[Samba] Replication failures

L.P.H. van Belle belle at bazuin.nl
Wed May 1 09:25:25 UTC 2019 

Hai Mason, 


> -----Oorspronkelijk bericht-----
> Van: M B [mailto:mmx at exm0.net] 
> Verzonden: dinsdag 30 april 2019 20:42
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Replication failures
> 
> Hi Louis,
> 
> In the past few days I’ve removed all bind flat file configs 
> from my environment, and I’ve checked carefully that all DCs 
> are replicating and that all changes on any DC eventually 
> replicate cleanly to all other DCs

Ok, so to confirm, your replication is ok now? 
If you think yes, then get en review the setting in this script. 
wget https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-db-repl.sh 
Run it from every dc and post the outputs. 

> 
> I’ve checked resolv.conf on all the DCs as well and they all 
> have at least two other IPs of other DC in them. I believe 
> you said that the first IP should be the IP of the local 
> host, but I haven’t done that on every server yet.

Yes, but you change that after the join and after you check replication is ok. 
What i always do is, join, reboot, check replication, change dns, reboot, and verify replication again. 
This order. 

> 
> I’m running dc4 on Ubuntu 18.04 using your samba packages. 
> All other samba DCs are running 4.9.3 that I’ve compiled 
> previously on Ubuntu 16.04. This same 4.9.3 package is 
> running without any kcc errors or process PANICs on another 
> site I manage.
> Also, one DC is Windows 2008 R2 (WDC1)
> 
> Every time I start samba AD DC on 18.04 with your packages or 
> on 16.04 with my own packages, the samba kccsvr ( ??????6615 
> samba: task[kccsrv]  )  task starts with all other samba 
> components and runs for about 10-12 seconds and then goes to 
> PANIC and crashes as shown in the logs below. After that 
> ‘samba-tool drs showrepl’ always fails.

On the server, set log level = 10 
A pain yes, but i dont see directly whats wrong here. 
Before a log level 10 post, run on the DC with my packages this again.
https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh 
Pm me the unmodified output, i'll re-check that. 

What i suspect is a damaged AD or DNS or both. 
It's just hard to find, but if AD is replication now, it must be something in the DNS.
I can't tell jet. 

> 
> I don’t know how to tell if I’m using talloc/tdb from Samba 
> source or from the OS. I believe it’s from source because I 
> always compile on a new, clean system and I don’t install any 
> talloc/tdb or samba packages to prepare the system for compile.
> 
> I’ve checked versions as you’ve requested. This version list 
> is from DC4, with your packages.
> 
> ubuntu at dc4:~$ dpkg -l |egrep 
> "samba|winbin|?db|tevent|talloc|nss|wrapper"
> ii  dbus                                  1.12.2-1ubuntu1     
>               amd64        simple interprocess messaging 
> system (daemon and utilities)
> .... Shorted this a bit. 
> 2018.05.09-0ubuntu1~18.04.1       all          wireless 
> regulatory database
> 

This looks ok. 

> 
> This is from DC5 with my packages. You’ll note that this list 
> shows "samba-common   2:4.3.11+dfsg-0ubuntu0.16.04.12” but 
> this is only the folder structure and file structure created 
> by 4.3.11 Ubuntu package. I found out the hard way that if I 
> purge that package, it deletes my entire /var/lib/samba 
> directory, so I had to re-build one of my DC’s from scratch. :(

Au, yes, the other option was to run : apt dist-upgrade 
What should have upgraded that package. 
Hard, but this way we learn quicker, and.. I know you feeling ;-) 


> ==
> ubuntu at dc5:~$ dpkg -l |egrep 
> "samba|winbin|?db|tevent|talloc|nss|wrapper"
> ii  dbus                                  1.10.6-1ubuntu3.3   
>                        amd64        simple interprocess 
....
> 2018.05.09-0ubuntu1~16.04.1                all          
> wireless regulatory database

Here also left overs. In samba packages. 
The sources build does include tallec/tevent/tdb/ldb so you dont see these in the list. 
And i dont know how you create your samba 4.9.3 package so this is a bit hard to tell. 

I suggest, 
Stop samba, backup you /var/{lib,cache}/samba/  and /etc/samba 
apt remove --purge samba-common samba --autoremove 
And install the 4.9.3 back. 
Or, upgrade to ubuntu 18.04 and setup my 4.9 repo. 
Or use my repo and rebuild the packages for your own. 



