[Samba] Problem samba db / pc - domain trust gone.
Achim Gottinger
achim at ag-web.biz
Mon May 15 15:55:23 UTC 2017
Hello Louis,
Looks like an unsynced deleted object.
Did you try "samba-tool domain tombstones expunge"
achim~
Am 15.05.2017 um 17:02 schrieb L.P.H. van Belle via samba:
> Nobody?
>
>
> These are repeating every 5 min on my DC2.
> No i dont care about the LostAndFound/deleted.
>
> [2017/05/15 16:52:32.848035, 0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
> Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> [2017/05/15 16:57:32.857425, 0] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
> ldb: No objectClass found in replPropertyMetaData for CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndFound,DC=internal,DC=domain,DC=tld!
>
> Im wondering what this is.
>
> [2017/05/15 16:57:32.857647, 0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
> Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>
> So any tips?
>
> Im out tomorrow, but any info helps thanks.
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> L.P.H. van Belle via samba
>> Verzonden: maandag 15 mei 2017 12:13
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Problem samba db / pc - domain trust gone.
>>
>> I forgot to mention it involves samba 4.5.8.
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van
>>> Belle via samba
>>> Verzonden: maandag 15 mei 2017 11:40
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] Problem samba db / pc - domain trust gone.
>>>
>>> Hai,
>>>
>>> Environment, Debian Jessie.
>>>
>>>
>>> I got reports about pc's unable to login into the samba ad
>> dc domain.
>>> The trust between this workstation and the primary domain failed.
>>> This happend on a win7 and win10 pc.
>>> Now, this is "normaly" easy fixed,by rejoining the pc to the domain
>>> with the domain wizzard in windows.
>>> I noticed this didnt work anymore.
>>>
>>> I was running without problem, so what lead to this problem.
>>>
>>> installed the needed security updates last friday. (
>> kernel, bind, no
>>> samba things. ) I was prepering to upgrade to 4.6.3 and did the
>>> following.
>>>
>>> 1) samba-tool dbcheck and a samba-tool dbcheck --fix
>>>
>>> --- DC 1 ----
>>>
>>> That fixed 4 errors.
>>> i got some others back.
>>> Multple messages with :
>>> CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
>>> Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
>>> icies,CN=System,DC=internal,DC=domain,DC=tld
>>> this part
>>> "CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
>>> Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
>>> icies,CN=System" can be anything, multiple messages.
>>> users/computers.
>>>
>>> rebooted the server, resulting in these log messages.
>>> samba logs clean, no errors,
>>> running : samba-tool dbcheck and a samba-tool dbcheck
>> --fix again,
>>> fixed simalar like above. ( 8 errors )
>>>
>>>
>>> running samba-tool ldapcmp:
>>> samba-tool ldapcmp --filter='whenChanged,dc,cn'
>>> ldap://dc1.internal.domain.tld ldap://dc2.internal.domain.tld Shows
>>> differenced in login timpstamps. Which can explain the
>> message on the
>>> pc's : the trust between this workstation and the primary domain
>>> failed.
>>>
>>> Difference in attribute values:
>>> lastLogonTimestamp =>
>>> ['131390598670332960']
>>> ['131380923051230950']
>>> FAILED
>>>
>>> Difference in attribute values:
>>> pwdLastSet =>
>>> ['131389578099979510']
>>> ['131363450502014640']
>>> FAILED
>>>
>>>
>>> -------------------------
>>> Now i checked my DC2.
>>>
>>> samba-tool dbcheck:
>>> Please use --fix to fix these errors
>>> Checked 852 objects (626 errors)
>>>
>>> pff, 626 errors?
>>>
>>> mostly things like these below.
>>>
>>> STATUS=daemon 'samba' finished starting up and ready to serve
>>> connections
>>> samba: setproctitle not initialized, please either call
>>> setproctitle_init() or link against libbsd-ctor.
>>> [2017/05/15 09:17:32.208909, 0]
>>> ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
>>> ldb: No objectClass found in replPropertyMetaData for
>>> CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
>>> ound,DC=internal,DC=domain,DC=tld!
>>>
>>> [2017/05/15 09:17:32.213955, 0]
>>> ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
>>> source_apply_changes_trigger)
>>> Failed to commit objects:
>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>> [2017/05/15 09:22:32.210006, 0]
>>> ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
>>> ldb: No objectClass found in replPropertyMetaData for
>>> CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
>>> ound,DC=internal,DC=domain,DC=tld!
>>>
>>> [2017/05/15 09:22:32.211300, 0]
>>> ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
>>> source_apply_changes_trigger)
>>> Failed to commit objects:
>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>> [2017/05/15 09:27:32.222921, 0]
>>> ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
>>> ldb: No objectClass found in replPropertyMetaData for
>>> CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
>>> ound,DC=internal,DC=domain,DC=tld!
>>>
>>> [2017/05/15 09:27:32.223286, 0]
>>> ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
>>> source_apply_changes_trigger)
>>> Failed to commit objects:
>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>
>>>
>>> Not fixing replPropertyMetaData on
>>> CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
>>> Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
>>> icies,CN=System,DC=internal,DC=domain,DC=tld
>>>
>>> CN=Windows Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090364
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009030e
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000902ee
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090177
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009012e
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000900dd
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090092
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090001
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020119
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020002
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020001
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0000000d
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000003
>> CN=Windows
>>> Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000000
>>> ERROR: unsorted attributeID values in replPropertyMetaData on
>>> CN=Windows Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld
>>>
>>> Not fixing replPropertyMetaData on CN=Windows Authorization Access
>>> Group,CN=Builtin,DC=internal,DC=domain,DC=tld
>>>
>>>
>>> What is the best action here, do a full resync from DC1 to
>> DC2? Or did
>>> i forget something?
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list