[Samba] replication issues solved by adding GUID names to /etc/hosts
Rowland Penny
rowlandpenny at googlemail.com
Wed Aug 27 05:19:55 MDT 2014
On 27/08/14 12:05, Rowland Penny wrote:
> On 27/08/14 11:47, L.P.H. van Belle wrote:
>> and for me the DCs sernet samba 4.1.11
>>
>> i now that this : samba-tool drs showrepl =>> Warning: No NC
>> replicated for Connection!
>> is not problem but the serverstat and the subRefs thats a new one for
>> me.
>>
>> i'll go have a look into this.
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: heupink at merit.unu.edu
>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>> heupink - merit
>>> Verzonden: woensdag 27 augustus 2014 12:28
>>> Aan: samba at lists.samba.org
>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>> GUID names to /etc/hosts
>>>
>>> I can only say that on my site, the command finds no differences and I
>>> have not been happier lately than I am now. :-)
>>>
>>> Are you also on 4.1.11? Because having read a little bit about
>>> ldapcmp,
>>> it seems that at some point it was enhanced a bit, to justify for
>>> expected differences between dc's.
>>>
>>> Perhaps you are running an older version?
>>>
>>> On 8/27/2014 12:24, Rowland Penny wrote:
>>>> On 27/08/14 11:10, L.P.H. van Belle wrote:
>>>>> Good one, that one i didnt check yet..
>>>>> and argg... damn.. what the...
>>>>>
>>>>> Now im getting crazy...
>>>>>
>>>>> * Result for [DOMAIN]: FAILURE
>>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>> serverState
>>>>> msDS-NcType
>>>>>
>>>>> * Result for [CONFIGURATION]: FAILURE
>>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>> subRefs
>>>>> msDS-NcType
>>>>>
>>>>> * Result for [SCHEMA]: FAILURE
>>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>> msDS-NcType
>>>>>
>>>>> * Result for [DNSFOREST]: FAILURE
>>>>> Attributes found only in ldap://dc1.internal.domain.tld
>>>>> msDS-NcType
>>>>>
>>>>> ERROR: Compare failed: -1
>>>>>
>>>>>
>>>>> Damn same here
>>>>> samba-tool drs showrepl
>>>>> success....
>>>>>
>>>>> so i can't trust the samba-tool :-(( ...
>>>>>
>>>>> but thanks.. now im into fixing
>>>>>
>>>>> Greetz..
>>>>>
>>>>> Louis
>>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: heupink at merit.unu.edu
>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>> heupink - merit
>>>>>> Verzonden: woensdag 27 augustus 2014 11:34
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>> GUID names to /etc/hosts
>>>>>>
>>>>>> Hi Louis,
>>>>>>
>>>>>> Ok, thanks for these instruction. I'll update the files, and my own
>>>>>> documentation to include all this.
>>>>>>
>>>>>> Nowadays I don't only check replication with samba-tool
>>> drs showrepl,
>>>>>> because we have had issues (which were solved using the EXCELLENT
>>>>>> support from sernet!) where showrepl showed no errors, but
>>> in fact the
>>>>>> DomainDnsZones were NOT in sync.
>>>>>>
>>>>>> So, in addition to showrepl I also use
>>>>>>
>>>>>> samba-tool ldapcmp ldap://dc2.samba.company.com
>>>>>> ldap://dc4.samba.company.com
>>>>>>
>>>>>> If that one also gives only "SUCCESS" then I trust my replication.
>>>>>>
>>>>>> I'm planning to write a little script to automatically verify my
>>>>>> databases regularly using the above two methods. If corruption ever
>>>>>> occurs again, I'd like to know about it immediately.
>>>>>>
>>>>>> Mourik Jan
>>>>>>
>>>>>> On 8/27/2014 11:15, L.P.H. van Belle wrote:
>>>>>>> Hai Mourik Jan,
>>>>>>>
>>>>>>> the hosts file.
>>>>>>> set it for all your servers like :
>>>>>>> 127.0.0.1 localhost (optional with: localhost.localdomain
>>>>>> ( <== as is dont change localdomain ) )
>>>>>>> 192.87.x.y dc4.company.com dc4
>>>>>>>
>>>>>>> the 127.0.1.1 was put in your hosts because you installed
>>>>>> with a DHCP ip number at install and not a static ip.
