[Samba] after a couple of year of success is not possible to add workstations to domain
massimo Donato
donato at adcom.it
Wed Feb 7 16:57:57 UTC 2018
Hi to all,
*//*
Il 07/02/2018 14:45, Massimo Donato - Adcom.it via samba ha scritto:
> *//*
> Hi Denis,
>
> Il 06/02/2018 20:05, Denis Cardon via samba ha scritto:
>> Hi Massimo,
>>
>>> Il 05/02/2018 16:41, Rowland Penny ha scritto:
>>>> On Mon, 5 Feb 2018 16:01:27 +0100
>>>> "Massimo Donato - Adcom.it via samba" <samba at lists.samba.org> wrote:
>>>>
>>>>> */Hi all,
>>>>> after a couple of year of successfully working samba AD DC is
>>>>> not possible to add workstations to domain
>>>>> since a few day ago in windows i get a messagge complaining that the
>>>>> account previously exists. ant that to try access with a different
>>>>> account. after some investigation i found that the backupDC was in
>>>>> hardware fault. the primary seems to work great, but still unable to
>>>>> add workstation to domain.
>>>>> seems like something is missing,
>>>>> samba version is 4.7.4(upgraded during investigation)
>>>>>
>>>>> any advice ? where to look ?
>>>>>
>>>> One of the problems here is that you are thinking in terms of
>>>> 'primary'
>>>> and 'backup' DCs. You haven't got a 'primary' DC or a 'backup' DC, you
>>>> just have two DCs and they should both contain exactly the same
>>>> data in
>>>> AD. Problem is, when your second DC became faulty, it may have
>>>> corrupted AD on the DC and then replicated this corruption to the
>>>> first DC.
>>>>
>>>> I would turn off the faulty DC (if it is still running), demote the
>>>> dead DC and then run 'samba-tool dbcheck'
>>>>
>>>> But, before I tried to do anything, I would ensure that the first DC
>>>> was fully backed up.
>>>>
>>>> Rowland
>>>>
>>>>
>>> thank you Rowland for your answer.,
>>> i understend what you mean regarding DC, there was just two dc.
>>> the faulty DC is no more in our datacenter(disk dead)
>>> so i have one DC that is corrupted, i have a backup, but only after
>>> corruption.
>>> dbcheck is good, even with ncs option, 0 errors
>>> any other advice to check ?
>>
>> which server is/was the RID FSMO role owner?
>>
>> Denis
> I think the one still lives, was the forst one i configured.
>
> i tryed something just not to bother all the list, may this help ?
>
> [root at zeus log]# samba-tool dbcheck --fix
> WARNING: The "profile acls" option is deprecated
> Checking 309 objects
> Checked 309 objects (0 errors)
> [root at zeus log]# samba-tool dbcheck --cross-nc --fix
> WARNING: The "profile acls" option is deprecated
> Checking 3578 objects
> Checked 3578 objects (0 errors)
> [root at zeus log]# samba-tool drs showrepl
> WARNING: The "profile acls" option is deprecated
> Default-First-Site-Name\ZEUS
> DSA Options: 0x00000001
> DSA object GUID: e0a28581-6f38-4a9e-b593-43b65cafb872
> DSA invocationId: adb5b609-20d2-4b4c-a8da-1bdb74dc444e
>
> ==== INBOUND NEIGHBORS ====
>
> ==== OUTBOUND NEIGHBORS ====
>
> ==== KCC CONNECTION OBJECTS ====
also tryed this and no errors:
any idea on how to remove the dead server from dns entries ?
[root at zeus /]# host -t SRV _kerberos._udp.somdomain.com.
_kerberos._udp.somdomain.com has SRV record 0 100 88 zeus.somdomain.com.
_kerberos._udp.somdomain.com has SRV record 0 100 88 backupdc.somdomain.com.
[root at zeus /]# host -t SRV _ldap._tcp.somdomain.com
_ldap._tcp.somdomain.com has SRV record 0 100 389 zeus.somdomain.com.
_ldap._tcp.somdomain.com has SRV record 0 100 389 backupdc.somdomain.com.
---
Questa email è stata esaminata alla ricerca di virus da AVG.
http://www.avg.com
More information about the samba
mailing list