[Samba] NT_STATUS_IO_TIMEOUT and join domain as second DC
Bruno Andrade
bma at eurotux.com
Wed Jul 23 02:48:47 MDT 2014
On 07/21/2014 07:11 PM, Marc Muehlfeld wrote:
> Am 21.07.2014 10:55, schrieb Bruno Andrade:
>>> * Do you get the timeout during the join process?
>>> Can you please post the full output of the
>>> # samba-tool domain join ...
>>> command (incl. the full command you use)
>> I don't know for shore, because he starts replicating the
>> objects and if I go to active directory services, the new dc appear, but
>> after the error triggered he disappears and the changes suffer rollback.
>>
>> He replicates the objects from DC=example,DC=com, around 23000,
>> and then the error appears ... NT_STATUS_IO_TIMEOUT.
>>
>> I use the command below.
>> $ samba-tool domain join example.com DC -UAdministrator
>> --realm=example.com --server=dc1.example.com --dns-backend=BIND9_DLZ
>>
>> I run the command with and without the --server flag. The same
>> result.
>
> Can you post the output of the join command, to see, where it hangs?
> Maybe also with a higher debug level.
I execute this command to join: _samba-tool domain join example.com DC
-UAdministrator --password=xxxxxx --realm=example.com
--server=dc1.example.com --dns-backend=BIND9_DLZ --debuglevel=5_
this is the output of the command, before that it was adding Users to ldap.
""
DRS replication uptodate modify message:
dn: DC=example,DC=com
changetype: modify
replace: replUpToDateVector
replUpToDateVector:: AgAAAAAAAAAAAAAAAAAAAA==
-
replace: repsFrom
repsFrom::
AQAAAAAAAAAHAQAAAAAAAG843wkDAAAAbzjfCQMAAAAAAAAA0AAAADcAAABwAAAAERE
RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
ERERERERERERERERERERERERERERERERAAAAAAWiAwAAAAAAAAAAAAAAAAAAAAAAAAAAACu+f43R7
OVCkFPu+wBSgBECkzLXDmrSQrtUcHP/5rNTAAAAAAAAAAAAAAAAAAAAADMAAAA4ZDdmYmUyYi1lY2
QxLTQyZTUtOTA1My1lZWZiMDA1MjgwMTEuX21zZGNzLnVmcC5wdAA=
-
Replicated 402 objects (0 linked attributes) for DC=example,DC=com
drsuapi_DsGetNCChanges: struct drsuapi_DsGetNCChanges
in: struct drsuapi_DsGetNCChanges
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
84e5acf2-8c67-48e1-a137-798991c59604
level : 0x00000008 (8)
req : *
req : union
drsuapi_DsGetNCChangesRequest(case 8)
req8: struct drsuapi_DsGetNCChangesRequest8
destination_dsa_guid :
6e6a5eb7-b1ea-4118-bc07-d51601708c3d
source_dsa_invocation_id :
d7329302-6a0e-42d2-bb54-7073ffe6b353
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000052 (82)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x0000000c (12)
dn : 'DC=example,DC=com'
highwatermark: struct drsuapi_DsReplicaHighWaterMark
tmp_highest_usn : 0x000000000003a205
(238085)
reserved_usn : 0x0000000000000000 (0)
highest_usn : 0x0000000000000000 (0)
uptodateness_vector : NULL
replica_flags : 0x00210070 (2162800)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
1: DRSUAPI_DRS_INIT_SYNC
1: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
1: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
1: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
max_object_count : 0x00000192 (402)
max_ndr_size : 0x000622c4 (402116)
extended_op : DRSUAPI_EXOP_NONE (0x0)
fsmo_info : 0x0000000000000000 (0)
partial_attribute_set : NULL
partial_attribute_set_ex : NULL
mapping_ctr: struct drsuapi_DsReplicaOIDMapping_Ctr
num_mappings : 0x00000000 (0)
mappings : NULL
ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1172,
in join_DC
ctx.do_join()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 1077,
in do_join
ctx.join_replicate()
File "/usr/lib64/python2.6/site-packages/samba/join.py", line 817, in
join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/lib64/python2.6/site-packages/samba/drs_utils.py", line
252, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
Provision OK for domain DN DC=example,DC=com
Starting replication
Replicating critical objects from the base DN of the domain
Join failed - cleaning up
checking sAMAccountName
""
>
> I guess you already checked, that there's no firewall or other security
> stuff prevent accessing your DC.
Yes, the firewall is disable in the source and destiny, nothing
between them. SELinux is disabled on both machines.
>
>
> Regards,
> Marc
>
Kind Regards,
Bruno
--
Bruno Andrade <bma at eurotux.com>
Programador (I&D)
Eurotux Informática, S.A. | www.eurotux.com
(t) +351 253 680 300
More information about the samba
mailing list