[Samba] messy replication
adamw at matrixscience.com
Mon Jul 22 11:41:54 UTC 2019
On 18/07/19 15:52, Rowland penny via samba wrote:
> my plan would be to:
> TURN OFF DC2
I did it on Friday afternoon after my numerous attempts to demote DC2
This fixed one issue - made the network shares appear again across all
A new one has been discovered though on one of our CentOS 5.11 boxes.
Any command (like sudo or ssh) that needs authentication or user name
lookup takes a long time to complete.
This doesn't only make working with this machine very difficult but also
makes lots of complex scripts to fail due to timeouts.
Even though DC2 (192.168.8.125) has been powered off for almost 3 days I
can still see this client trying to connect to it when I ssh from
[root at centos log]# lsof | grep 192.168.8.125
sshd 6630 root 7u IPv4 24776 0t0
TCP centos.company.co.uk:57423->192.168.8.125:ldap (SYN_SENT)
sshd 6642 root 7u IPv4 24812 0t0
TCP centos.company.co.uk:57425->192.168.8.125:ldap (SYN_SENT)
At the same time I can see a lot of successful TCP flags (ESTABLISHED,
CLOSE_WAIT) against DC1.
Since no configuration changes have been made on this CentOS box I'm
assuming it must be DC1 advertising DC2 to clients.
Is removing references to DC2 from DC1 the only option to resolve it or
are there any quick tricks available to try?
E.g. some cache still needs to expire or needs to be forced to do so.
> Remove any trace of DC2 from DC1
I'm assuming I need to try exactly the same thing as last time?
ldbedit -e vim -H /var/lib/samba/private/sam.ldb --cross-ncs
Any difference running it with samba running vs samba stopped?
Apart from DDNS updates there should be no modifications made to AD
during the edit process (e.g. no machines or users added, removed, no
password changed etc.).
> Run 'samba-tool dbcheck --fix --yes --cross-ncs'
> Hopefully this will fix DC1, but your Samba is that old, I cannot
> remember if that will run on your DC.
> Your main problem is that your DC is in production, that is why I said
> to back everything up before you start.
I've skimmed through:
and my understanding is both online and offline samba-tool backups are
only available in the very latest versions 4.9 and 4.10.
So the only option I have is a manual data backup.
Is it sufficient to back up /var/lib/samba folder (containing *.ldb,
sysvol and netlogon) and restore it entirely if a disaster strikes?
Any benefit of stopping samba before creating a tarball?
More information about the samba