Web lists-archives.com

Re: [Samba] Problem samba db / pc - domain trust gone.




Hello Louis,

Looks like an unsynced deleted object.

Did you try "samba-tool domain tombstones expunge"

achim~


Am 15.05.2017 um 17:02 schrieb L.P.H. van Belle via samba:
Nobody?


These are repeating every 5 min on my DC2.
No i dont care about the LostAndFound/deleted.

[2017/05/15 16:52:32.848035,  0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
   Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
[2017/05/15 16:57:32.857425,  0] ../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
   ldb: No objectClass found in replPropertyMetaData for CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndFound,DC=internal,DC=domain,DC=tld!

Im wondering what this is.

[2017/05/15 16:57:32.857647,  0] ../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_source_apply_changes_trigger)
   Failed to commit objects: WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

So any tips?

Im out tomorrow, but any info helps thanks.

Greetz,

Louis
-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
L.P.H. van Belle via samba
Verzonden: maandag 15 mei 2017 12:13
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: Re: [Samba] Problem samba db / pc - domain trust gone.

I forgot to mention it involves samba 4.5.8.

-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens L.P.H. van
Belle via samba
Verzonden: maandag 15 mei 2017 11:40
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: [Samba] Problem samba db / pc - domain trust gone.

Hai,
Environment, Debian Jessie. I got reports about pc's unable to login into the samba ad
dc domain.
The trust between this workstation and the primary domain failed.
This happend on a win7 and win10 pc.
Now, this is "normaly" easy fixed,by rejoining the pc to the domain
with the domain wizzard in windows.
I noticed this didnt work anymore.
I was running without problem, so what lead to this problem. installed the needed security updates last friday. (
kernel, bind, no
samba things. ) I was prepering to upgrade to 4.6.3 and did the
following.
1) samba-tool dbcheck and a samba-tool dbcheck --fix --- DC 1 ---- That fixed 4 errors.
i got some others back.
Multple messages with :
CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
icies,CN=System,DC=internal,DC=domain,DC=tld
this part
"CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
icies,CN=System" can be anything, multiple messages.
users/computers.
rebooted the server, resulting in these log messages.
samba logs clean, no errors,
running : samba-tool dbcheck  and a samba-tool dbcheck
--fix  again,
fixed simalar like above. ( 8 errors )
running samba-tool ldapcmp:
samba-tool ldapcmp --filter='whenChanged,dc,cn'
ldap://dc1.internal.domain.tld ldap://dc2.internal.domain.tld Shows
differenced in login timpstamps. Which can explain the
message on the
pc's : the trust between this workstation and the primary domain
failed.
Difference in attribute values:
         lastLogonTimestamp =>
['131390598670332960']
['131380923051230950']
     FAILED

   Difference in attribute values:
         pwdLastSet =>
['131389578099979510']
['131363450502014640']
     FAILED

-------------------------
Now i checked my DC2.
samba-tool dbcheck:
Please use --fix to fix these errors
Checked 852 objects (626 errors)

pff, 626 errors?
mostly things like these below. STATUS=daemon 'samba' finished starting up and ready to serve
connections
samba: setproctitle not initialized, please either call
setproctitle_init() or link against libbsd-ctor.
[2017/05/15 09:17:32.208909,  0]
../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
   ldb: No objectClass found in replPropertyMetaData for
CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
ound,DC=internal,DC=domain,DC=tld!
[2017/05/15 09:17:32.213955, 0]
../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
source_apply_changes_trigger)
   Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
[2017/05/15 09:22:32.210006,  0]
../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
   ldb: No objectClass found in replPropertyMetaData for
CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
ound,DC=internal,DC=domain,DC=tld!
[2017/05/15 09:22:32.211300, 0]
../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
source_apply_changes_trigger)
   Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
[2017/05/15 09:27:32.222921,  0]
../lib/ldb-samba/ldb_wrap.c:76(ldb_wrap_debug)
   ldb: No objectClass found in replPropertyMetaData for
CN=User\0ADEL:668703c1-846c-45f1-aabd-2af7ddaee441,CN=LostAndF
ound,DC=internal,DC=domain,DC=tld!
[2017/05/15 09:27:32.223286, 0]
../source4/dsdb/repl/drepl_out_helpers.c:942(dreplsrv_op_pull_
source_apply_changes_trigger)
   Failed to commit objects:
WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
Not fixing replPropertyMetaData on
CN=182696b8-95cc-4ec7-8ee8-34f528538944,CN=Packages,CN=Class
Store,CN=User,CN={94436DC5-0FA6-4533-9C4F-7BEE2F2D25E2},CN=Pol
icies,CN=System,DC=internal,DC=domain,DC=tld
CN=Windows Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090364
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009030e
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000902ee
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090177
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0009012e
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x000900dd
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090092
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00090001
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020119
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020002
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00020001
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x0000000d
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000003
CN=Windows
Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld: 0x00000000
ERROR: unsorted attributeID values in replPropertyMetaData on
CN=Windows Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld
Not fixing replPropertyMetaData on CN=Windows Authorization Access
Group,CN=Builtin,DC=internal,DC=domain,DC=tld
What is the best action here, do a full resync from DC1 to
DC2? Or did
i forget something?
Greetz, Louis --
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba