[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Stefan G. Weichinger
lists at xunil.at
Thu Nov 24 09:05:51 UTC 2022
Am 24.11.22 um 10:01 schrieb Michael Tokarev:
> 24.11.2022 11:46, Stefan G. Weichinger via samba wrote:
>
>> Hm, I see it in ps:
>>
>> # ps axf | egrep "winbindd"
>> 5281 pts/0 S+ 0:00 \_ grep -E winbindd
>> 5153 ? S 0:00 | \_ samba: task[winbindd] pre-fork
>> master
>> 5159 ? Ss 0:00 | \_ /usr/sbin/winbindd -D
>> --option=server role check:inhibit=yes --foreground
>> 5186 ? S 0:00 | \_ winbindd: domain
>> child [ARBEITSGRUPPE]
>
> There's no idmap child in there. There should be 3 of them
> (also domain child {builtin]);
ok, I see
>> above that nothing special, just reading config and binding to eno1
>> and lo
>
> Nope, That wont work, unfortunately. It dies on me for an ad dc
> configuration
> because OTHER parts of samba is not running. It can't be debugged like
> this.
> My suggestion was completely wrong - including the hammer one.
ah ...
> Does anyone know how to debug this beast?
>
> It doesn't log anything interesting when it fails, and it can't be started
> manually without all the other parts of samba either.
>
> Replacing /usr/sbin/winbindd with a wrapper script which runs winbindd
> under
> strace? Is there other way?
>
> ..
>> I will try that hammer in a moment, after sending this.
>
> Nope. Please excuse me for this wrong suggestion. It wont work.
No problem, I appreciate your help.
I'd be happy to help spotting the issue .. but maybe I should start over
by manually demoting the dc again?
For now the domain seems to work fine with adc2 active ... but I should
maybe get adc1 up and synced again in the next hours.
there seem to be more issues on adc1, very likely related to my flaky
demoting/rejoining:
# tail log.samba
[2022/11/24 10:02:49.258482, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2022/11/24 10:02:49.345700, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2022/11/24 10:02:49.710229, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2022/11/24 10:02:56.893658, 1]
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
dns_server_process_query_got_auth: Failed to add SOA record:
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
[2022/11/24 10:02:57.742230, 1]
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
dns_server_process_query_got_auth: Failed to add SOA record:
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
More information about the samba
mailing list