[Samba] DRS stopped working after upgrade from debian Jessie to Stretch
Rowland Penny
rpenny at samba.org
Thu Jun 22 09:34:18 UTC 2017
On Thu, 22 Jun 2017 11:19:54 +0200
Prunk Dump <prunkdump at gmail.com> wrote:
> 2017-06-22 11:08 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
> >
> > Before you go down the 'backup' line, you mentioned that you have
> > three DCs, is only one DC giving problems or all three ?
> >
> > If it is just one and the other two are working okay, I would demote
> > the faulty DC and remove it from the domain. I would then check the
> > ex-DC for faults (the HD for instance), once you are sure that there
> > are no faults or you have fixed any ones found, you can then rejoin
> > it as a DC (I would change its hostname as well).
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> No sadly the three DC are affected by the same problem :
> -> "samba-tool time -P" fail
> -> kinit with exported machine keytab account works
> -> kinit with /var/lib/samba/private/secrets.keytabs fail.
>
> But on the AD database there is one error that is only related to one
> of my DC. -> the kerberos principal of "nfs/fichdc" disappeared of
> the kerberos database -> the "nfs/fichds01" and "nfs/fichds02"
> principal works with kinit.
>
> Baptiste.
Then I am not sure if backing up the DCs is going to work, if the
problem is in AD, you will just backup the problem :-(
Two things you could try, add another DC and if this works, transfer
the FSMO roles to it and then demote the other three and rejoin them, or
try demoting a DC and rejoin it.
Rowland
More information about the samba
mailing list