[Samba] Debugging Samba is a total PITA and this needs to improve

L.P.H. van Belle belle at bazuin.nl
Wed May 22 08:29:49 UTC 2019 

 Hai Sven,


> -----Oorspronkelijk bericht-----
> Van: Sven Schwedas [mailto:sven.schwedas at tao.at] 
> Verzonden: dinsdag 21 mei 2019 17:43
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Debugging Samba is a total PITA and 
> this needs to improve
> 
> On 21.05.19 16:23, L.P.H. van Belle wrote:
> > Sven,
> > 
> > Fist fix the smb.conf as i suggested, cap and non caps 
> where it should be. 
> 
> As I understand, I can just drop netbios name settings anyway?
Yes, then it does take the hostname. Just be warned, that in such cases the hostname max lenght is 15 chars. 
And it must comply to the netbios nameing rules. 
Thats why i preffer to set it in the smb.conf. 

> 
> > Fix krb5.conf 
> 
> On the member server, or on the DCs too?
All servers! 

> 
> > Then how many DC's are you having? 
> 
> The four I provided logs for.
> 
> >> So, could somebody maybe help with the 
> NT_STATUS_INTERNAL_DB_CORRUPTION
> >> / DRS replication issue? Or will it be easier to just demote 
> >> the DC and provision a new one?
> > 
> > Are all DC's having problem, if the DC with FSMO does not 
> have problems. 
> > 
> https://wiki.samba.org/index.php/Manually_Replicating_Director
> y_Partitions
> 
> NT_STATUS_INTERNAL_DB_CORRUPTION and the logon issues happens on
> villach-dc-bis; FSMO holder would be graz-dc-sem, that one looks
> good-ish as far as I can tell.

Ok so most probely only villach-dc-bis. 

You need to verify all GUID of the DC's. ( and A/PTR/CNAME records ) 
ldbsearch -H /var/lib/samba/private/sam.ldb '(fromServer=*CN=Windows-DC*)' --cross-ncs dn

Once you have these of all DC's. 
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting 
See:
Samba INTERNAL_DNS Back End - Troubleshooting
BIND9_DLZ DNS Back End - Troubleshooting
I forgot which one you used. 

Then lookup the zone:  _msdcs and verify the GUID there, villach-dc-bis probely incorrect, 
at least look like it thats your problem.

https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Do this on every AD-DC server for every AD-DC, verify all A/PTR and GUID(CNAME) records. 

And most probely one server is 100% correct, execpt the GUID(CNAME) of the villach-dc-bis. 
Fix it on that server, then full replicate the DB again to the failty server. 
Then thats done, reboot the server, no.. Not stop start samba, reboot it.
Then wait 15 min. And re-check your replication. 


Greetz, 

Louis

More information about the samba mailing list