[Samba] Odd behavior since upgrading to 4.9.6

Rowland Penny rpenny at samba.org
Wed Apr 24 18:49:00 UTC 2019 

On Wed, 24 Apr 2019 12:36:15 -0500 (CDT)
Mike Ray via samba <samba at lists.samba.org> wrote:

> [global]
>         dns forwarder = 192.168.2.101 192.168.2.102

What are the dns forwarders ?
By this I mean, are they dns servers outside the AD dns domain, no
nothing about the AD domain, but do know about the internet.

>         idmap_ldb:use rfc2307 = yes
>         ldap server require strong auth = no
>         netbios name = dc5
>         ntp signd socket directory = /var/run/samba/ntp_signd

Is the above different from the output of:
samba -b | grep 'NTP_SIGND_SOCKET_DIR' | awk '{print $NF}'

If it isn't, you can remove that line, if it is, why ?

>         realm = REALM.COM
>         server role = active directory domain controller
>         workgroup = REALM
>         acl:search = no

That is a blast from the past, or to put it another way, it is very
doubtful you need it 

>         load printers = no
>         ntp signd socket directory = /var/run/samba/ntp_signd

So good, you have it twice ;-)


> > 
> >   acl allow execute always		New		False
> >   password level				Removed
> >   set directory				Removed
> >   use ntdb
> > New		No 
> 
> None of these options are set.

Just because they are not there, doesn't mean they are not set. If a
parameter has a default value, then if a parameter isn't set, the
default value is used, this might not be what you want in your setup.

> 
> 
> > 
> > The commands Andrew showed are working.
> > You need to trigger a re-index and that should work.
> > 
> > Before you do that, run on all servers:
> > samba-tool dbcheck --cross-ncs
> > ( to fix errors, run it again , add --fix (--yes)  
> 
> This command runs nightly. I ran it manually and confirmed no issues.
> 
> 
> > 
> > samba-tool dbcheck --reindex
> > You need to run it once on every server.  
> 
> I ran this and it said "re-index OK" (or similar).
> 
> The only weird thing here was that if I ran the command again, it had
> the same output.

This is probably to be expected, I mean that it is hardly likely to
print something like 'The re-index is still OK.' ;-)

> Roughly -- the big difference here is that our old version was a
> custom compiled piece of junk, so we spun up a new server (with the
> sernet packages) and let the old servers replicate to the new one,
> instead of upgrading in place.

That should have worked.
 
> > And other way to fix this, check all server, push the database from
> > a good server to DC5.  
> 
> What do you mean "push the database from a good server"? I assume you
> mean something more than just replicate from one DC to another.

I think he meant what you did above, join a new DC, either that or
running 'samba-tool drs replicate'

Rowland

More information about the samba mailing list