>>>>>>>> http://marc.info/?l=samba&m=137003992508143&w=2
>>>>>>>>> http://marc.info/?l=samba&m=137000020326397&w=2
>>>>>>>>>
>>>>>>>>> Again: not saying that it will never work without the
>> entries in
>>>>>>>>> /etc/hosts, but...
>>>>>>>>>
>>>>>>>>> Kind regards,
>>>>>>>>> Mourik Jan
>>>>>>>>>
>>>>>>>>> On 8/27/2014 8:22, L.P.H. van Belle wrote:
>>>>>>>>>> Hai Mourik Jan,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> host
>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>> is an alias for rtd-dc1.internal.domain.tld.
>>>>>>>>>> rtd-dc1.internal.domain.tld has address 192.168.0.1
>>>>>>>>>> root at rtd-dc1:~# ping
>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>> ping: unknown host
>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>> and samba-tool drs showrepl shows 0 errors.
>>>>>>>>>>
>>>>>>>>>> Greetz,
>>>>>>>>>>
>>>>>>>>>> Louis
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>>>>> heupink - merit
>>>>>>>>>>> Verzonden: dinsdag 26 augustus 2014 22:59
>>>>>>>>>>> Aan: Chan Min Wai; Marc Muehlfeld
>>>>>>>>>>> CC: samba at lists.samba.org
>>>>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>>>>> GUID names to /etc/hosts
>>>>>>>>>>>
>>>>>>>>>>> Well, I can only tell you what I observed.
>>>>>>>>>>>
>>>>>>>>>>> Does ping to the GUID name of your DC's work on your
>>>>>>>>> install? And for
>>>>>>>>>>> others here? I am on regular fresh installed wheezy x64.
>>>>>>>>>>>
>>>>>>>>>>> MJ
>>>>>>>>>>>
>>>>>>>>>>> On 08/26/2014 09:06 PM, Chan Min Wai wrote:
>>>>>>>>>>>> Dear Mourik Jan,
>>>>>>>>>>>>
>>>>>>>>>>>> I would have to say that something was not right on your
>>>>>>>>>>> system library.
>>>>>>>>>>>> I'm sorry that I cannot tell you which one.
>>>>>>>>>>>>
>>>>>>>>>>>> I was having this issue on my gentoo and recently found the
>>>>>>>>>>> problem was
>>>>>>>>>>>> with my LDflags..
>>>>>>>>>>>> I've to comment the one I normally use and leave it as
>>>>> default..
>>>>>>>>>>>> Where other are basically unchanged...
>>>>>>>>>>>>
>>>>>>>>>>>> And now my DC can replicate between each other without the
>>>>>>>>> /etc/hosts
>>>>>>>>>>>> modification.
>>>>>>>>>>>>
>>>>>>>>>>>> Hope this help....
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Aug 27, 2014 at 2:36 AM, Marc Muehlfeld
>>>>>>>>> <mmuehlfeld at samba.org
>>>>>>>>>>>> <mailto:mmuehlfeld at samba.org>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>          Hello Mourik Jan,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>          Am 26.08.2014 20:24, schrieb mourik jan
>> heupink - merit:
>>>>>>>>>>>>           > We were having replication issues on wheezy with
>>>>>>>>>>> sernet-samba-4.1.11.
>>>>>>>>>>>>           >
>>>>>>>>>>>>           > Searching the list I found the following post:
>>>>>>>>>>>>           > http://marc.info/?l=samba&m=136999742625184&w=2
>>>>>>>>>>>>           >
>>>>>>>>>>>>           > It says basically that if you are unable
>> to *ping*
>>>>>>>>>>> the GUID names for
>>>>>>>>>>>>           > your dc's, you might be experiencing a glibc
>>>>>>>>> error, where dns
>>>>>>>>>>>>          names with
>>>>>>>>>>>>           > an underscore are not properly resolved.
>>>>>>>>>>>>           >
>>>>>>>>>>>>           > Note: dns is basically correct, 'host'
>> gives all the
>>>>>>>>>>> correct answers,
>>>>>>>>>>>>           > samba_dnsupdate on all dc's says: no dns updates
>>>>>>>>> are needed.
>>>>>>>>>>>>           >
>>>>>>>>>>>>           > The fix in the post, is to add GUID names to
>>>>>>>>>>> /etc/hosts which I
>>>>>>>>>>>>          did on
>>>>>>>>>>>>           > my dc's, and then all of a sudden ping started
>>>>>>>>> working like it
>>>>>>>>>>>>          should.
>>>>>>>>>>>>           > But ALSO replication! Our 'WERR_BADFILE' errors
>>>>>>>>> are gone now.
>>>>>>>>>>>>           >
>>>>>>>>>>>>           > Now, is this not something that should
>> be much more
>>>>>>>>>>> prominent in
>>>>>>>>>>>>          the docs?
>>>>>>>>>>>>
>>>>>>>>>>>>          Thanks for providing this information. I'll
>> try finding
>>>>>>>>>>> out more about
>>>>>>>>>>>>          that and add it to the documentation.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>          Regards,
>>>>>>>>>>>>          Marc
>>>>>>>>>>>>          --
>>>>>>>>>>>>          To unsubscribe from this list go to the
>> following URL
>>>>>>>>>>> and read the
>>>>>>>>>>>>          instructions:
>>>>> https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> To unsubscribe from this list go to the following URL
>>>>> and read the
>>>>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> To unsubscribe from this list go to the following URL
>> and read the
>>>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>>>
>>>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL
>> and read the
>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>> Hi Louis, I had never tried that command before, so I did and got the
>>> same results as you, quick google told me that the missing attributes
>>> are to do with NC replication. Like you, I am now wondering
>> if there is
>>> something wrong and if so, how do I fix it.
>>>
>>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

More information about the samba mailing list