[Samba] After upgrade to 4.9.4, internal DNS no longer working

Sat Dec 22 23:16:28 UTC 2018

Hi Rowland,

I just realized that I actually do have backups of everything in
/var/lib/samba (which is the main folder for Samba on Arch).

I'd still be interested how to recover from this situation without a backup
but priority is to get the AD back up and running again. How would you
suggest I proceed?

On Sat, 22 Dec 2018 at 23:01, Viktor Trojanovic <viktor at troja.ch> wrote:

> Then I don't know what caused it. I had no problems prior to the upgrade,
> and the upgrade was done without errors..
>
> Unfortunately, no, I don't have backups. 'sam.ldb' is still there, though,
> and so are the databases unter 'sam.ldb.d'.
>
> Yes, I tried restarting Samba, even rebooted the server but to no avail.
> Here are the results from running samba in the shell:
>
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> samba version 4.9.4 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2018
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> register_process_model: PROCESS_MODEL 'single' registered
> register_process_model: PROCESS_MODEL 'prefork' registered
> register_process_model: PROCESS_MODEL 'standard' registered
> AUTH backend 'sam' registered
> AUTH backend 'sam_ignoredomain' registered
> AUTH backend 'anonymous' registered
> AUTH backend 'winbind' registered
> AUTH backend 'name_to_ntstatus' registered
> AUTH backend 'unix' registered
> ldb_wrap open of privilege.ldb
> binary_smbd_main: samba: using 'standard' process model
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings objectGUID in the ldb!
> kdc_task_init: Cannot determine if we are an RODC: operations error at
> ../source4/dsdb/common/util.c:3534
> task_server_terminate: task_server_terminate: [kdc: krb5_init_context
> samdb RODC connect failed]
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings objectGUID in the ldb!
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings objectGUID in the ldb!
> task_server_terminate: task_server_terminate: [dreplsrv: Failed to connect
> to local samdb: WERR_DS_UNAVAILABLE
> ]
> task_server_terminate: task_server_terminate: [kccsrv: Failed to connect
> to local samdb: WERR_DS_UNAVAILABLE
> ]
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> ../source4/dsdb/dns/dns_update.c:127: Unable to find DCs list - No such
> Base DN: CN=Configuration,DC=samdom,DC=example,DC=chCalling DNS name update
> script
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Calling SPN name update script
> DCERPC endpoint server 'rpcecho' registered
> DCERPC endpoint server 'epmapper' registered
> DCERPC endpoint server 'remote' registered
> ldb_wrap open of secrets.ldb
> task_server_terminate: task_server_terminate: [dns: failed to load DNS
> zones]
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Failed to find object DC=samdom,DC=example,DC=ch for attribute
> fsmoRoleOwner - Cannot find DN DC=samdom,DC=example,DC=ch to get attribute
> fsmoRoleOwner for reference dn: No such Base DN: DC=samdom,DC=example,DC=ch
> Failed to find if we are the PDC for this ldb: Searching for fSMORoleOwner
> in DC=samdom,DC=example,DC=ch failed: Cannot find DN
> DC=samdom,DC=example,DC=ch to get attribute fsmoRoleOwner for reference dn:
> No such Base DN: DC=samdom,DC=example,DC=ch
> DCERPC endpoint server 'wkssvc' registered
> DCERPC endpoint server 'unixinfo' registered
> DCERPC endpoint server 'samr' registered
> DCERPC endpoint server 'netlogon' registered
> DCERPC endpoint server 'dssetup' registered
> DCERPC endpoint server 'lsarpc' registered
> DCERPC endpoint server 'backupkey' registered
> DCERPC endpoint server 'drsuapi' registered
> DCERPC endpoint server 'browser' registered
> DCERPC endpoint server 'eventlog6' registered
> DCERPC endpoint server 'dnsserver' registered
> /usr/bin/winbindd: winbindd version 4.9.4 started.
> /usr/bin/winbindd: Copyright Andrew Tridgell and the Samba Team 1992-2018
> /usr/bin/smbd: smbd version 4.9.4 started.
> /usr/bin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2018
