[Samba] Replication issues after OS upgrade
George
jorgito1412 at gmail.com
Mon Jul 13 12:03:41 UTC 2015
Hi, I'm resending this to the list since I cannot see it on the archive,
for some reason...
I recently upgraded two (running stable) systems from Debian Wheezy to
Jessie. Samba version has not changed since on Wheezy I was using the one
from wheezy-backports (v4.1.17), same as on jessie.
These are 2 basic DCs without any additional config. Since the upgrade,
every day at either at 10 PM or 8 AM replication is broken (I can see
WERR_ACCESS_DENIED errors by running samba-tool drs showrepl).
Restarting Samba returns everything to normal, until the next day...
By increasing the log level I can see this:
--
[2015/07/07 22:02:48.149819, 3]
../auth/credentials/credentials_krb5.c:532(cli_credentials_get_client_gss_creds)
Credentials for DC2$@MYCOMPANY.COM will expire shortly (0 sec), must
refresh credentials cache
[2015/07/07 22:02:48.150486, 1]
../source4/auth/gensec/gensec_gssapi.c:644(gensec_gssapi_update)
GSS client Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Matching credential (GC/dc1.mycompany.com/mycompany.com at MYCOMPANY.COM)
not found
[2015/07/07 22:02:48.150615, 0] ../auth/gensec/gensec.c:247(gensec_update)
Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6
[2015/07/07 22:02:48.150959, 0]
../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp
:74f6388c-a704-4bb1-857a-e7dc15c320cd._msdcs.mycompany.com[1024,seal,krb5]
NT_STATUS_ACCESS_DENIED
--
After that the logs get heavily spammed by the same messages "Did not
manage..." and "Failed to bind...", every minute or so.
Any ideas? I'm tempted to rejoin the servers to the domain or regenerate
the keytabs, still I don't understand why everything gets fixed by just
restarting samba.
Any help is appreciated.
Best regards.
George
More information about the samba
mailing list