[Samba] ?==?utf-8?q? ?==?utf-8?q? ?= samba-tool domain join DC hang
Heinz Hölzl
heinz.hoelzl at gvcc.net
Wed Sep 28 16:17:00 UTC 2016
Hi Denis,
yes, the problem initiated after changing the primary group of all my 11034 users.
I changed the primary group to different groups. This caused that now every user is member of the LDAP object "Domain users"
ldapsearch -LLL -x -h dc1 -x -b "cn=domain users,cn=users,dc=example,dc=net" member | grep ^member: | wc -l
11034
After this action the replication doesn't working anymore.
Now i try to change teh primary group to "Domain users" again ...
regards,
heinz
> you have quite a few objects (>12000) in you main partition. Do you have
> a large group with all those objects inside? The commit of large group
> used to result in very very long commit time. There should have been
> some improvement in 4.5 though.
>
> One way to join faster is to add the --domain-critical-only. It will
> sync only the necessary objects during the join, then after first samba
> startup it will start replicating objects. Actually it is not solution
> to the problem, it just move the problem a little bit downstream, so you
> can have more debug options.
>
> > Is my AD to large????
>
> no
>
> Cheers,
>
> Denis
>
>
> >
> >
> >
> >
> >
> > root at dc2:# samba-tool drs showrepl
> > Default-First-Site-Name\DC2
> > DSA Options: 0x00000001
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805
> >
> > ==== INBOUND NEIGHBORS ====
> >
> > ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The operation cannot be performed.')
> >
> >
> >
> > root at dc1:~# samba-tool drs showrepl
> > Default-First-Site-Name\DC1
> > DSA Options: 0x00000001
> > DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
> > DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483
> >
> > ==== INBOUND NEIGHBORS ====
> >
> > DC=ForestDnsZones,DC=example,DC=net
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> > 30 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=DomainDnsZones,DC=example,DC=net
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> > 30 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > DC=example,DC=net
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> > 30 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Schema,CN=Configuration,DC=example,DC=net
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> > 30 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > CN=Configuration,DC=example,DC=net
> > Default-First-Site-Name\DC2 via RPC
> > DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> > Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
> > 30 consecutive failure(s).
> > Last success @ NTTIME(0)
> >
> > ==== OUTBOUND NEIGHBORS ====
> >
> > ==== KCC CONNECTION OBJECTS ====
> >
> > Connection --
> > Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
> > Enabled : TRUE
> > Server DNS name : dc2.example.net
> > Server DN name : CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> > TransportType: RPC
> > options: 0x00000001
> > Warning: No NC replicated for Connection!
> >
> >
> >
> >
> >
> >
> >
> > regards,
> > heinz
> >
> >> Hi list,
> >>
> >> i removed my second DC from the domain, and now the re-join as DC hangs.
> >>
> >> the join hangs now for ca. 2 hours at the step "Committing SAM database"
> >>
> >> version: samba 4.5.0 on ubuntu 14.04
> >>
> >>
> >> with a "strace -p " i see this:
> >>
> >> strace -p 1793
> >> Process 1793 attached
> >> brk(0x35e18000) = 0x35e18000
> >> brk(0x35e39000) = 0x35e39000
> >> brk(0x35e5a000) = 0x35e5a000
> >> brk(0x35e7b000) = 0x35e7b000
> >> brk(0x35e9c000) = 0x35e9c000
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> >>
> >>
> >>
> >> my smb.conf:
> >>
> >> # Global parameters
> >> [global]
> >> bind interfaces only = Yes
> >> interfaces = lo eth0 eth2
> >> netbios name = DC1
> >> realm = EXAMPLE.NET
> >> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> >> workgroup = EXAMPLE
> >> server role = active directory domain controller
> >> idmap_ldb:use rfc2307 = yes
> >> comment =
> >> template homedir = /home/%U
> >> template shell = /bin/bash
> >> ldap server require strong auth = No
> >>
> >>
> >> [netlogon]
> >> path = /srv/samba/var/locks/sysvol/example.net/scripts
> >> read only = No
> >>
> >> [sysvol]
> >> path = /srv/samba/var/locks/sysvol
> >> read only = No
> >>
> >>
> >> samba-tool domain join example.net DC --option="interfaces=lo eth0" --option="bind interfaces only"=yes --realm=example.net --dns-backend=BIND9_DLZ -Uadministrator
> >> Finding a writeable DC for domain 'example.net'
> >> Found DC dc1.example.net
> >> Password for [EXAMPLE\administrator]:
> >> workgroup is EXAMPLE
> >> realm is example.net
> >> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
> >> Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> >> Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> >> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
> >> Setting account password for DC2$
> >> Enabling account
> >> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
> >> Setting account password for dns-DC2
> >> Calling bare provision
> >> Looking up IPv4 addresses
> >> Looking up IPv6 addresses
> >> No IPv6 address will be assigned
> >> Setting up share.ldb
> >> Setting up secrets.ldb
> >> Setting up the registry
> >> Setting up the privileges database
> >> Setting up idmap db
> >> Setting up SAM db
> >> Setting up sam.ldb partitions and settings
> >> Setting up sam.ldb rootDSE
> >> Pre-loading the Samba 4 and AD schema
> >> A Kerberos configuration suitable for Samba 4 has been generated at /srv/samba/private/krb5.conf
> >> Provision OK for domain DN DC=example,DC=net
> >> Starting replication
> >> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[402/1550] linked_values[0/0]
> >> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[804/1550] linked_values[0/0]
> >> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1206/1550] linked_values[0/0]
> >> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1550/1550] linked_values[0/0]
> >> Analyze and apply schema objects
> >> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628] linked_values[0/0]
> >> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628] linked_values[0/0]
> >> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628] linked_values[0/0]
> >> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628] linked_values[0/0]
> >> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628] linked_values[30/0]
> >> Replicating critical objects from the base DN of the domain
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
> >>
> >> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> >> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
> >> Done with always replicated NC (base, config, schema)
> >> Replicating DC=DomainDnsZones,DC=example,DC=net
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122] linked_values[0/0]
> >> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122] linked_values[0/0]
> >> Replicating DC=ForestDnsZones,DC=example,DC=net
> >> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22] linked_values[0/0]
> >> Committing SAM database
> >>
> >>
> >>
> >> can someone help me please?
> >>
> >> regards,
> >> heinz
> >>
> >>
> >
> >
> >
>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>
More information about the samba
mailing list