> /usr/bin/winbindd: initialize_winbindd_cache: clearing cache and
> re-creating with version number 2
> /usr/bin/smbd: pdb backend samba_dsdb did not correctly init (error was
> NT_STATUS_UNSUCCESSFUL)
> /usr/bin/smbd: pdb backend samba_dsdb did not correctly init (error was
> NT_STATUS_UNSUCCESSFUL)
> /usr/bin/winbindd: daemon_ready: STATUS=daemon 'winbindd' finished
> starting up and ready to serve connections
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings options in the ldb!
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings options in the ldb!
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Searching for dsServiceName in rootDSE failed: operations error at
> ../source4/dsdb/samdb/ldb_modules/rootdse.c:518
> Failed to find our own NTDS Settings DN in the ldb!
> Failed to find our own NTDS Settings options in the ldb!
> /usr/bin/winbindd: pdb backend samba_dsdb did not correctly init (error
> was NT_STATUS_UNSUCCESSFUL)
> ../source4/dsdb/dns/dns_update.c:127: Unable to find DCs list - No such
> Base DN:
> CN=Configuration,DC=samdom,DC=example,DC=chsamba_runcmd_io_handler: Child
> /usr/bin/samba_spnupdate exited 0
> Completed SPN update check OK
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Failed to open domain S-1-5-21-4280320235-2980747731-3738778716: No such
> Base DN: DC=samdom,DC=example,DC=ch
> stream_terminate_connection: Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: single_terminate: reason[dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED]
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Failed to open domain S-1-5-21-4280320235-2980747731-3738778716: No such
> Base DN: DC=samdom,DC=example,DC=ch
> stream_terminate_connection: Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: single_terminate: reason[dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED]
> ldb: Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> Failed to open domain S-1-5-21-4280320235-2980747731-3738778716: No such
> Base DN: DC=samdom,DC=example,DC=ch
> stream_terminate_connection: Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED'
> single_terminate: single_terminate: reason[dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED]
> /usr/bin/smbd: daemon_ready: STATUS=daemon 'smbd' finished starting up and
> ready to serve connections
> /usr/bin/smbd: pdb backend samba_dsdb did not correctly init (error was
> NT_STATUS_UNSUCCESSFUL)
> Registered dc1<00> with 192.168.1.1 on interface 192.168.1.255
> Registered dc1<00> with 127.0.0.1 on interface 127.255.255.255
> Registered dc1<03> with 192.168.1.1 on interface 192.168.1.255
> Registered dc1<03> with 127.0.0.1 on interface 127.255.255.255
> Registered dc1<20> with 192.168.1.1 on interface 192.168.1.255
> Registered dc1<20> with 127.0.0.1 on interface 127.255.255.255
> Registered samdom<1c> with 192.168.1.1 on interface 192.168.1.255
> Registered samdom<1c> with 127.0.0.1 on interface 127.255.255.255
> Registered samdom<00> with 192.168.1.1 on interface 192.168.1.255
> Registered samdom<00> with 127.0.0.1 on interface 127.255.255.255
> ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code
> 110
>
>
>
> On Sat, 22 Dec 2018 at 22:54, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Sat, 22 Dec 2018 22:25:30 +0100
>> Viktor Trojanovic <viktor at troja.ch> wrote:
>>
>> > Oh, that doesn't sound good...
>> >
>> > Arch Linux. I did a regular system upgrade using pacman -Syu which
>> > automatically upgrades all packages to their latest version.
>> >
>> > I have another, practically identical system and I didn't have this
>> > issue there. Though I might have had a smaller jump between versions.
>>
>> The version jump shouldn't have caused this, I take it you have tried
>> restarting Samba again. If you still have the problem, try running the
>> 'samba' daemon directly in a terminal:
>>
>> /path/to/samba -i -d3
>>
>> See if this works or shows anything new.
>>
>> Did you have backups from before the upgrade ?
>> Have you checked if 'sam.ldb' is still there and if the databases are
>> in 'sam.ldb.d' ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>