[Samba] Recently joined RODC looses machine accounts

Mitja Tavčar mitja at mttv.it
Fri Dec 6 11:29:03 UTC 2024


Il 06/12/24 10:45, Rowland Penny via samba ha scritto:
> On Fri, 6 Dec 2024 10:19:31 +0100
> Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> 
>> But the machine accoounts are not completely lost, they seem lost if
>> i query the Read Only DC, when i query some of the other DC the
>> machine accounts result ok.
>>
>> I'have found that restarting winbind seems to solve the problem but
>> only for some short time. So i set up a testing script that checks
>> join every 5 minutes and eventually restarts winbind.
>>
>> The output is this:
>> [Thu 05 Dec 2024 03:40:02 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:45:01 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:50:03 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:55:01 PM CET] - Not joined - restart winbind
>> [Thu 05 Dec 2024 04:00:02 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:05:03 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:10:01 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:15:02 PM CET] - Not joined - restart winbind
>>
> 
> So, AD doesn't loose the clients, it is the clients that loose AD.
> 
> Try adding 'winbind refresh tickets = yes' to the clients smb.conf file
> and restarting Samba.
> 

I added winbind refresh tickets = yes and restarted samba, smbd and winbind.
But nothing seems to change.

[Fri 06 Dec 2024 11:45:01 AM CET] - Join is OK
[Fri 06 Dec 2024 11:50:02 AM CET] - Join is OK
[Fri 06 Dec 2024 11:55:03 AM CET] - Join is OK
[Fri 06 Dec 2024 12:00:03 PM CET] - Join is OK
[Fri 06 Dec 2024 12:05:02 PM CET] - Not joined - restart winbind
[Fri 06 Dec 2024 12:10:02 PM CET] - Join is OK
[Fri 06 Dec 2024 12:15:02 PM CET] - Not joined - restart winbind
[Fri 06 Dec 2024 12:20:06 PM CET] - Join is OK


I also noticed that in log: log.wb-INTRA  these entries.
The "No server for domain .... available in site ..." at winbind restart.

[2024/12/06 12:05:04.722326,  1, traceid=1] source3/libsmb/namequery.c:3487(get_sorted_dc_list)
   get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT' available in site 'PSN', fallback to all servers
[2024/12/06 12:05:08.142492,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
[2024/12/06 12:05:08.142531,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or 
directory
[2024/12/06 12:05:34.401421,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
[2024/12/06 12:05:34.401456,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or 
directory
[2024/12/06 12:15:02.199866,  1, traceid=1] source3/libsmb/namequery.c:3487(get_sorted_dc_list)
   get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT' available in site 'PSN', fallback to all servers
[2024/12/06 12:15:02.458944,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
[2024/12/06 12:15:02.458974,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or 
directory
[2024/12/06 12:15:03.894741,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
[2024/12/06 12:15:03.894769,  1, traceid=1] lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or 
directory



-- 
Mitja Tavčar



-- 
Mitja Tavčar




More information about the samba mailing list