[Samba] samba-tool hangs on one dc
Thomas Schachtner
Thomas.schachtner at eltheim.de
Tue Nov 21 22:47:31 UTC 2023
>> -----Original Message-----
>> From: samba <samba-bounces at lists.samba.org> On Behalf Of Thomas
>> Schachtner via samba
>> Sent: Tuesday, November 21, 2023 9:16 AM
>> To: samba at lists.samba.org
>> Subject: [Samba] samba-tool hangs on one dc
>>
>> Hello,
>>
>> since some time (I don't remember since when) I have a strange phenomenon
>> with one of my two samba4 DCs.
>> Both dc1 and dc2 seem to run pretty fine and when working with Windows, I
>> do not see any issues.
>>
>> But when issuing the following command on dc1, the command does not
>> return but seems to be stuck.
>>
>> samba-tool drs showrepl
>>
>> When issuing the same command on dc2, it takes a second or so and the result
>> is printed on the screen.
>> The same with other commands like "samba-tool dns add"
>>
>> I already checked the samba log files, but I did not find any log entry.
>>
>> I know that it is difficult to provide a solution for a problem that is described so
>> poorly, but I don't know how to further debug it.
>> Any hints on how to move forward here and/or how to get more information?
>>
>> The output of samba-tool drs showrepl on dc2 does not show issues,
>> regardless of which dc is replicated to which one (i.e. dc1 to tc2 or vice-versa).
>> When executing repadmin /replsummary on a Windows client, also no errors
>> are shown.
>>
>> Here's the output:
>>
>> root at dc2:/var/lib/samba# samba-tool drs showrepl
>> Default-First-Site-Name\DC2
>> DSA Options: 0x00000001
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>
>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>
>> CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>
>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>
>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ Tue Nov 21 12:26:25 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:26:25 2023 CET
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC1 via RPC
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
>> Enabled : TRUE
>> Server DNS name : dc1.local.example.de
>> Server DN name : CN=NTDS
>> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> Now, after 10 minutes or so, also dc1 finished the command.
>> Here's the result:
>>
>> root at dc1:~# samba-tool drs showrepl
>> Default-First-Site-Name\DC1
>> DSA Options: 0x00000001
>> DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
>> DSA invocationId: a1e3fc90-833a-476e-8c8a-0753b5593ae3
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ Tue Nov 21 12:41:42 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:41:42 2023 CET
>>
>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>
>> CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>
>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ Tue Nov 21 12:41:43 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:41:43 2023 CET
>>
>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ Tue Nov 21 12:41:41 2023 CET was successful
>> 0 consecutive failure(s).
>> Last success @ Tue Nov 21 12:41:41 2023 CET
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=local,DC=example,DC=de
>> Default-First-Site-Name\DC2 via RPC
>> DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
>> Last attempt @ NTTIME(0) was successful
>> 0 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 85d23471-63cd-4bf1-9238-1ea493d07a95
>> Enabled : TRUE
>> Server DNS name : dc2.local.example.de
>> Server DN name : CN=NTDS
>> Settings,CN=DC2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>>
>>
>> Both servers (Ubuntu Server) have the latest updates installed.
>> The samba version is 4.15.13-Ubuntu.
>>
>> What could be the reason why one dc takes so long with samba-tool
>> commands while the other one is much faster?
>>
>> Best
>> Tom
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
> I've experienced this before and it's usually transient. If you want to see where in the process it's hanging, you can increase the debug level to something like 5.
>
> samba-tool drs showrepl -d 5
>
>
on dc1 (not working dc), the following is shown:
root at dc1:/etc/bind# samba-tool drs showrepl -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc1.local.example.de[,seal]
Mapped to DCERPC endpoint 135
added interface ens33 ip=**masked**::5 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**:20c:29ff:fea5:e081 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.5 bcast=192.168.178.255
netmask=255.255.255.0
added interface ens33 ip=**masked**::5 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**:20c:29ff:fea5:e081 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.5 bcast=192.168.178.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
dc1.local.example.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Mapped to DCERPC endpoint 49153
added interface ens33 ip=**masked**::5 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**:20c:29ff:fea5:e081 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.5 bcast=192.168.178.255
netmask=255.255.255.0
added interface ens33 ip=**masked**::5 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**:20c:29ff:fea5:e081 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.5 bcast=192.168.178.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
dc1.local.example.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 328
Timed out smb_krb5 packet
Timed out smb_krb5 packet
Received smb_krb5 packet of length 186
[hanging]
On dc2, the following is shown:
root at dc2:/etc/bind# samba-tool drs showrepl -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc2.local.example.de[,seal]
Mapped to DCERPC endpoint 135
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
dc2.local.example.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Mapped to DCERPC endpoint 49153
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
dc2.local.example.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 328
Received smb_krb5 packet of length 186
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
added interface ens33 ip=**masked**::8 bcast= netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=**masked**::ff:bd bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface ens33 ip=**masked**:20c:29ff:fec8:2158 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface ens33 ip=192.168.178.8 bcast=192.168.178.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
dc2.local.example.de<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for DC2$@LOCAL.EXAMPLE.DE will expire in 36000 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: e4cf97f3-ad31-4a1d-bb3d-00a0db86e6a8
DSA invocationId: 0e649cb7-efc8-47ad-a841-4453973dbcec
==== INBOUND NEIGHBORS ====
DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ Tue Nov 21 23:36:10 2023 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 21 23:36:10 2023 CET
CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ Tue Nov 21 23:36:10 2023 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 21 23:36:10 2023 CET
CN=Configuration,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ Tue Nov 21 23:36:10 2023 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 21 23:36:10 2023 CET
DC=DomainDnsZones,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ Tue Nov 21 23:36:10 2023 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 21 23:36:10 2023 CET
DC=ForestDnsZones,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ Tue Nov 21 23:36:10 2023 CET was successful
0 consecutive failure(s).
Last success @ Tue Nov 21 23:36:10 2023 CET
==== OUTBOUND NEIGHBORS ====
DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=local,DC=example,DC=de
Default-First-Site-Name\DC1 via RPC
DSA object GUID: 4872003f-2bd7-4393-9eed-1ceaeecf92eb
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 138dbf8f-16ef-406e-87aa-72a25b4e03b6
Enabled : TRUE
Server DNS name : dc1.local.example.de
Server DN name : CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=local,DC=example,DC=de
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
The difference betwenn the two are the following lines:
dc1:
Received smb_krb5 packet of length 328
Timed out smb_krb5 packet
Timed out smb_krb5 packet
Received smb_krb5 packet of length 186
dc2:
Received smb_krb5 packet of length 328
Received smb_krb5 packet of length 186
Does that mean that I have a kerberos problem?
Best
Tom
More information about the samba
mailing list