[Samba] Problem samba db / pc - domain trust gone.

L.P.H. van Belle belle at bazuin.nl
Mon May 15 15:02:20 UTC 2017 

Nobody? 


These are repeating every 5 min on my DC2. 
No i dont care about the LostAndFound/deleted. 

[2017/05/15 16:52:32.848035,  0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
  Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
[2017/05/15 16:57:32.857425,  0] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
  ldb: No objectClass found in replPropertyMetaData for CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndFound,DC=internal,DC=domain,DC=tld!

Im wondering what this is. 

[2017/05/15 16:57:32.857647,  0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
  Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

So any tips? 

Im out tomorrow, but any info helps thanks.

Greetz, 

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 15 mei 2017 12:13
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problem samba db / pc - domain trust gone.
> 
> I forgot to mention it involves samba 4.5.8. 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van 
> > Belle via samba
> > Verzonden: maandag 15 mei 2017 11:40
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Problem samba db / pc - domain trust gone.
> > 
> > Hai,
> >  
> > Environment, Debian Jessie. 
> >  
> >  
> > I got reports about pc's unable to login into the samba ad 
> dc domain. 
> > The trust between this workstation and the primary domain failed. 
> > This happend on a win7 and win10 pc. 
> > Now, this is "normaly" easy fixed,by rejoining the pc to the domain 
> > with the domain wizzard in windows.
> > I noticed this didnt work anymore. 
> >  
> > I was running without problem, so what lead to this problem.
> >  
> > installed the needed security updates last friday.  ( 
> kernel, bind, no 
> > samba things. ) I was prepering to upgrade to 4.6.3 and did the 
> > following.
> >  
> > 1) samba-tool dbcheck  and a samba-tool dbcheck --fix
> >  
> > --- DC 1  ----
> >  
> > That fixed 4 errors. 
> > i got some others back. 
> > Multple messages with : 
> > CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
> > Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
> > icies,CN=System,DC=internal,DC=domain,DC=tld
> > this part
> > "CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
> > Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
> > icies,CN=System" can be anything, multiple messages.
> > users/computers. 
> >  
> > rebooted the server, resulting in these log messages. 
> > samba logs clean, no errors,
> > running : samba-tool dbcheck  and a samba-tool dbcheck 
> --fix  again, 
> > fixed simalar like above. ( 8 errors )
> >  
> >  
> > running samba-tool ldapcmp: 
> > samba-tool ldapcmp --filter='whenChanged,dc,cn' 
> > ldap://dc1.internal.domain.tld ldap://dc2.internal.domain.tld Shows 
> > differenced in login timpstamps. Which can explain the 
> message on the 
> > pc's : the trust between this workstation and the primary domain 
> > failed.
> >  
> >    Difference in attribute values:
> >         lastLogonTimestamp =>
> > ['131390598670332960']
> > ['131380923051230950']
> >     FAILED
> > 
> >   Difference in attribute values:
> >         pwdLastSet =>
> > ['131389578099979510']
> > ['131363450502014640']
> >     FAILED
> > 
> >  
> > -------------------------
> > Now i checked my DC2. 
> >  
> > samba-tool dbcheck: 
> > Please use --fix to fix these errors
> > Checked 852 objects (626 errors)
> > 
> > pff, 626 errors? 
> >  
> > mostly things like these below. 
> >  
> >   STATUS=daemon 'samba' finished starting up and ready to serve 
> > connections
> > samba: setproctitle not initialized, please either call
> > setproctitle_init() or link against libbsd-ctor.
> > [2017/05/15 09:17:32.208909,  0]
> > ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
> >   ldb: No objectClass found in replPropertyMetaData for 
> > CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
> > ound,DC=internal,DC=domain,DC=tld!
> >  
> > [2017/05/15 09:17:32.213955,  0]
> > ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
> > source_apply_changes_trigger)
> >   Failed to commit objects: 
> > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> > [2017/05/15 09:22:32.210006,  0]
> > ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
> >   ldb: No objectClass found in replPropertyMetaData for 
> > CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
> > ound,DC=internal,DC=domain,DC=tld!
> >  
> > [2017/05/15 09:22:32.211300,  0]
> > ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
> > source_apply_changes_trigger)
> >   Failed to commit objects: 
> > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> > [2017/05/15 09:27:32.222921,  0]
> > ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
> >   ldb: No objectClass found in replPropertyMetaData for 
> > CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
> > ound,DC=internal,DC=domain,DC=tld!
> >  
> > [2017/05/15 09:27:32.223286,  0]
> > ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
> > source_apply_changes_trigger)
> >   Failed to commit objects: 
> > WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> >  
> >  
> > Not fixing replPropertyMetaData on
> > CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
> > Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
> > icies,CN=System,DC=internal,DC=domain,DC=tld
> >  
> > CN=Windows Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090364 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009030e 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000902ee 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090177 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009012e 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000900dd 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090092 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090001 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020119 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020002 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020001 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0000000d 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000003 
> CN=Windows 
> > Authorization Access
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000000
> > ERROR: unsorted attributeID values in replPropertyMetaData on 
> > CN=Windows Authorization Access 
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld
> >  
> > Not fixing replPropertyMetaData on CN=Windows Authorization Access 
> > Group,CN=Builtin,DC=internal,DC=domain,DC=tld
> >  
> >  
> > What is the best action here, do a full resync from DC1 to 
> DC2? Or did 
> > i forget something?
> >  
> >  
> > Greetz,
> >  
> > Louis
> >  
> >  
> >  
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list