[Samba] Samba suddenly restart and replication does not works anymore

Prunk Dump prunkdump at gmail.com
Mon Apr 4 15:47:13 UTC 2016 

>>
>> Hello Samba team !
>>
>> On my network I have three Samba-4.1.17 domain controllers (Debian Jessie)
>> :
>> -> One PDC : pdc01
>> -> Two "slave" DC : sdc02, sdc03
>>
>> I don't know why, but sometimes Samba receive the SIGTERM signal and
>> restart even if I remove it from the logrotate configuration. On
>> "pdc01" I see :
>>
>> ----------
>> pdc01 (log.samba)
>> ----------
>> SIGTERM: killing children
>> Exiting pid ... on SIGTERM
>> ...
>> samba version 4.1.17-Debian started.
>> ../lib/util/become_daemon.c:136(daemon_ready)
>> ----------
>>
>> After that, the replication stop working. And on the two other DCs I
>> can see error messages like below. But nothing on the PDC's logs !
>>
>> ----------
>> sdc02 or sdc03 (log.samba)
>> ----------
>> ../auth/gensec/gensec.c:247(gensec_update)
>> Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6
>> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>>
>> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:b339b873-f01c-4672-8984-61e1e48422ea._msdcs.mydom.fr[1024,seal,krb5]
>> NT_STATUS_ACCESS_DENIED
>> ...
>> ...
>> -----
>>
>> When I manually restart the two slave DCs the error messages stop. But
>> the PDC complain that it can't connect to the slave DC (due to the
>> samba restart) and after, the replication fail on the PDC :
>>
>> ----------
>> pdc01
>> ----------
>> (the slave DC restart ... on the PDC I see ...)
>>   ../source4/dsdb/repl/drepl_out_helpers.c:862(dreplsrv_update_refs_done)
>> UpdateRefs failed with NT_STATUS_END_OF_FILE
>>
>> (the slave is restarting, so the PDC cannot make the connection)
>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
>> Failed to connect host 172.16.0.21 on port 1024 -
>> NT_STATUS_CONNECTION_REFUSED
>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
>> Failed to connect host 172.16.0.21
>> (04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr) on port 1024 -
>> NT_STATUS_CONNECTION_REFUSED.
>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
>> Failed to connect host 172.16.0.21 on port 1024 -
>> NT_STATUS_CONNECTION_REFUSED
>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
>> Failed to connect host 172.16.0.21
>> (04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr) on port 1024 -
>> NT_STATUS_CONNECTION_REFUSED.
>>
>> (the slave DC is restarted, but the replication does not work )
>> ../auth/gensec/gensec.c:247(gensec_update)
>> Did not manage to negotiate mandetory feature SIGN for dcerpc auth_level 6
>> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>>
>> e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:04c6b4b0-4584-4368-831e-42aa7ac08c04._msdcs.mydom.fr[1024,seal,krb5]
>> NT_STATUS_ACCESS_DENIED
>> ...
>> ...
>> (same messages when I restart the other slave DC )
>> ----------
>>
>> So I need to restart the PDC to solve the problem. This very annoying
>> because I need to check every days, on the three DCs, if the
>> replication works !
>>
>> Does someone understand what's happend ? What makes samba restarting ?
>> And why the replication stop working ?
>>
>> Thanks !
>>
>> Baptiste.
>>
>
2016-04-03 22:59 GMT+02:00 Achim Gottinger <achim at ag-web.biz>:
> I'd check for differences in the ldap trees with
> samba-tool ldapcmp first
> If such are found try an manual full sync replication to fix the difference.
> I had an similar issue a while back and an deleted object on one dc caused
> such sigterm's.
> Had to get that deleted object out of the way afterwards the dc's where
> stable again.
>
>
>
> Am 30.03.2016 um 14:35 schrieb Prunk Dump:

Thanks Achim Gottinger for the tips !

But sadly, I have checked the ldap databases and ldapcmp give no differences...

Yes Rowland penny, you're right, Samba 4.1 is a little bit old now.
But as I have 380 stations and 1260 users on my network, upgrading the
three DCs is not really the easy way. But now, samba-4.3 is on debian
testing. Maybe I will try to backport this package and test it on
virtual machines. But this procedure need time to be tested before
deploying it.

Thanks again !

Baptiste.

More information about the samba mailing list