[Samba] Recently joined RODC looses machine accounts
Rowland Penny
rpenny at samba.org
Fri Dec 6 12:20:51 UTC 2024
On Fri, 6 Dec 2024 12:29:03 +0100
Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> Il 06/12/24 10:45, Rowland Penny via samba ha scritto:
> > On Fri, 6 Dec 2024 10:19:31 +0100
> > Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> >
> >> But the machine accoounts are not completely lost, they seem lost
> >> if i query the Read Only DC, when i query some of the other DC the
> >> machine accounts result ok.
> >>
> >> I'have found that restarting winbind seems to solve the problem but
> >> only for some short time. So i set up a testing script that checks
> >> join every 5 minutes and eventually restarts winbind.
> >>
> >> The output is this:
> >> [Thu 05 Dec 2024 03:40:02 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:45:01 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:50:03 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:55:01 PM CET] - Not joined - restart winbind
> >> [Thu 05 Dec 2024 04:00:02 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:05:03 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:10:01 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:15:02 PM CET] - Not joined - restart winbind
> >>
> >
> > So, AD doesn't loose the clients, it is the clients that loose AD.
> >
> > Try adding 'winbind refresh tickets = yes' to the clients smb.conf
> > file and restarting Samba.
> >
>
> I added winbind refresh tickets = yes and restarted samba, smbd and
> winbind. But nothing seems to change.
If you are starting the 'samba', 'smbd' and 'winbindd' binaries, then
something is very wrong.
You only start the 'samba' binary on a Samba AD DC, this will then
start the other required binaries.
On a Samba Unix domain member, you only start the 'smbd' and 'winbindd'
binaries (you can optionally start 'nmbd' as well if you require SMBv1).
>
> [Fri 06 Dec 2024 11:45:01 AM CET] - Join is OK
> [Fri 06 Dec 2024 11:50:02 AM CET] - Join is OK
> [Fri 06 Dec 2024 11:55:03 AM CET] - Join is OK
> [Fri 06 Dec 2024 12:00:03 PM CET] - Join is OK
> [Fri 06 Dec 2024 12:05:02 PM CET] - Not joined - restart winbind
> [Fri 06 Dec 2024 12:10:02 PM CET] - Join is OK
> [Fri 06 Dec 2024 12:15:02 PM CET] - Not joined - restart winbind
> [Fri 06 Dec 2024 12:20:06 PM CET] - Join is OK
>
>
> I also noticed that in log: log.wb-INTRA these entries.
> The "No server for domain .... available in site ..." at winbind
> restart.
>
> [2024/12/06 12:05:04.722326, 1, traceid=1]
> source3/libsmb/namequery.c:3487(get_sorted_dc_list)
> get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT'
> available in site 'PSN', fallback to all servers [2024/12/06
> 12:05:08.142492, 1, traceid=1]
> lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) ldb: Unable to open tdb
> '/var/lib/samba/private/secrets.ldb': No such file or directory
I think this is because it is an RODC, but is the RODC using itself as
its first nameserver ?
You will probably get more in the logs if you raise the log level in
smb.conf on the RODC, try '4'
Rowland
More information about the samba
mailing list