[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Stefan G. Weichinger
lists at xunil.at
Wed Nov 30 12:01:55 UTC 2022
Am 30.11.22 um 12:37 schrieb Rowland Penny via samba:
>> Last week there were numerous DNS-records added: one per VLAN ...
>> maybe that is a problem, I removed them last week to run the DC in
>> plain VLAN1= LAN only.
>
> What are the VLANs for and what do they have to do with the DC ?
The 2 servers also are isc-kea-dhcp servers for these VLANs, so I had to
add interfaces for that.
But I bound samba to eno1 now again. VLANs out of the game, I assume.
>> I assume I should add that binding-config to adc1 as well.
>>
>>> You could try adding:
>>>
>>> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
>>>
>>> to the DC's smb.conf and then restart Samba.
>>
>> Can do, have to check with the customer first: breaking the DNS as
>> before isn't good while people are working.
>>
>
> The samba_dnsupdate python script is run by a DC at startup and then
> every 10 minutes, it adds any missing AD dns records and there are quite
> a few missing from a newly joined DC. You can see the records that are
> added here:
>
> /var/lib/samba/private/dns_update_list
>
> There can be a problem with the ticket, but, by using samba-tool, this
> can be got around.
Let me add good news:
I think I made progress. As usual it was my mistake (mostly).
It seems I misunderstood how to use backports: I had only installed
samba-related packages from backports, but never ran something like
apt-get dist-upgrade -t bullseye-backports
so there were packages related and/or required that were still missing.
Stupid mistake?
# apt-get upgrade -t bullseye-backports
Paketlisten werden gelesen… Fertig
Abhängigkeitsbaum wird aufgebaut… Fertig
Statusinformationen werden eingelesen… Fertig
Paketaktualisierung (Upgrade) wird berechnet… Fertig
Die folgenden Pakete sind zurückgehalten worden:
libpam-systemd libsystemd0 linux-image-amd64 systemd tmux
Die folgenden Pakete werden aktualisiert (Upgrade):
bind9-host curl e2fsprogs git git-man init init-system-helpers
iproute2 less libbpf0 libcom-err2 libcurl3-gnutls libcurl4 libelf1
libext2fs2 libldap-2.4-2 libldap-common libpcap0.8 libss2 libudev1
libwbclient0 linux-libc-dev logsave man-db manpages-de
monit nmap nmap-common python3-gi rsync rsyslog rsyslog-gnutls
systemd-sysv tcpdump udev
( I also ran "dist-upgrade" to get even the 5 missing packages up to date).
After this I have a working wbinfo:
# wbinfo -t
checking the trust secret for domain ARBEITSGRUPPE via RPC calls succeeded
# wbinfo -p
Ping to winbindd succeeded
*phew*
DNS works after re-adding the dns forwarders to that minimal smb.conf
-
The only thing:
"samba-tool drs showrepl" looks good on adc1, but on adc2 there are
still lines like:
DSA object GUID: 0b67bcba-16f6-43ec-8856-2097311f4f57
Last attempt @ Wed Nov 30 12:56:42 2022 CET failed, result 31
(WERR_GEN_FAILURE)
14 consecutive failure(s).
I expect these to disappear soon, at least I have seen it "fix itself" a
few times already (some object gets renewed or ... ?).
Or do I have to do something else?
-
Additionally I have to think about the sysvol-replication: I am still
with one-way-rsync .. dangerous now that I made adc2 the FSMO-roles-owner.
-
Now that was another adventure ...
I hope I am on the right track now.
thanks all, sorry for the noise.
More information about the samba
mailing list