[Samba] Fwd: Re: Problem with Samba4 DB

mathias dufresne infractory at gmail.com
Tue Jun 14 08:36:43 UTC 2016

Oki Doki. First the fact you can't add new DNS entry in your DNS zones is
not a blocking point to remove a DC. It's a blcoking point to add new
entries. Now you are the one deciding if you would remove it or not, but
seriously, for me that's not a reason to keep up it running: you can
replace it by another DC which will do exactly the same job and if you are
lucky enough you would be able to add new DNS entries again.

Anyway, several questions now:
1 - what command are you launching to update your DNS? What are error
2 - what are the DNS names of new entry which refuse to be added? Same
question for the two DC your colleague removed from AD?
3 - what version of Samba are you running? New versions include a command
switch to remove DC from AD database from another DC. In others words you
could cleanup database from old DC entries.
4 - what gives the following commands? And what are DNS name and IP  of
your FSMO owner?
samba-tool dns query dc200 AD.DOMAIN.TLD AD.DOMAIN.TLD SOA
samba-tool dns query dc200 _msdcs.AD.DOMAIN.TLD _msdcs.AD.DOMAIN.TLD SOA

2016-06-14 3:47 GMT+02:00 bentunx <bentunx at gmail.com>:

> Thx mathias for your reply
> First, yes im using internal DNS,  i just try to add new dns from other dc
> but it doesnt work, i think the (maybe) corrupted dns data already sync to
> other dc
> And i still run my samba4 installation, because sofar the only problem is,
> i cant add new dns record
> In other case i found up one of my team just re install 2 samba4 server in
> site office with different AD domain without demote first .. i dont know if
> this issue related to my dns problem ..
> Is this the only DC involved in that issue? If yes I would stop the
> service on that DC the avoid contamination of others (I don't know if this
> issue can propagate but I'm sure I would learn if it is in prod ;)
> In prod, what you really want is your AD works. No matter which DC is FSMO
> nor if some DC get reinstalled. Remove the DC from your AD to limit risks,
> investigate later if you wan to, repair first but repair AD, not the DC.
> Then I must admit you have AD as you speak DNS.
> Perhaps you are running internal DNS, in that case you can only push DNS
> modification on DC declared as SOA in LDAP DB. If broken DC is SOA, it is
> also certainly FSMO, move FSMO and SOA on some other host (you can stop
> broken DC first, no matter).
> If you are running BIND9_DLZ DNS back end you can simply change your
> clients DNS resolver to use another DC, as Bind + DLZ knows it can modify
> it's DB (its zones) every DC using Bind + DLZ as DNS back end would reply
> they are SOA and so they all will accept DNS modification requests.
> Cheers,
> mathias
> 2016-06-13 9:29 GMT+02:00 bentunx <bentunx at gmail.com <mailto:
> bentunx at gmail.com>>:
>    dear all
>    i have problem with my samba4 installation
>    currently we still using samba 4.1.11
>    we have many about 30 site office who is connected to the head
>    office by Vpn with 1 mbps
>    i have 2 DC in  head office and have oen DC in every Site office
>    since yesterday i found out in my one off my DC in head office, the
>    Main DC (the DC that we make as first DNS in other DC in head office
>    of site office) , we cant add new DNS entry, then i try to dbcheck
>    --cross-ncs --fix --yes , and dbcheck --reindex
>    and still i cant add new DNS Entry
>    /Password for [administrator at Domain.CO.ID
>    <mailto:administrator at Domain.CO.ID>]://
>    //ERROR(runtime): uncaught exception - (1383,
>    //  File
>  "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>    line 175, in _run//
>    //    return self.run(*args, **kwargs)//
>    //  File
>    "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
> line
>    1067, in run//
>    //    0, server, zone, name, add_rec_buf, None)/
>    and today i found up samba process take 100% of my CPU usage ..
>    can anyone here help me to give me some hint ?
>    Zhia
>    --    To unsubscribe from this list go to the following URL and read the
>    instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list