[Samba] after a couple of year of success is not possible to add workstations to domain

Massimo Donato - Adcom.it donato at adcom.it
Wed Feb 7 13:45:04 UTC 2018 

*//*
Hi Denis,

Il 06/02/2018 20:05, Denis Cardon via samba ha scritto:
> Hi Massimo,
>
>> Il 05/02/2018 16:41, Rowland Penny ha scritto:
>>> On Mon, 5 Feb 2018 16:01:27 +0100
>>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote:
>>>
>>>> */Hi all,
>>>>      after a couple of year of successfully working samba AD DC is
>>>> not possible to add workstations to domain
>>>> since a few day ago in windows i get a messagge complaining that the
>>>> account previously exists. ant that to try access with a different
>>>> account. after some investigation i found that the backupDC was in
>>>> hardware fault. the primary seems to work great, but still unable to
>>>> add workstation to domain.
>>>> seems like something is missing,
>>>> samba version is 4.7.4(upgraded during investigation)
>>>>
>>>> any advice ? where to look ?
>>>>
>>> One of the problems here is that you are thinking in terms of 'primary'
>>> and 'backup' DCs. You haven't got a 'primary' DC or a 'backup' DC, you
>>> just have two DCs and they should both contain exactly the same data in
>>> AD. Problem is, when your second DC became faulty, it may have
>>> corrupted AD on the DC and then replicated this corruption to the
>>> first DC.
>>>
>>> I would turn off the faulty DC (if it is still running), demote the
>>> dead DC and then run 'samba-tool dbcheck'
>>>
>>> But, before I tried to do anything, I would ensure that the first DC
>>> was fully backed up.
>>>
>>> Rowland
>>>
>>>
>> thank you Rowland for your answer.,
>> i understend what you mean regarding DC, there was just two dc.
>> the faulty DC is no more in our datacenter(disk dead)
>> so i have one DC that is corrupted, i have a backup, but only after
>> corruption.
>> dbcheck is good, even with ncs option, 0 errors
>> any other advice to check ?
>
> which server is/was the RID FSMO role owner?
>
> Denis
I think the one still lives, was the forst one i configured.

i tryed something just not to bother all the list, may this help ?

[root at zeus log]# samba-tool dbcheck --fix
WARNING: The "profile acls" option is deprecated
Checking 309 objects
Checked 309 objects (0 errors)
[root at zeus log]# samba-tool dbcheck --cross-nc --fix
WARNING: The "profile acls" option is deprecated
Checking 3578 objects
Checked 3578 objects (0 errors)
[root at zeus log]# samba-tool drs showrepl
WARNING: The "profile acls" option is deprecated
Default-First-Site-Name\ZEUS
DSA Options: 0x00000001
DSA object GUID: e0a28581-6f38-4a9e-b593-43b65cafb872
DSA invocationId: adb5b609-20d2-4b4c-a8da-1bdb74dc444e

==== INBOUND NEIGHBORS ====

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====




---
Questa email è stata esaminata alla ricerca di virus da AVG.
http://www.avg.com

More information about the samba mailing list