>>>>>>> and for the resolv.conf
>>>>>>>
>>>>>>> search company.com
>>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>>
>>>>>>> nameserver 192.87.x.1 (=caching external dns) ( < should
>>>>>> not be needed, if you have the forwarders in bind )
>>>>>>> but imo cant harm, os resolving looks in resolv.conf and
>>>>>> processes in that order.
>>>>>>> and i suggest you check the dns entries with the windows
>>>>>> tool for dc2 and dc4 check the A and PTR records.
>>>>>>> If all is set ok, reboot the servers.
>>>>>>> and check again with samba-tool drs showrepl
>>>>>>>
>>>>>>> Louis
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>> heupink - merit
>>>>>>>> Verzonden: woensdag 27 augustus 2014 10:39
>>>>>>>> Aan: samba at lists.samba.org
>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>> GUID names to /etc/hosts
>>>>>>>>
>>>>>>>> Hi Louis,
>>>>>>>>
>>>>>>>> I tested name resolution using "host GUID._msdcs..." with all the
>>>>>>>> correct answers on all dc's, only ping failed.
>>>>>>>>
>>>>>>>> I now notice a small (but vital?) difference between
>>>>>> /etc/hosts on the
>>>>>>>> two DC's, and also in /etc/resolv.conf
>>>>>>>>
>>>>>>>> root at dc4:~# cat /etc/hosts
>>>>>>>> 127.0.0.1 localhost
>>>>>>>> 192.87.x.y dc4.company.com dc4
>>>>>>>>
>>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>>> ::1 localhost ip6-localhost ip6-loopback
>>>>>>>> ff02::1 ip6-allnodes
>>>>>>>> ff02::2 ip6-allrouters
>>>>>>>> root at dc4:~# cat /etc/resolv.conf
>>>>>>>> search company.com
>>>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>>>>
>>>>>>>>
>>>>>>>> root at DC2:~# cat /etc/hosts
>>>>>>>> 127.0.0.1 localhost
>>>>>>>> 127.0.1.1 DC2.company.com DC2
>>>>>>>>
>>>>>>>> # The following lines are desirable for IPv6 capable hosts
>>>>>>>> ::1 localhost ip6-localhost ip6-loopback
>>>>>>>> ff02::1 ip6-allnodes
>>>>>>>> ff02::2 ip6-allrouters
>>>>>>>> root at DC2:~# cat /etc/resolv.conf
>>>>>>>> nameserver 192.87.x.y4 (=dc4)
>>>>>>>> nameserver 192.87.x.y5 (=dc2)
>>>>>>>> nameserver 192.87.x.1 (=caching external dns)
>>>>>>>> root at DC2:~#
>>>>>>>>
>>>>>>>> (obviously these are /etc/hosts before I added the
>>> GUID._msdcs...)
>>>>>>>> Could these small differences (127.0.1.1 vs 192.87.x.y)
>>> and (search
>>>>>>>> company.com vs no search) be responsible for the
>>> observed behaviour?
>>>>>>>> MJ
>>>>>>>>
>>>>>>>> On 8/27/2014 10:15, L.P.H. van Belle wrote:
>>>>>>>>> Ok.. wel and your sure the resolv.conf is correct?
>>>>>>>>> cat you post the hosts file and resolv.conf file. just
>>> to be sure.
>>>>>>>>> i noticed, ( sernet samba) that after adding a DC, the
>>>>>>>> replication didnt work right a way.
>>>>>>>>> It needed a restart of the server. This was tested with
>>>>>>>> server samba 4.1.4-4.1.9
>>>>>>>>> and after the restart replication started working.
>>>>>>>>>
>>>>>>>>> Greetz,
>>>>>>>>>
>>>>>>>>> Louis
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>>>> heupink - merit
>>>>>>>>>> Verzonden: woensdag 27 augustus 2014 10:08
>>>>>>>>>> Aan: samba at lists.samba.org
>>>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>>>> GUID names to /etc/hosts
>>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Yes, what I'm saying is not that without the guid's in
>>> /etc/hosts
>>>>>>>>>> replication will give errors. (we have had successful
>>>>>>>> replication here
>>>>>>>>>> as well)
>>>>>>>>>>
>>>>>>>>>> What I'm saying is, that there were some remaining
>>>>>> WERR_BADFILE repl
>>>>>>>>>> errors after adding a new dc. After waiting hours,
>>>>>> restarting samba
>>>>>>>>>> several times these did not go away.
