[Samba] samba4 replication issues | sam.ldb inconsistency

mourik jan heupink - merit heupink at merit.unu.edu
Wed Jul 9 03:26:58 MDT 2014 

Hi Daniel,

Thanks for your reply. But I'm unsure which of my dc's is still healthy:

On dc2 "samba-tool dbcheck cross-ncs" says: "checking 187478 objects", 
and has been running for many hours now...

On dc1 the  DC=DomainDnsZones,DC=samba,DC=company,DC=com seems to be 
corrupt:
user at server:/tmp/sam.ldb.d$ tdbbackup -v 
./DC\=DOMAINDNSZONES\,DC\=SAMBA\,DC\=COMPANY\,DC\=COM.ldb
tdb_rec_read bad magic 0x198 at offset=1044437120
restoring ./DC=DOMAINDNSZONES,DC=SAMBA,DC\=COMPANY\,DC\=COM.ldb
./DC=DOMAINDNSZONES,DC=SAMBA,DC\=COMPANY\,DC\=COM.ldb.bak: No such file 
or directory
user at server:/tmp/sam.ldb.d$

Yet the network seems to work quite nicely still... but I guess we're 
sitting on top of a ticking timebomb...

This sounds as if we're in deep ****, doesn't it? Any help would be very 
much appreciated...

By the way, you had EXACTLY the same number of objects samba-tool was 
checking eternally??

On 7/9/2014 7:43, Daniel Müller wrote:
> I had the same issue with the same situation: the same "samba-tool dbcheck
> cross-ncs" says: "checking 187478 objects". Has been running for many hours
> now".
> The only thing I could do is to reinstall samba on the corrupt dc
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von mourik jan heupink - merit
> Gesendet: Dienstag, 8. Juli 2014 17:59
> An: samba at lists.samba.org
> Betreff: [Samba] samba4 replication issues | sam.ldb inconsistency
>
> Hi all,
>
> We seem to have some issues with our samba4 ad setup. I posted about this
> last week already but had received no replies at all so far. :-(
>
> What is our situation:
>
> two domain controllers (dc1 and dc2), one (separate) fileserver, all running
> sernet-4.1.7. From the workstations perspective, everything is running as it
> should, there appear to be no issues.
>
> However: something in my replication has gone wrong... on dc2:
>
> ==== INBOUND NEIGHBORS ====
>
> DC=DomainDnsZones,DC=samba,DC=company,DC=com
>           Default-First-Site-Name\DC1 via RPC
>                   DSA object GUID: 81a27497-bdfb-4977-9874-675bbfba490f
>                   Last attempt @ Tue Jul  8 17:12:09 2014 CEST failed, result
> 8442 (WERR_DS_DRA_INTERNAL_ERROR)
>                   3252 consecutive failure(s).
>                   Last success @ Tue Jul  1 16:34:57 2014 CEST
>
> CN=Configuration,DC=samba,DC=company,DC=com
>           Default-First-Site-Name\DC1 via RPC
>                   DSA object GUID: 81a27497-bdfb-4977-9874-675bbfba490f
>                   Last attempt @ Tue Jul  8 17:12:10 2014 CEST was successful
>                   0 consecutive failure(s).
>                   Last success @ Tue Jul  8 17:12:10 2014 CEST (the rest all
> replicates succesfully)
>
> Then, to verify integrity of DC=DomainDnsZones on dc1, I type:
>
> root at dc1:/var/log/samba# samba-tool dbcheck --cross-ncs
> ltdb:
> tdb(/var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=COMPANY,D
> C=COM.ldb):
> tdb_rec_read bad magic 0x198 at offset=1044437120
> ERROR(ldb): uncaught exception - Indexed and full searches both failed!
>
> On dc2 the same "samba-tool dbcheck cross-ncs" says: "checking 187478
> objects". Has been running for many hours now, I have no idea how far it is.
> The server is pretty buzy doing it.
>
> So, my working conclusion is that on DC1 the
> DC=DomainDnsZones,DC=samba,DC=company,DC=com has become corrupted, and
> therefore fails to replicate to dc2.
>
> Does the list agree with this?
>
> I hope that dc2 is still having the correct DC=DomainDnsZones. But, since
> replication seems to be only from dc1 TO dc2, I'm unsure how to import the
> healthy dc2 database into dc1.
>
> Does the above make any sense? How to make both dc's happy and fully
> functional again?
>
> Any help would be VERY much appreciated... Hopefully I'll get some replies
> this time!
>
> Kind regards,
> MJ
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list