[Samba] AD DC with log errors when sysvol replication is run
Peter Milesson
miles at atmos.eu
Fri Apr 9 14:42:40 UTC 2021
Oops, wrong address. Here is the answer to the list.
On 2021-04-09 16:25, Peter Milesson wrote:
> Hi Louis,
>
> Below is the output from both DCs.
>
> Thanks for your help.
>
> Best regards,
>
> Peter
>
> On 2021-04-09 15:49, L.P.H. van Belle via samba wrote:
>> Can you post the resolv.conf of both servers?
>> and/or run this script, anonymize it and post it.
>>
>> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
>>
>>
>> That will show me or Rowland almost all we need to know.
>>
>> Greetz,
>>
>> Louis
>>
>>
>
> First DC
> ======
>
> Collected config --- 2021-04-09-16:00 -----------
>
> Hostname: dc1
> DNS Domain: mydom.local
> FQDN: dc1.mydom.local
> ipaddress: 172.16.10.100
>
> -----------
>
> Kerberos SRV _kerberos._tcp.mydom.local record verified ok, sample
> output:
> Server: 172.16.10.100
> Address: 172.16.10.100#53
>
> _kerberos._tcp.mydom.local service = 0 100 88 dc1.mydom.local.
> _kerberos._tcp.mydom.local service = 0 100 88 dc2.mydom.local.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> NAME="CentOS Linux"
> VERSION="7 (Core)"
> ID="centos"
> ID_LIKE="rhel fedora"
> VERSION_ID="7"
> PRETTY_NAME="CentOS Linux 7 (Core)"
> ANSI_COLOR="0;31"
> CPE_NAME="cpe:/o:centos:centos:7"
> HOME_URL="https://www.centos.org/"
> BUG_REPORT_URL="https://bugs.centos.org/"
>
> CENTOS_MANTISBT_PROJECT="CentOS-7"
> CENTOS_MANTISBT_PROJECT_VERSION="7"
> REDHAT_SUPPORT_PRODUCT="centos"
> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>
> -----------
>
>
> This computer is running an unknown distribution x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:16:3e:62:16:ff brd ff:ff:ff:ff:ff:ff
> inet 172.16.10.100/24 brd 172.16.10.255 scope global noprefixroute
> eth0
> inet6 fe80::216:3eff:fe62:16ff/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> ::1 localhost
> 172.16.10.100 dc1.mydom.local dc1
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> # Generated by NetworkManager
> search mydom.local
> nameserver 172.16.10.100
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = MYDOM.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Valid entries include:
> #
> # nisplus Use NIS+ (NIS version 3)
> # nis Use NIS (NIS version 2), also called YP
> # dns Use DNS (Domain Name Service)
> # files Use the local files
> # db Use the local database (.db) files
> # compat Use NIS on compat mode
> # hesiod Use Hesiod for user lookups
> # [NOTFOUND=return] Stop searching if not found so far
> #
>
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd: db files nisplus nis
> #shadow: db files nisplus nis
> #group: db files nisplus nis
>
> #passwd: files sss
> passwd: files winbind
> shadow: files sss
> #group: files sss
> group: files winbind
> #initgroups: files sss
>
> #hosts: db files nisplus nis dns
> hosts: files dns myhostname
>
> # Example - obey only what nisplus tells us...
> #services: nisplus [NOTFOUND=return] files
> #networks: nisplus [NOTFOUND=return] files
> #protocols: nisplus [NOTFOUND=return] files
> #rpc: nisplus [NOTFOUND=return] files
> #ethers: nisplus [NOTFOUND=return] files
> #netmasks: nisplus [NOTFOUND=return] files
>
> bootparams: nisplus [NOTFOUND=return] files
>
> ethers: files
> netmasks: files
> networks: files
> protocols: files
> rpc: files
> services: files sss
>
> netgroup: nisplus sss
>
> publickey: nisplus
>
> automount: files nisplus sss
> aliases: files nisplus
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = DC1
> realm = MYDOM.LOCAL
> server role = active directory domain controller
> workgroup = MYDOM
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 192.168.0.221
> dns zone scavenging = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/mydom.local/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
>
> BIND_DLZ not detected in smb.conf
>
> -----------
>
> Installed packages:
>
>
> -----------
>
>
> Second DC
> =========
>
>
> Collected config --- 2021-04-09-16:05 -----------
>
> Hostname: dc2
> DNS Domain: mydom.local
> FQDN: dc2.mydom.local
> ipaddress: 172.16.10.10
>
> -----------
>
> Kerberos SRV _kerberos._tcp.mydom.local record verified ok, sample
> output:
> Server: 172.16.10.10
> Address: 172.16.10.10#53
>
> _kerberos._tcp.mydom.local service = 0 100 88 dc1.mydom.local.
> _kerberos._tcp.mydom.local service = 0 100 88 dc2.mydom.local.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.9 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> group default qlen 1000
> link/ether 00:16:3e:4f:72:d9 brd ff:ff:ff:ff:ff:ff
> inet 172.16.10.10/24 brd 172.16.10.255 scope global eth0
> inet6 fe80::216:3eff:fe4f:72d9/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 172.16.10.10 dc2.mydom.local dc2
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> search mydom.local
> nameserver 172.16.10.10
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = MYDOM.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed,
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = DC2
> realm = MYDOM.LOCAL
> server role = active directory domain controller
> workgroup = MYDOM
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 192.168.0.221
>
> [netlogon]
> path = /var/lib/samba/sysvol/mydom.local/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
>
> BIND_DLZ not detected in smb.conf
>
> -----------
>
> Installed packages:
> ii acl 2.2.53-4 amd64 access
> control list - utilities
> ii attr 1:2.4.48-4 amd64 utilities for
> manipulating filesystem extended attributes
> ii krb5-config 2.6 all Configuration
> files for Kerberos Version 5
> ii krb5-locales 1.17-3+deb10u1 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3+deb10u1 amd64 basic programs
> to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64 access
> control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute
> handling - shared library
> ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 MIT
> Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 MIT
> Kerberos runtime libraries - Support library
> ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> shared library for communication with SMB/CIFS servers
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii smbclient 2:4.9.5+dfsg-5+deb10u1 amd64
> command-line SMB/CIFS clients for Unix
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from Windows NT servers
>
> -----------
>
>
More information about the samba
mailing list