>>>>>>>>>>
>>>>>>>>>> Then I read the post I mentioned, and added the GUID's to
>>>>>>>> /etc/hosts,
>>>>>>>>>> and immediately my WERR_BADFILE errors disappeared.
>>>>>>>>>>
>>>>>>>>>> I no expert, and again: we've always had successful
>>>>>>>>>> replication here as
>>>>>>>>>> well, without the entries in /etc/hosts. But these errors
>>>>>>>>>> remained, and
>>>>>>>>>> disappeared immediately after editing /etc/hosts.
>>>>>>>>>>
>>>>>>>>>> Plus there have been some more similar reports on this
>>>>>>>> list, I'd say:
>>>>>>>>>> where there is smoke, there is a fire.
>>>>>>>>>>
>>>>>>>>>> Some 'evidence' from the list archives, three different
>>>>>>>>>> threads over the
>>>>>>>>>> last year, similar problem, all sharing the same solution:
>>>>>>>>>>
>>>>>>>>>> http://marc.info/?l=samba&m=137032630404682&w=2
>>>>>>>>>> http://marc.info/?l=samba&m=137003992508143&w=2
>>>>>>>>>> http://marc.info/?l=samba&m=137000020326397&w=2
>>>>>>>>>>
>>>>>>>>>> Again: not saying that it will never work without the
>>> entries in
>>>>>>>>>> /etc/hosts, but...
>>>>>>>>>>
>>>>>>>>>> Kind regards,
>>>>>>>>>> Mourik Jan
>>>>>>>>>>
>>>>>>>>>> On 8/27/2014 8:22, L.P.H. van Belle wrote:
>>>>>>>>>>> Hai Mourik Jan,
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> host
>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>> is an alias for rtd-dc1.internal.domain.tld.
>>>>>>>>>>> rtd-dc1.internal.domain.tld has address 192.168.0.1
>>>>>>>>>>> root at rtd-dc1:~# ping
>>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>>> ping: unknown host
>>>>>>>>>> bd6bdc30-c9b2-4fd4-9bdc-4230fec98d59._msdcs.internal.domain.tld
>>>>>>>>>>> and samba-tool drs showrepl shows 0 errors.
>>>>>>>>>>>
>>>>>>>>>>> Greetz,
>>>>>>>>>>>
>>>>>>>>>>> Louis
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>>>>> Van: heupink at merit.unu.edu
>>>>>>>>>>>> [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>>>>>>>>>>>> heupink - merit
>>>>>>>>>>>> Verzonden: dinsdag 26 augustus 2014 22:59
>>>>>>>>>>>> Aan: Chan Min Wai; Marc Muehlfeld
>>>>>>>>>>>> CC: samba at lists.samba.org
>>>>>>>>>>>> Onderwerp: Re: [Samba] replication issues solved by adding
>>>>>>>>>>>> GUID names to /etc/hosts
>>>>>>>>>>>>
>>>>>>>>>>>> Well, I can only tell you what I observed.
>>>>>>>>>>>>
>>>>>>>>>>>> Does ping to the GUID name of your DC's work on your
>>>>>>>>>> install? And for
>>>>>>>>>>>> others here? I am on regular fresh installed wheezy x64.
>>>>>>>>>>>>
>>>>>>>>>>>> MJ
>>>>>>>>>>>>
>>>>>>>>>>>> On 08/26/2014 09:06 PM, Chan Min Wai wrote:
>>>>>>>>>>>>> Dear Mourik Jan,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I would have to say that something was not right on your
>>>>>>>>>>>> system library.
>>>>>>>>>>>>> I'm sorry that I cannot tell you which one.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I was having this issue on my gentoo and recently found the
>>>>>>>>>>>> problem was
>>>>>>>>>>>>> with my LDflags..
>>>>>>>>>>>>> I've to comment the one I normally use and leave it as
>>>>>> default..
>>>>>>>>>>>>> Where other are basically unchanged...
>>>>>>>>>>>>>
>>>>>>>>>>>>> And now my DC can replicate between each other without the
>>>>>>>>>> /etc/hosts
>>>>>>>>>>>>> modification.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hope this help....
