[Samba] errors restoring samba

Adam Weremczuk adamw at matrixscience.com
Mon Jul 22 15:12:57 UTC 2019


Following deeper analysis I have found some permission differences in 
sysvol policies files, e.g:

WORKING:

# file: 
samba/sysvol/company.co.uk/Policies/{274B7BA8-3DBA-43A6-8AC2-D45B5E4054FF}/GPT.INI
# owner: 3000000
# group: Domain\040Users
user::rwx
group::---
group:Domain\040Users:---
group:3000000:rwx
group:3000002:rwx
group:3000003:r-x
group:3000006:rwx
group:3000008:rwx
group:3000010:r-x
mask::rwx
other::---

RESTORED:

# file: 
samba/sysvol/company.co.uk/Policies/{274B7BA8-3DBA-43A6-8AC2-D45B5E4054FF}/GPT.INI
# owner: 3000000
# group: Domain\040Users
user::rwx
group::rwx
other::---

Would it be enough to justify the error below and cause a complete DNS 
failure?

Adam


On 22/07/19 15:28, Adam Weremczuk via samba wrote:
> Hi Rowland,
>
> I've decided to roll back samba on DC1 to the state from a couple of 
> weeks ago, before I started all this mess...
>
> Since the email subject change :)
>
> Stopped bind9 and sernet-samba-ad and copied /var/lib/samba aside.
>
> Restored samba folder from backup, started sernet-samba-ad but bind9 
> fails to start:
>
> Jul 22 14:39:39 dc1 named[27846]: generating session key for dynamic DNS
> Jul 22 14:39:39 dc1 named[27846]: sizing zone task pool based on 5 zones
> Jul 22 14:39:39 dc1 named[27846]: Loading 'AD DNS Zone' using driver 
> dlopen
> Jul 22 14:39:39 dc1 named[27846]: samba_dlz: Failed to connect to 
> /var/lib/samba/private/dns/sam.ldb
> Jul 22 14:39:39 dc1 named[27846]: dlz_dlopen of 'AD DNS Zone' failed
> Jul 22 14:39:39 dc1 named[27846]: SDLZ driver failed to load.
> Jul 22 14:39:39 dc1 named[27846]: DLZ driver failed to load.
> Jul 22 14:39:39 dc1 named[27846]: loading configuration: failure
> Jul 22 14:39:39 dc1 named[27846]: exiting (due to fatal error)
>
> Initially I thought permissions / ownership issues but the current and 
> the backup copy looks identical:
>
> dc1:/# getfacl var/lib/samba/private/dns/sam.ldb
> # file: var/lib/samba/private/dns/sam.ldb
> # owner: root
> # group: bind
> user::rw-
> group::rw-
> other::---
>
> dc1:/# getfacl var/tmp/bacula-restores/var/lib/samba/private/dns/sam.ldb
> # file: var/tmp/bacula-restores/var/lib/samba/private/dns/sam.ldb
> # owner: root
> # group: bind
> user::rw-
> group::rw-
> other::---
>
> Files have the same size and time stamps, both last modified in 2013.
>
> Also no difference in ownership and permissions for the parent 
> samba/private/dns folders.
>
> After rolling back /var/lib/samba and restarting services DNS and AD 
> are working again.
>
> Any ideas?
>
> Thanks,
> Adam
>




More information about the samba mailing list