[Samba] After upgrade to 4.9.4, internal DNS no longer working

Viktor Trojanovic viktor at troja.ch
Thu Dec 27 10:58:26 UTC 2018

Hi Louis and Rowland, 

Thanks for all your input. In answer to your questions, yes, all packages were upgraded to 4.9.4 so that was not the issue – the error messages you’ve seen in this regard are from during the upgrade. I can only guess that something was removed too early. Also both hostname and resolv.conf were set up correctly.  But these points seem moot now as I was able to solve the issue. 

I didn’t touch the base system which was upgraded but I did downgrade Samba and dependencies (samba, smbclient, libwbclient) back to v4.7.4, I then just overwrote the Samba folder (/var/lib/samba) which contains private and sysvol with a recent backup – and everything works again. Users can log in, GPOs are being distributed. I have not yet tried to upgrade again, I’ll leave this for some other day. 

samba-tool dbcheck isn’t showing any errors. samba-tool ntacl sysvolcheck does complain about an incorrect db acl on a gpo directory so I ran sysvolreset. The error remains but doesn’t seem to bother the AD otherwise. Still, to be safe, here is the error: 

$ sudo samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1674, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

Any advice on how to take care of this error, or can this be safely ignored? 


From: Rowland Penny via samba
Sent: Donnerstag, 27. Dezember 2018 11:29
To: samba at lists.samba.org
Subject: Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working

On Thu, 27 Dec 2018 11:07:08 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Gooood morning Rowland, :-) 
> Your late ;-).. 
> What i also did see, so its more clear for others also. 
> > Dez 22 21:08:31 dc1 systemd[1]: Starting Samba AD Daemon...
> > Dez 22 21:08:31 dc1 kernel: audit: type=1131
> > audit(1545509311.984:52): pid=1 uid=0 auid=4294967295
> > ses=4294967295 msg='unit=samba comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> > res=failed' Dez 22 21:08:32 dc1 samba[733]: root process[733]:
> > [2018/12/22
> This line:  exe="/usr/lib/systemd/systemd" hostname=? addr=?
> terminal=? res=failed' 
> So incorrect hostname/resolving resulting in this problem. 

I actually think it could be a symptom and not the root cause. It
could be that two main things happened, systemd was upgraded and with
it 'resolved' was installed and smbclient wasn't upgraded.

I think that if 'resolved' is removed and ALL Samba packages are
upgraded, he might get it to work again.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list