[Samba] samba-check-db-repl failure email

L.P.H. van Belle belle at bazuin.nl
Mon Jul 13 07:43:54 UTC 2020 

This should not be a problem. but this was part/left over of the problem you faced friday. 

On DC1, the PTR was "somehow" deleted (whole zone was gone), at least looks like it. "CN=DELETED OBJECTS " is the trashcan in AD. 
Just verify if for both the DC's the A and PTR records are working, but that looked ok. 

The due above, somehow on DC2, the server is placed in  CN=LOSTANDFOUND, because it lots the context of the object.
When an object in AD is unknown its placed in LostAndFound. 
I'll see if i can add this in as filter to skip the deleted objects. 
 
samba-tool dbcheck --cross-nc --fix  can remove these or 
 
After the fix, just to be sure do one extra check on A/PTR records. (NS/SOA aslo) 
 
Your AD is not that big yet, i suggest you run: 
sudo samba-tool dns query dc1 $(hostname -d) @ ALL -U administrator
That shows all records in the zone. 

And look at the records, and same for the PTR records.
 sudo samba-tool dns query rtd-dc1 0.168.192.in-addr.arpa @ ALL -U administrator
 
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Might be handy also if you hit strange things. 
 


Greetz, 
 
Louis
 
 


Van: Robert E. Wooden [mailto:bob at donelsontrophy.com] 
Verzonden: vrijdag 10 juli 2020 23:46
Aan: samba at lists.samba.org
CC: L.P.H. van Belle
Onderwerp: samba-check-db-repl failure email




If I run Louis' "samba-check-db-repl.sh" script and it does not send an email then this is a "no news is good news" situation, I am assuming.

DC1 sends no email.

DC2 sends this:

ERROR: Compare failed: -1 * Comparing [DOMAIN] context... * Objects to be compared: 287 * Result for [DOMAIN]: SUCCESS * Comparing [CONFIGURATION] context... * Objects to be compared: 1619 * Result for [CONFIGURATION]: SUCCESS * Comparing [SCHEMA] context... * Objects to be compared: 1550 * Result for [SCHEMA]: SUCCESS * Comparing [DNSDOMAIN] context... * DNs found only in ldap://dc1.subdom.example.com: DC=41,DC=0.168.192.IN-ADDR.ARPA\0ADEL:B1A7AF97-A3C9-44EC-A846-99CBC6236E41,CN=DELETED OBJECTS,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com * DNs found only in ldap://dc2.subdom.example.com: DC=41,CN=LOSTANDFOUND,DC=DOMAINDNSZONES,DC=subdom,DC=example,DC=com * Objects to be compared: 59 * Result for [DNSDOMAIN]: FAILURE SUMMARY --------- * Comparing [DNSFOREST] context... * Objects to be compared: 22 * Result for [DNSFOREST]: SUCCESS "LOSTANDFOUND"!!!!!? 

-- Bob Wooden

More information about the samba mailing list