[Samba] samba 4.7.0 replication errors
Andrew Bartlett
abartlet at samba.org
Sat Oct 14 06:44:36 UTC 2017
On Sun, 2017-10-01 at 22:27 +0100, Rowland Penny via samba wrote:
> On Mon, 2 Oct 2017 09:59:47 +1300
> Garming Sam via samba <samba at lists.samba.org> wrote:
>
> > Can you provide a bit more logs? At first glance, it doesn't seem
> > quite related to group memberships.
> >
> >
> > Cheers,
> >
> > Garming
> >
> > On 29/09/17 22:07, gizmo via samba wrote:
> > > Hallo,
> > > we have 5 ADDCs. All of them did run with sernet-samba 4.6.7.
> > > I updated 4 of them to sernet-samba 4.7.0, one after the other,
> > > checked replication, everything seemed to be ok. One day later a
> > > colleague wanted to delete a lot of users with a powershell-script
> > > and since then the replication doesnt work anymore. (Im sure the
> > > script is not the problem, but it seemes like it triggered
> > > something)
> > >
> > > All samba-servers with version 4.7.0 report errors with at least
> > > one other ADDC like
> > >
> > > DC=domain,DC=de
> > > Default-First-Site-Name\ISAMBA4-2 via RPC
> > > DSA object GUID: 5dc32731-e914-486d-96f1-ce065ff956bf
> > > Last attempt @ Fri Sep 29 10:37:24 2017 CEST failed, result 58
> > > (WERR_BAD_NET_RESP) 358 consecutive failure(s).
> > > Last success @ Thu Sep 28 10:18:16 2017 CEST
> > >
> > >
> > > The command "samba-tool dbcheck --cross-ncs --fix --yes" reports
> > > hundreds of errors like
> > >
> > > ERROR: orphaned backlink attribute 'memberOf' ...
> > >
> > > The dbcheck-command says, it fixed the problems, but when I execute
> > > again, a lot of the same error comes again ( I can not say, if the
> > > same entries are effected).
> > >
> > > The log.samba has a lot of entries like
> > > [2017/09/29 10:26:15.502219,
> > > 0] ../source4/dsdb/repl/drepl_out_helpers.c:959(dreplsrv_op_pull_source_apply_changes_trigger)
> > > Failed to commit objects:
> > > WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
> > >
> > >
> > > If I make the dbcheck on the last server with version 4.6.7, this
> > > errors dont appear.
> > >
> > > How do I get the replication to work again ?
> > >
> > > Is the error "orphaned backlink attribute" the reason, why
> > > replication doesnt work anymore ? And if so, do I have to fix all
> > > groups manually like said in a similar problem from the post "Samba
> > > 4.7.0 replication issue: failed get spanning tree edges" ?
> > > (https://lists.samba.org/archive/samba/2017-September/211225.html)
> > >
> >
> >
>
> Aren’t the orphaned backlinks an artefact of a previous fix ? I seem to
> remember they have always been there, but the 'fix' just exposed them.
Yes, dbcheck now sees these, since 4.5 I think.
> It might help if we could see the powershell script, just how were the
> users deleted, the other question is: why was a powershell script used,
> when it would have been easier to write a bash script around
> 'samba-tool user delete'
Both are likely to be getting to the same operation under the hood.
In any case, the logs Garming requested are the key to making progress here.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list