[Samba] Samba suddenly restart and replication does not works anymore

Achim Gottinger achim at ag-web.biz
Sun Apr 3 20:59:49 UTC 2016 

I'd check for differences in the ldap trees with
samba-tool ldapcmp first
If such are found try an manual full sync replication to fix the difference.
I had an similar issue a while back and an deleted object on one dc 
caused such sigterm's.
Had to get that deleted object out of the way afterwards the dc's where 
stable again.


Am 30.03.2016 um 14:35 schrieb Prunk Dump:
> Hello Samba team !
>
> On my network I have three Samba-4.1.17 domain controllers (Debian Jessie) :
> -> One PDC : pdc01
> -> Two "slave" DC : sdc02, sdc03
>
> I don't know why, but sometimes Samba receive the SIGTERM signal and
> restart even if I remove it from the logrotate configuration. On
> "pdc01" I see :
>
> ----------
> pdc01 (log.samba)
> ----------
> SIGTERM: killing children
> Exiting pid ... on SIGTERM
> ...
> samba version 4.1.17-Debian started.
> ../lib/util/become_daemon.c:136(daemon_ready)
> ----------
>
> After that, the replication stop working. And on the two other DCs I
> can see error messages like below. But nothing on the PDC's logs !
>
> ----------
> sdc02 or sdc03 (log.samba)
> ----------
> ../auth/gensec/gensec.c:247(gensec_update)
> Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6
> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:b339b873-f01c-4672-8984-61e1e48422ea._msdcs.mydom.fr[1024,seal,krb5]
> NT_STATUS_ACCESS_DENIED
> ...
> ...
> -----
>
> When I manually restart the two slave DCs the error messages stop. But
> the PDC complain that it can't connect to the slave DC (due to the
> samba restart) and after, the replication fail on the PDC :
>
> ----------
> pdc01
> ----------
> (the slave DC restart ... on the PDC I see ...)
>   ../source4/dsdb/repl/drepl_out_helpers.c:862(dreplsrv_update_refs_done)
> UpdateRefs failed with NT_STATUS_END_OF_FILE
>
> (the slave is restarting, so the PDC cannot make the connection)
> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
> Failed to connect host 172.16.0.21 on port 1024 - NT_STATUS_CONNECTION_REFUSED
> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
> Failed to connect host 172.16.0.21
> (04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr) on port 1024 -
> NT_STATUS_CONNECTION_REFUSED.
> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
> Failed to connect host 172.16.0.21 on port 1024 - NT_STATUS_CONNECTION_REFUSED
> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
> Failed to connect host 172.16.0.21
> (04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr) on port 1024 -
> NT_STATUS_CONNECTION_REFUSED.
>
> (the slave DC is restarted, but the replication does not work )
> ../auth/gensec/gensec.c:247(gensec_update)
> Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6
> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr[1024,seal,krb5]
> NT_STATUS_ACCESS_DENIED
> ...
> ...
> (same messages when I restart the other slave DC )
> ----------
>
> So I need to restart the PDC to solve the problem. This very annoying
> because I need to check every days, on the three DCs, if the
> replication works !
>
> Does someone understand what's happend ? What makes samba restarting ?
> And why the replication stop working ?
>
> Thanks !
>
> Baptiste.
>

More information about the samba mailing list