[Samba] cant start bind9 after dc upgrade 4.17 > 4.18

Rowland Penny rpenny at samba.org
Sat Jul 22 06:27:22 UTC 2023 


On 22/07/2023 07:09, Fabrizio Rompani via samba wrote:
> hi, thank's for the reply .
> 
> yes , there're 2 interfaces.
> But afaik only eth1 should listen:

You might want to tell Bind9 that, it is listening on both interfaces 
and if the actual address block is 192.168.8.0/24, then I would expect 
the reversezone to be this:

8.168.192.in-addr.arpa

> 
> 
> my smb.conf
> # Global parameters
> [global]
>          interfaces = eth1
>          netbios name = DC-CLOUD
>          realm = WDC.[DOMAIN].IT
>          server role = active directory domain controller
>          workgroup = [WG]
>          server services = -dns
> 
>          log file = /var/log/samba/%m.log
>          log level = 3
> 
>          dns forwarder = 9.9.9.9

The 'dns forwarder' line is not used if you are not using the Samba 
internal dns server.

> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> [netlogon]
>          path = /var/lib/samba/sysvol/wdc.[DOMAIN].it/scripts
>          read only = No
> ~
> 
> 
> anyway I SOLVED the original issue adding new dns record as suggested  (many thank's)
> 
> Now, I just have this NOTE and WARNING that  dbcheck --fix, actually  wont fix!
> 
> are they relevant?
> thanks
> 
> 
> 
> on dc-lan:
> 
> root at dc-lan:~# samba-tool dbcheck --cross-ncs
> Checking 3799 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=d2f4e4ba-73cb-455c-be5c-0003b4cf89cb\0ADEL:47ca39e1-c155-4d5f-9218-312fc7bd3dea,CN=Deleted Objects,CN=Configuration,DC=wdc,DC=[DOM],DC=it - CN=NTDS Settings,CN=DC-LAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wdc,DC=[DOM],DC=it
> Not fixing old string component
> 
> 
> on dc-cloud:
> 
> root at dc-cloud:~# samba-tool dbcheck --cross-ncs
> Checking 3799 objects
> NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=d2f4e4ba-73cb-455c-be5c-0003b4cf89cb\0ADEL:47ca39e1-c155-4d5f-9218-312fc7bd3dea,CN=Deleted Objects,CN=Configuration,DC=wdc,DC=[DOM],DC=it - CN=NTDS Settings,CN=DC-LAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wdc,DC=[DOM],DC=it
> Not fixing old string component
> WARNING: target DN is deleted for msDS-NC-Replica-Locations in object CN=d507d031-d5ed-4a17-aa59-fe402d421657,CN=Partitions,CN=Configuration,DC=wdc,DC=[DOM],DC=it - <GUID=556c12ac-ca45-40c7-8b53-3025e0d033da>;<RMD_ADDTIME=133023728930000000>;<RMD_CHANGETIME=133023728930000000>;<RMD_FLAGS=0>;<RMD_INVOCID=d47796f9-1336-49b3-b872-f08a25c4373b>;<RMD_LOCAL_USN=3893>;<RMD_ORIGINATING_USN=3942>;<RMD_VERSION=1>;CN=NTDS Settings,CN=DC-LAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wdc,DC=[DOM],DC=it
> Target GUID points at deleted DN 'CN=NTDS Settings\\0ADEL:556c12ac-ca45-40c7-8b53-3025e0d033da,CN=DC-LAN\\0ADEL:39be7509-8389-47ea-afba-1bb1c640e574,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wdc,DC=[DOM],DC=it'
> Not removing
> 

That appears to be a tombstoned object, see:

samba-tool domain tombstones expunge --help

For more information on how to remove them.

Rowland

More information about the samba mailing list