[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

Denis Cardon dcardon at tranquil.it
Wed Sep 28 15:17:05 UTC 2016


Hi Heinz,

> now the join finished
>
> but ... i have a high CPU load caused by a samba-process. Samba is consuming 100% of one CPU and the replication fails.

you have quite a few objects (>12000) in you main partition. Do you have 
a large group with all those objects inside? The commit of large group 
used to result in very very long commit time. There should have been 
some improvement in 4.5 though.

One way to join faster is to add the --domain-critical-only. It will 
sync only the necessary objects during the join, then after first samba 
startup it will start replicating objects. Actually it is not solution 
to the problem, it just move the problem a little bit downstream, so you 
can have more debug options.

> Is my AD to large????

no

Cheers,

Denis


>
>
>
>
>
> root at dc2:# samba-tool drs showrepl
> Default-First-Site-Name\DC2
> DSA Options: 0x00000001
> DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805
>
> ==== INBOUND NEIGHBORS ====
>
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The operation cannot be performed.')
>
>
>
> root at dc1:~#  samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
> DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ====
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> 	Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
> 	Enabled        : TRUE
> 	Server DNS name : dc2.example.net
> 	Server DN name  : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> 		TransportType: RPC
> 		options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
>
>
>
>
> regards,
> heinz
>
>> Hi list,
>>
>> i removed my second DC from the domain, and now the re-join as DC hangs.
>>
>> the join hangs now for ca. 2 hours at the step "Committing SAM database"
>>
>> version: samba 4.5.0 on ubuntu 14.04
>>
>>
>> with a "strace -p " i see this:
>>
>> strace -p 1793
>> Process 1793 attached
>> brk(0x35e18000)                         = 0x35e18000
>> brk(0x35e39000)                         = 0x35e39000
>> brk(0x35e5a000)                         = 0x35e5a000
>> brk(0x35e7b000)                         = 0x35e7b000
>> brk(0x35e9c000)                         = 0x35e9c000
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>>
>>
>>
>> my smb.conf:
>>
>> # Global parameters
>> [global]
>> 	bind interfaces only = Yes
>> 	interfaces = lo eth0 eth2
>> 	netbios name = DC1
>> 	realm = EXAMPLE.NET
>> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
>> 	workgroup = EXAMPLE
>> 	server role = active directory domain controller
>> 	idmap_ldb:use rfc2307 = yes
>> 	comment =
>> 	template homedir = /home/%U
>>  	template shell = /bin/bash
>> 	ldap server require strong auth = No
>>
>>
>> [netlogon]
>> 	path = /srv/samba/var/locks/sysvol/example.net/scripts
>> 	read only = No
>>
>> [sysvol]
>> 	path = /srv/samba/var/locks/sysvol
>> 	read only = No
>>
>>
>> samba-tool domain join example.net DC --option="interfaces=lo eth0" --option="bind interfaces only"=yes --realm=example.net --dns-backend=BIND9_DLZ -Uadministrator
>> Finding a writeable DC for domain 'example.net'
>> Found DC dc1.example.net
>> Password for [EXAMPLE\administrator]:
>> workgroup is EXAMPLE
>> realm is example.net
>> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Setting account password for DC2$
>> Enabling account
>> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
>> Setting account password for dns-DC2
>> Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> A Kerberos configuration suitable for Samba 4 has been generated at /srv/samba/private/krb5.conf
>> Provision OK for domain DN DC=example,DC=net
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[402/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[804/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1206/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1550/1550] linked_values[0/0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628] linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628] linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628] linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628] linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628] linked_values[30/0]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
>>
>> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=example,DC=net
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122] linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122] linked_values[0/0]
>> Replicating DC=ForestDnsZones,DC=example,DC=net
>> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22] linked_values[0/0]
>> Committing SAM database
>>
>>
>>
>> can someone help me please?
>>
>> regards,
>> heinz
>>
>>
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr




More information about the samba mailing list