[Samba] After upgrade to 4.9.4, internal DNS no longer working
Viktor Trojanovic
viktor at troja.ch
Thu Dec 27 10:58:26 UTC 2018
Hi Louis and Rowland,
Thanks for all your input. In answer to your questions, yes, all packages were upgraded to 4.9.4 so that was not the issue – the error messages you’ve seen in this regard are from during the upgrade. I can only guess that something was removed too early. Also both hostname and resolv.conf were set up correctly. But these points seem moot now as I was able to solve the issue.
I didn’t touch the base system which was upgraded but I did downgrade Samba and dependencies (samba, smbclient, libwbclient) back to v4.7.4, I then just overwrote the Samba folder (/var/lib/samba) which contains private and sysvol with a recent backup – and everything works again. Users can log in, GPOs are being distributed. I have not yet tried to upgrade again, I’ll leave this for some other day.
samba-tool dbcheck isn’t showing any errors. samba-tool ntacl sysvolcheck does complain about an incorrect db acl on a gpo directory so I ran sysvolreset. The error remains but doesn’t seem to bother the AD otherwise. Still, to be safe, here is the error:
$ sudo samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
lp)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
direct_db_access)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1674, in check_gpos_acl
domainsid, direct_db_access)
File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))
Any advice on how to take care of this error, or can this be safely ignored?
Thanks,
Viktor
From: Rowland Penny via samba
Sent: Donnerstag, 27. Dezember 2018 11:29
To: samba at lists.samba.org
Subject: Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working
On Thu, 27 Dec 2018 11:07:08 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Gooood morning Rowland, :-)
>
> Your late ;-)..
> What i also did see, so its more clear for others also.
>
> > Dez 22 21:08:31 dc1 systemd[1]: Starting Samba AD Daemon...
> > Dez 22 21:08:31 dc1 kernel: audit: type=1131
> > audit(1545509311.984:52): pid=1 uid=0 auid=4294967295
> > ses=4294967295 msg='unit=samba comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> > res=failed' Dez 22 21:08:32 dc1 samba[733]: root process[733]:
> > [2018/12/22
>
> This line: exe="/usr/lib/systemd/systemd" hostname=? addr=?
> terminal=? res=failed'
>
> So incorrect hostname/resolving resulting in this problem.
I actually think it could be a symptom and not the root cause. It
could be that two main things happened, systemd was upgraded and with
it 'resolved' was installed and smbclient wasn't upgraded.
I think that if 'resolved' is removed and ALL Samba packages are
upgraded, he might get it to work again.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list