[Samba] samba4 replication issues | sam.ldb inconsistency

mourik jan heupink - merit heupink at merit.unu.edu
Tue Jul 8 09:58:32 MDT 2014 

Hi all,

We seem to have some issues with our samba4 ad setup. I posted about 
this last week already but had received no replies at all so far. :-(

What is our situation:

two domain controllers (dc1 and dc2), one (separate) fileserver, all 
running sernet-4.1.7. From the workstations perspective, everything is 
running as it should, there appear to be no issues.

However: something in my replication has gone wrong... on dc2:

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=samba,DC=company,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 81a27497-bdfb-4977-9874-675bbfba490f
                 Last attempt @ Tue Jul  8 17:12:09 2014 CEST failed, 
result 8442 (WERR_DS_DRA_INTERNAL_ERROR)
                 3252 consecutive failure(s).
                 Last success @ Tue Jul  1 16:34:57 2014 CEST

CN=Configuration,DC=samba,DC=company,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 81a27497-bdfb-4977-9874-675bbfba490f
                 Last attempt @ Tue Jul  8 17:12:10 2014 CEST was successful
                 0 consecutive failure(s).
                 Last success @ Tue Jul  8 17:12:10 2014 CEST
(the rest all replicates succesfully)

Then, to verify integrity of DC=DomainDnsZones on dc1, I type:

root at dc1:/var/log/samba# samba-tool dbcheck --cross-ncs
ltdb: 
tdb(/var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,DC=COM.ldb): 
tdb_rec_read bad magic 0x198 at offset=1044437120
ERROR(ldb): uncaught exception - Indexed and full searches both failed!

On dc2 the same "samba-tool dbcheck cross-ncs" says: "checking 187478 
objects". Has been running for many hours now, I have no idea how far it 
is. The server is pretty buzy doing it.

So, my working conclusion is that on DC1 the 
DC=DomainDnsZones,DC=samba,DC=company,DC=com has become corrupted, and 
therefore fails to replicate to dc2.

Does the list agree with this?

I hope that dc2 is still having the correct DC=DomainDnsZones. But, 
since replication seems to be only from dc1 TO dc2, I'm unsure how to 
import the healthy dc2 database into dc1.

Does the above make any sense? How to make both dc's happy and fully 
functional again?

Any help would be VERY much appreciated... Hopefully I'll get some 
replies this time!

Kind regards,
MJ

More information about the samba mailing list