[Samba] Failed to fetch machine account password for MYDOMAIN from both secrets.ldb
Luis Peromarta
lperoma at icloud.com
Sun Jun 23 15:53:51 UTC 2024
So I have re-checked all DNS entries, all look perfectly fine to me.
I’ve tailed the log in the first DC as the second tries to join, I think there may be a database error somewhere.
[2024/06/23 17:44:38.254910, 0] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
ldb: ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=MYDOMAIN,DC=INT.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=3878500
If I try:
[root at dc1 var]# samba-tool dbcheck --cross-ncs --fix --yes
ltdb: tdb(/usr/local/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=MYDOMAIN,DC=INT.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=3878500
ERROR(ldb): uncaught exception - Indexed and full searches both failed!
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 157, in run
controls=controls, attrs=attrs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecker.py", line 188, in check_database
res = self.samdb.search(base=DN, scope=scope, attrs=['dn'], controls=controls)
Any clues anyone ? Unfortunately this is 4.6, compiled, so unable to simply upgrade samba for better binaries.
Could I build a new system and just put these databases in place ? Not sure if this I am suggesting makes any sense. I am now very very close to giving up on this, and just re-create a new AD from scratch.
LP
On Jun 22, 2024 at 07:58 +0100, Rowland Penny via samba <samba at lists.samba.org>, wrote:
> On Fri, 21 Jun 2024 17:08:39 +0100
> Luis Peromarta via samba <samba at lists.samba.org> wrote:
>
> >
> > LP
> > On Jun 21, 2024 at 12:02 +0100, Rowland Penny via samba
> > <samba at lists.samba.org>, wrote:
> > >
> > > Up until here it was 'DC=mydomain,DC=int', then it becomes something
> > > different, bad sanitisation ?
> > >
> >
> > Yes :(
> > >
> > > If you track back a bit in your link, the error turned out to be an
> > > extra, invalid zone, have you checked for this ?
> > >
> > > Rowland
> > >
> > >
> > Zonelist seems ok. Anyway to re-create the dns database ? Like remove
> > all zones and re-create ?
>
> I have removed and recreated the reversezone, but never the forwardzone
> or the msdcs zone, I do not know what would happen if you did.
>
> Have you tried dumping the zones and manually checking them ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list