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Aug 27, 2014 at 2:36 AM, Marc Muehlfeld
>>>>>>>>>> <mmuehlfeld at samba.org
>>>>>>>>>>>>> <mailto:mmuehlfeld at samba.org>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Mourik Jan,
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Am 26.08.2014 20:24, schrieb mourik jan
>>> heupink - merit:
>>>>>>>>>>>>> > We were having replication issues on wheezy with
>>>>>>>>>>>> sernet-samba-4.1.11.
>>>>>>>>>>>>> >
>>>>>>>>>>>>> > Searching the list I found the following post:
>>>>>>>>>>>>> > http://marc.info/?l=samba&m=136999742625184&w=2
>>>>>>>>>>>>> >
>>>>>>>>>>>>> > It says basically that if you are unable
>>> to *ping*
>>>>>>>>>>>> the GUID names for
>>>>>>>>>>>>> > your dc's, you might be experiencing a glibc
>>>>>>>>>> error, where dns
>>>>>>>>>>>>> names with
>>>>>>>>>>>>> > an underscore are not properly resolved.
>>>>>>>>>>>>> >
>>>>>>>>>>>>> > Note: dns is basically correct, 'host'
>>> gives all the
>>>>>>>>>>>> correct answers,
>>>>>>>>>>>>> > samba_dnsupdate on all dc's says: no dns updates
>>>>>>>>>> are needed.
>>>>>>>>>>>>> >
>>>>>>>>>>>>> > The fix in the post, is to add GUID names to
>>>>>>>>>>>> /etc/hosts which I
>>>>>>>>>>>>> did on
>>>>>>>>>>>>> > my dc's, and then all of a sudden ping started
>>>>>>>>>> working like it
>>>>>>>>>>>>> should.
>>>>>>>>>>>>> > But ALSO replication! Our 'WERR_BADFILE' errors
>>>>>>>>>> are gone now.
>>>>>>>>>>>>> >
>>>>>>>>>>>>> > Now, is this not something that should
>>> be much more
>>>>>>>>>>>> prominent in
>>>>>>>>>>>>> the docs?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks for providing this information. I'll
>>> try finding
>>>>>>>>>>>> out more about
>>>>>>>>>>>>> that and add it to the documentation.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Marc
>>>>>>>>>>>>> --
>>>>>>>>>>>>> To unsubscribe from this list go to the
>>> following URL
>>>>>>>>>>>> and read the
>>>>>>>>>>>>> instructions:
>>>>>> https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>> --
>>>>>>>>>>>> To unsubscribe from this list go to the following URL
>>>>>> and read the
>>>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> To unsubscribe from this list go to the following URL
>>> and read the
>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL
>>> and read the
>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>>
>>>> Hi Louis, I had never tried that command before, so I did and got the
>>>> same results as you, quick google told me that the missing attributes
>>>> are to do with NC replication. Like you, I am now wondering
>>> if there is
>>>> something wrong and if so, how do I fix it.
>>>>
>>>> Rowland
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
> OK, I have found this:
> https://lists.samba.org/archive/samba/2013-December/177174.html
>
> Wonder if anybody came up with a patch ?
>
> Rowland
OK, based on Andrew saying that these attributes are not supposed to
replicate, I changed
'/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py' from line 397
to this:
# Attributes that are considered always to be different e.g
based on timestamp etc.
#
# One domain - two domain controllers
self.ignore_attributes = [
# Default Naming Context
"lastLogon", "lastLogoff", "badPwdCount", "logonCount",
"badPasswordTime", "modifiedCount",
"operatingSystemVersion","oEMInformation","msDS-NcType","subRefs","serverState",
"ridNextRID", "rIDPreviousAllocationPool",
# Configuration Naming Context
"repsFrom", "dSCorePropagationData",
"msExchServer1HighestUSN",
"replUpToDateVector", "repsTo", "whenChanged",
"uSNChanged", "uSNCreated",
I now get this:
* Comparing [DOMAIN] context...
* Objects to be compared: 275
* Result for [DOMAIN]: SUCCESS
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1615
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1561
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 54
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 18
* Result for [DNSFOREST]: SUCCESS
That seems to be a success to me ;-)
Rowland
More information about the samba
mailing list