Greetz, 

Louis


> 
> > On Apr 29, 2019, at 12:37 AM, L.P.H. van Belle via samba 
> <samba at lists.samba.org> wrote:
> > 
> > Hai, 
> > 
> > I snapped this part of you logs. 
> > 
> >>  Successful AuthZ: [DCE/RPC,krb5] user [COMPANY]\[DC6$] 
> [S-1-5-21-2660373802-310620142-1895175072-6626] at [Fri, 26 
> Apr 2019 10:16:20.224329 PDT] Remote host 
> [ipv4:10.14.16.11:35006] local host [ipv4:10.12.16.11:49153]
> >> [2019/04/26 10:16:23.503632,  0] 
> ../../source4/lib/cmdline/popt_common.c:74(popt_s4_talloc_log_fn)
> >>  Bad talloc magic value - unknown value
> >> [2019/04/26 10:16:23.503698,  0] 
> ../../lib/util/fault.c:128(smb_panic_default)
> >>  smb_panic_default: PANIC (pid 8888): Bad talloc magic 
> value - unknown value
> >> [2019/04/26 10:16:23.505811,  0] 
> ../../lib/util/fault.c:261(log_stack_trace)
> >>  BACKTRACE: 50 stack frames:
> >>   #0 
> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0
> x30) [0x7fe1294e7ba0]
> >>   #1 
> /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x4b) 
> [0x7fe1294e7cab]
> >>   #2 
> /usr/lib/x86_64-linux-gnu/libtalloc.so.2(talloc_strdup+0x305) 
> [0x7fe127677d15]
> >>   #3 /usr/lib/x86_64-linux-gnu/libldb.so.1(+0x15f4f) 
> [0x7fe12724bf4f]
> >>   #4 
> /usr/lib/x86_64-linux-gnu/ldb/modules/ldb/samba/objectclass_at
> trs.so(+0x2461) [0x7fe10fd6f461]
> >> .
> >> .
> >> .
> >> [2019/04/26 10:37:29.854836,  0] 
> ../../source4/smbd/process_standard.c:160(standard_child_pipe_handler)
> >>  standard_child_pipe_handler: Child 9937 (kcc) terminated 
> with signal 6
> >> 
> >> ===
> >> This last line about (kcc) terminated may hold more clues
> > 
> > 
> > Yes, not only the last line, this complete part, this is an 
> ubuntu server and debian/ubuntu these kind of errors.. 
> > Well, thats long ago that i have seen things like that. 
> > Anf because of that i can see im 90% sure your problem is 
> due to the DNS setup. 
> > 
> > If its wrong packages, based on this, that post the 
> requested package version info, i'll check. 
> >> Bad talloc magic value - unknown value	
> > which version of talloc is used/installed? 
> > 
> > And to be sure, run this.
> > Run : dpkg -l |egrep "samba|winbin|?db|tevent|talloc|nss|wrapper"
> > 
> > And post it on the list. 
> > 
> > Now going through the logs i noticed that. 
> > 
> > 
> > 10.14.16.11, the problem ip is a DC and the DC's are NOT 
> supported in bind9_flat files. 
> > 
> > 
> >> Successful AuthZ: [DCE/RPC,krb5] user [COMPANY]\[DC6$] 
> [S-1-5-21-2660373802-310620142-1895175072-6626] at [Fri, 26 
> Apr 2019 10:16:20.224329 PDT] Remote host 
> [ipv4:10.14.16.11:35006] local host [ipv4:10.12.16.11:49153]
> > 	Line 855: >>  forwarders { 10.14.16.11; 10.14.16.12; };
> > 
> > zone "sql01.company.tld" {
> >>> type forward;
> >>> 
> >>> forwarders { 10.14.16.11; 10.14.16.12; };
> >>> 
> >>> };
> > 
> >>> zone "14.10.in-addr.arpa" {
> >>> type forward;
> >>> 
> >>> forwarders { 10.14.16.11; 10.14.16.12; };
> >>> 
> >>> };
> > 
> > So basicly, for every zone where you use samba AD, these 
> must be in bind_DLZ and not in flat files. 
> > 
> > Review you setup base on this, and if you have question ask again. 
> > 
> > Greetz, 
> > 
> > Louis
> > 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list