[Samba] DRS and DNS sync are not working after update from 4.8.2 to 4.8.3

marcel at linux-ng.de marcel at linux-ng.de
Tue Jul 10 14:48:58 UTC 2018 

Hi Aleksey,

did you find any solution for this?

I just updated from 4.8.2 to 4.8.3 and had very similar
effects:

Login was no longer possible with 4.8.3 - log file was full of
     "ldb: Failed to unlock db"
messages.

I had to downgrade to 4.8.2 in order to make samba work again.

Bye,
  Marcel


June 28, 2018 10:28 AM, "Aleksey Vladimirov via samba" <samba at lists.samba.org> wrote:

> After update I have got this:
> 
> samba-tool drs kcc -Uadm2 -d 9
> INFO: Current debug levels:
> all: 9
> tdb: 9
> printdrivers: 9
> lanman: 9
> smb: 9
> rpc_parse: 9
> rpc_srv: 9
> rpc_cli: 9
> passdb: 9
> sam: 9
> auth: 9
> winbind: 9
> vfs: 9
> idmap: 9
> quota: 9
> acls: 9
> locking: 9
> msdfs: 9
> dmapi: 9
> registry: 9
> scavenger: 9
> dns: 9
> ldb: 9
> tevent: 9
> auth_audit: 9
> auth_json_audit: 9
> kerberos: 9
> drs_repl: 9
> smb2: 9
> smb2_credits: 9
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Processing section "[global]"
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[Scan]"
> Processing section "[print$]"
> Processing section "[printers]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:sklad-dc.almi-russia.local[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface enp2s0 ip=192.168.32.12 bcast=192.168.32.255 netmask=255.255.255.0
> added interface enp2s0 ip=192.168.32.12 bcast=192.168.32.255 netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name sklad-dc.almi-russia.local<0x20>
> getlmhostsent: lmhost entry: 192.168.32.12 SKLAD-DC
> getlmhostsent: lmhost entry: 192.168.31.12 DCSRV
> getlmhostsent: lmhost entry: 192.168.32.12 ALMI-RUSSIA
> Mapped to DCERPC endpoint 49152
> added interface enp2s0 ip=192.168.32.12 bcast=192.168.32.255 netmask=255.255.255.0
> added interface enp2s0 ip=192.168.32.12 bcast=192.168.32.255 netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name sklad-dc.almi-russia.local<0x20>
> getlmhostsent: lmhost entry: 192.168.32.12 SKLAD-DC
> getlmhostsent: lmhost entry: 192.168.31.12 DCSRV
> getlmhostsent: lmhost entry: 192.168.32.12 ALMI-RUSSIA
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Password for [ALMI-RUSSIA\adm2]:
> Received smb_krb5 packet of length 199
> Received smb_krb5 packet of length 106
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically sealed
> dcerpc: alter_resp - rpc fault: DCERPC_FAULT_SEC_PKG_ERROR
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Received smb_krb5 packet of length 199
> Received smb_krb5 packet of length 106
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically sealed
> dcerpc: alter_resp - rpc fault: DCERPC_FAULT_SEC_PKG_ERROR
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> ncacn_ip_tcp:192.168.32.12[49152,seal,print,target_hostname=sklad-dc.almi-russia.local,abstract_synt
> x=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.32.12]
> NT_STATUS_LOGON_FAILURE
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to sklad-dc.almi-russia.local failed
> - drsException: DRS connection to sklad-dc.almi-russia.local failed: (3221225581, 'The attempted
> logon is invalid. This is either due to a bad username or authentication information.')
> File "/usr/lib/python2.7/site-packages/samba/netcmd/drs.py", line 44, in drsuapi_connect
> (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
> File "/usr/lib/python2.7/site-packages/samba/drs_utils.py", line 58, in drsuapi_connect
> raise drsException("DRS connection to %s failed: %s" % (server, e))
> 
> and in the log:
> 
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: ldb: Failed to lock
> db: ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1130
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: / Protocol error for
> DC=almi-russia,DC=local
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: [2018/06/28
> 11:27:05.026829, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: ldb: Failed to
> unlock db: ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1130
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: / Protocol error for
> metadata partition
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: [2018/06/28
> 11:27:05.027064, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: ldb: Failed to
> unlock db: Failed to unlock db: ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process
> 1130
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: / Protocol error for
> metadata partition / Protocol error
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]: [2018/06/28
> 11:27:05.027346, 0] ../source4/dsdb/dns/dns_update.c:127(dnsupdate_rebuild)
> Jun 28 11:27:05 sklad-dc.almi-russia.local samba[1130]: task[dnsupdate][1130]:
> ../source4/dsdb/dns/dns_update.c:127: Unable to find DCs list - Failed to unlock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1130
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881556, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to lock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Success for
> CN=Schema,CN=Configuration,DC=almi-russia,DC=local
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881642, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to lock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Protocol error for
> CN=Configuration,DC=almi-russia,DC=local
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881682, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to lock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Protocol error for
> DC=DomainDnsZones,DC=almi-russia,DC=local
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881718, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to lock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Protocol error for
> DC=ForestDnsZones,DC=almi-russia,DC=local
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881755, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to lock db:
> ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Protocol error for
> DC=almi-russia,DC=local
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881790, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to unlock
> db: ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: / Protocol error for
> metadata partition
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: [2018/06/28
> 11:27:30.881825, 0] ../lib/ldb-samba/ldb_wrap.c:77(ldb_wrap_debug)
> Jun 28 11:27:30 sklad-dc.almi-russia.local samba[1112]: task[dcesrv][1112]: ldb: Failed to unlock
> db: Failed to unlock db: ../ldb_tdb/ldb_tdb.c:147: Reusing ldb opend by pid 1110 in process 1112
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list