[Samba] problem after replacing a Win2K3 AD
Guido Lorenzutti
guido at lorenzutti.com.ar
Sun Jul 30 16:13:17 UTC 2017
On Fri, 28 Jul 2017 09:43:04 +0100, Rowland Penny via samba wrote:
> On Thu, 27 Jul 2017 20:57:41 -0300
> Guido Lorenzutti via samba
wrote:
>
>> Researching a little more I found this: Checking object
@ROOTDSE Please use --fix to fix these errors Checked 358 objects (240
errors) How can I see what value is going to be fixed ? Tnxs in
advance.
>
> You could try adding '-v' to the command, or just add
'--fix' and
> you will be asked to confirm each and every one, but most
people just
> add '--fix --yes' and get everything fixed and don't care
what they
> are fixing.
>
> Rowland
Well.. i didnt work: I run...
root at dc:~# samba-tool dbcheck --fix --yes | tail
Fix
nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local?
[YES]
Fixed attribute 'nTSecurityDescriptor' of
'CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local'
Fix
nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local? [YES]
Fixed attribute
'nTSecurityDescriptor' of 'CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local'
Fix nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local? [YES]
Fixed attribute
'nTSecurityDescriptor' of
'CN=PC108,CN=Computers,DC=Trust,DC=local'
Checked 358 objects (240
errors)
root at dc:~# samba-tool dbcheck | tail
Not fixing
nTSecurityDescriptor on
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
Not
fixing nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
Not
fixing nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local
Not fixing nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local
Please use --fix to fix these
errors
Checked 358 objects (240 errors)
The errors are still there..
and I found another problem:
root at dc:~# samba_dnsupdate --verbose
--all-names
IPs: ['192.168.0.12']
force update: A dc.Trust.local
192.168.0.12
force update: A Trust.local 192.168.0.12
force update: SRV
_ldap._tcp.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _kpasswd._tcp.Trust.local
dc.Trust.local 464
force update: SRV _kpasswd._udp.Trust.local
dc.Trust.local 464
force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
force update: A gc._msdcs.Trust.local
192.168.0.12
force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
need delete: A dc.Trust.local 192.168.0.66
need
delete: A Trust.local 192.168.0.66
need delete: A gc._msdcs.Trust.local
192.168.0.66
21 DNS updates and 3 DNS deletes needed
Traceback (most
recent call last):
File "/usr/sbin/samba_dnsupdate", line 784, in
creds = get_credentials(lp)
File "/usr/sbin/samba_dnsupdate", line 169,
in get_credentials
raise e
RuntimeError: kinit for DC$@TRUST.LOCAL
failed (Cannot contact any KDC for requested realm)
But, If i add an ip
alias to my dc, of the old and dead win2k3 (192.168.0.66) the output is
this:
root at dc:~# samba_dnsupdate --verbose --all-names
IPs:
['192.168.0.12', '192.168.0.66']
force update: A dc.Trust.local
192.168.0.12
force update: A Trust.local 192.168.0.12
force update: SRV
_ldap._tcp.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _kpasswd._tcp.Trust.local
dc.Trust.local 464
force update: SRV _kpasswd._udp.Trust.local
dc.Trust.local 464
force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
force update: A gc._msdcs.Trust.local
192.168.0.12
force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
force update: A dc.Trust.local 192.168.0.66
force
update: A Trust.local 192.168.0.66
force update: A gc._msdcs.Trust.local
192.168.0.66
24 DNS updates and 0 DNS deletes needed
Successfully
obtained Kerberos ticket to DNS/serveribm.trust.local as
DC$
update(nsupdate): A dc.Trust.local 192.168.0.12
Calling nsupdate for
A dc.Trust.local 192.168.0.12 (add)
Failed nsupdate: A dc.Trust.local
192.168.0.12 : [Errno 2] No such file or directory
update(nsupdate): A
Trust.local 192.168.0.12
Calling nsupdate for A Trust.local 192.168.0.12
(add)
Failed nsupdate: A Trust.local 192.168.0.12 : [Errno 2] No such
file or directory
update(nsupdate): SRV _ldap._tcp.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV _ldap._tcp.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV _ldap._tcp.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV _ldap._tcp.dc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 (add)
Failed
nsupdate: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV _kerberos._tcp.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._udp.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV _kerberos._udp.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV _kerberos._udp.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88 (add)
Failed
nsupdate: SRV _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464
Calling nsupdate for SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464 (add)
Failed nsupdate: SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kpasswd._udp.Trust.local dc.Trust.local
464
Calling nsupdate for SRV _kpasswd._udp.Trust.local dc.Trust.local
464 (add)
Failed nsupdate: SRV _kpasswd._udp.Trust.local dc.Trust.local
464 : [Errno 2] No such file or directory
update(nsupdate): CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
Calling nsupdate for CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
(add)
Failed nsupdate: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 (add)
Failed
nsupdate: SRV _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 :
[Errno 2] No such file or directory
update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.12
Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.12 (add)
Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.12 : [Errno 2] No such file or
directory
update(nsupdate): SRV _gc._tcp.Trust.local dc.Trust.local
3268
Calling nsupdate for SRV _gc._tcp.Trust.local dc.Trust.local 3268
(add)
Failed nsupdate: SRV _gc._tcp.Trust.local dc.Trust.local 3268 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
Calling nsupdate
for SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
(add)
Failed nsupdate: SRV _ldap._tcp.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
Calling nsupdate for SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 (add)
Failed nsupdate: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): A dc.Trust.local 192.168.0.66
Calling
nsupdate for A dc.Trust.local 192.168.0.66 (add)
Failed nsupdate: A
dc.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
update(nsupdate): A Trust.local 192.168.0.66
Calling nsupdate
for A Trust.local 192.168.0.66 (add)
Failed nsupdate: A Trust.local
192.168.0.66 : [Errno 2] No such file or directory
update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.66
Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.66 (add)
Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
Failed update of 24 entries
Tnxs in advance.
Links:
------
[1] mailto:samba at lists.samba.org
More information about the samba
mailing list