[Samba] Odd behavior since upgrading to 4.9.6
Rowland Penny
rpenny at samba.org
Wed Apr 24 18:49:00 UTC 2019
On Wed, 24 Apr 2019 12:36:15 -0500 (CDT)
Mike Ray via samba <samba at lists.samba.org> wrote:
> [global]
> dns forwarder = 192.168.2.101 192.168.2.102
What are the dns forwarders ?
By this I mean, are they dns servers outside the AD dns domain, no
nothing about the AD domain, but do know about the internet.
> idmap_ldb:use rfc2307 = yes
> ldap server require strong auth = no
> netbios name = dc5
> ntp signd socket directory = /var/run/samba/ntp_signd
Is the above different from the output of:
samba -b | grep 'NTP_SIGND_SOCKET_DIR' | awk '{print $NF}'
If it isn't, you can remove that line, if it is, why ?
> realm = REALM.COM
> server role = active directory domain controller
> workgroup = REALM
> acl:search = no
That is a blast from the past, or to put it another way, it is very
doubtful you need it
> load printers = no
> ntp signd socket directory = /var/run/samba/ntp_signd
So good, you have it twice ;-)
> >
> > acl allow execute always New False
> > password level Removed
> > set directory Removed
> > use ntdb
> > New No
>
> None of these options are set.
Just because they are not there, doesn't mean they are not set. If a
parameter has a default value, then if a parameter isn't set, the
default value is used, this might not be what you want in your setup.
>
>
> >
> > The commands Andrew showed are working.
> > You need to trigger a re-index and that should work.
> >
> > Before you do that, run on all servers:
> > samba-tool dbcheck --cross-ncs
> > ( to fix errors, run it again , add --fix (--yes)
>
> This command runs nightly. I ran it manually and confirmed no issues.
>
>
> >
> > samba-tool dbcheck --reindex
> > You need to run it once on every server.
>
> I ran this and it said "re-index OK" (or similar).
>
> The only weird thing here was that if I ran the command again, it had
> the same output.
This is probably to be expected, I mean that it is hardly likely to
print something like 'The re-index is still OK.' ;-)
> Roughly -- the big difference here is that our old version was a
> custom compiled piece of junk, so we spun up a new server (with the
> sernet packages) and let the old servers replicate to the new one,
> instead of upgrading in place.
That should have worked.
> > And other way to fix this, check all server, push the database from
> > a good server to DC5.
>
> What do you mean "push the database from a good server"? I assume you
> mean something more than just replicate from one DC to another.
I think he meant what you did above, join a new DC, either that or
running 'samba-tool drs replicate'
Rowland
More information about the samba
mailing list