[Samba] ?==?utf-8?q? samba-tool domain join DC hangs
Heinz Hölzl
heinz.hoelzl at gvcc.net
Wed Sep 28 14:22:35 UTC 2016
hi again,
now the join finished
but ... i have a high CPU load caused by a samba-process. Samba is consuming 100% of one CPU and the replication fails.
Is my AD to large????
root at dc2:# samba-tool drs showrepl
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805
==== INBOUND NEIGHBORS ====
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The operation cannot be performed.')
root at dc1:~# samba-tool drs showrepl
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=example,DC=net
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
30 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=example,DC=net
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
30 consecutive failure(s).
Last success @ NTTIME(0)
DC=example,DC=net
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
30 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=example,DC=net
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
30 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=example,DC=net
Default-First-Site-Name\DC2 via RPC
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
30 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
Enabled : TRUE
Server DNS name : dc2.example.net
Server DN name : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
regards,
heinz
> Hi list,
>
> i removed my second DC from the domain, and now the re-join as DC hangs.
>
> the join hangs now for ca. 2 hours at the step "Committing SAM database"
>
> version: samba 4.5.0 on ubuntu 14.04
>
>
> with a "strace -p " i see this:
>
> strace -p 1793
> Process 1793 attached
> brk(0x35e18000) = 0x35e18000
> brk(0x35e39000) = 0x35e39000
> brk(0x35e5a000) = 0x35e5a000
> brk(0x35e7b000) = 0x35e7b000
> brk(0x35e9c000) = 0x35e9c000
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>
>
>
> my smb.conf:
>
> # Global parameters
> [global]
> bind interfaces only = Yes
> interfaces = lo eth0 eth2
> netbios name = DC1
> realm = EXAMPLE.NET
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = EXAMPLE
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> comment =
> template homedir = /home/%U
> template shell = /bin/bash
> ldap server require strong auth = No
>
>
> [netlogon]
> path = /srv/samba/var/locks/sysvol/example.net/scripts
> read only = No
>
> [sysvol]
> path = /srv/samba/var/locks/sysvol
> read only = No
>
>
> samba-tool domain join example.net DC --option="interfaces=lo eth0" --option="bind interfaces only"=yes --realm=example.net --dns-backend=BIND9_DLZ -Uadministrator
> Finding a writeable DC for domain 'example.net'
> Found DC dc1.example.net
> Password for [EXAMPLE\administrator]:
> workgroup is EXAMPLE
> realm is example.net
> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
> Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
> Setting account password for DC2$
> Enabling account
> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
> Setting account password for dns-DC2
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba 4 has been generated at /srv/samba/private/krb5.conf
> Provision OK for domain DN DC=example,DC=net
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628] linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628] linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628] linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628] linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628] linked_values[30/0]
> Replicating critical objects from the base DN of the domain
> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
>
> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=example,DC=net
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122] linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=example,DC=net
> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22] linked_values[0/0]
> Committing SAM database
>
>
>
> can someone help me please?
>
> regards,
> heinz
>
>
More information about the samba
mailing list