Web lists-archives.com

Re: [Samba] Some strange errors in logs




Hai, 

cat "/var/lib/samba/private/named.conf"  also please. 
And check if the correct bind9_dlz is enabled. 

dpkg -l | grep bind9
Jessie, should be 9.9 
Stretch should be 9.10
If this server was upgraded then you need to manualy adjust the file above. 
Looks to my bind9-dlz is enable in smb.conf but not loaded. 

cat /var/log/daemon.log | grep dlz
You should see thing like: 
samba_dlz: starting configure 
samba_dlz: configured writeable zone '... 
And make sure you see _msdcs.your.domain.tld 



Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Mariusz80 via samba
> Verzonden: vrijdag 10 november 2017 12:36
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Some strange errors in logs
> 
> Samba - General mailing list wrote
> > On Fri, 10 Nov 2017 02:55:44 -0700 (MST)
> > Mariusz80 via samba <
> 
> > samba@.samba
> 
> > > wrote:
> > 
> >> Hello there. 
> >> I need consultation and any advice about my log file.
> >> 
> >> I have some strange errors in my log file about "invalid zone
> >> operation" and "pad length mismatch. Calculated 44  got 0" 
> on my DC1
> >> and DC2 samba Version 4.5.12-Debian
> >> smb.conf:
> >> [global]
> >>         workgroup = !!!
> >>         realm = !!!
> >>         netbios name = !!!
> >>         server role = active directory domain controller
> >>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> >> drepl, winbindd, ntp_signd, kcc, dnsupdate
> >>         idmap_ldb:use rfc2307 = yes
> >> 
> >> load printers = no
> >> printing = bsd
> >> printcap name = /dev/null
> >> disable spoolss = yes
> >> 
> >> log level = 1
> >> max log size = 1000
> >> log file = /var/log/samba/%m.log
> >> 
> >> lm announce = no
> >> client lanman auth = no
> >> 
> >> ntlm auth = yes
> >> lanman auth = no
> >> client ntlmv2 auth = yes
> >> 
> >> [netlogon]
> >>         path = /var/lib/samba/sysvol/dfm.biz.pl/scripts
> >>         read only = No
> >> 
> >> [sysvol]
> >>         path = /var/lib/samba/sysvol
> >>         read only = No
> >> 
> >> Sample log:
> >> [2017/11/09 11:22:46.190213,  0]
> >> 
> ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1085(dnsser
> ver_query_zone)
> >>   dnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone
> >> operation IsSigneddnsserver: Invalid zone operation 
> IsSigneddnsserver:
> >> Invalid zone operation IsSigneddnsserver: Invalid zone operation
> >> IsSigneddnsserver: Invalid zone operation 
> IsSigneddnsserver: Invalid
> >> zone operation IsSigneddnsserver: Invalid zone operation
> >> IsSigneddnsserver: Invalid zone operation 
> IsSigneddnsserver: Invalid
> >> zone operation IsSigned../librpc/rpc/dcerpc_util.c:227: ERROR: pad
> >> length mismatch. Calculated 44  got 0
> >> [2017/11/09 12:11:58.968226,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/09 12:28:13.768393,  0]
> >> 
> ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1085(dnsser
> ver_query_zone)
> >>   dnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone
> >> operation IsSigned../librpc/rpc/dcerpc_util.c:227: ERROR: 
> pad length
> >> mismatch. Calculated 44  got 0
> >> [2017/11/09 14:54:39.320660,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/09 15:02:11.878768,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/09 15:04:38.500247,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/09 15:28:39.928914,  0]
> >> 
> ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1085(dnsser
> ver_query_zone)
> >>   dnsserver: Invalid zone operation IsSigneddnsserver: Invalid zone
> >> operation IsSigneddnsserver: Invalid zone operation 
> IsSigneddnsserver:
> >> Invalid zone operation IsSigned../librpc/rpc/dcerpc_util.c:227:
> >> ERROR: pad length mismatch. Calculated 44  got 0
> >> [2017/11/09 16:05:31.014135,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/09 21:53:03.428512,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 06:58:00.225241,  1]
> >> 
> ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_co
> llect_tombstones_part)
> >>   Doing a full scan on DC=ForestDnsZones,DC=dfm,DC=biz,DC=pl and
> >> looking for deleted objects
> >> [2017/11/10 06:58:00.228111,  1]
> >> 
> ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_co
> llect_tombstones_part)
> >>   Doing a full scan on DC=DomainDnsZones,DC=dfm,DC=biz,DC=pl and
> >> looking for deleted objects
> >> [2017/11/10 06:58:00.236321,  1]
> >> 
> ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_co
> llect_tombstones_part)
> >>   Doing a full scan on CN=Configuration,DC=dfm,DC=biz,DC=pl and
> >> looking for deleted objects
> >> [2017/11/10 06:58:00.287988,  1]
> >> 
> ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_co
> llect_tombstones_part)
> >>   Doing a full scan on DC=dfm,DC=biz,DC=pl and looking for deleted
> >> objects [2017/11/10 07:59:55.958736,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 08:07:18.247157,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 08:18:51.026675,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 08:18:51.026990,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 09:26:40.073870,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 09:26:40.074160,  1]
> >> ../librpc/rpc/dcerpc_util.c:227(dcerpc_pull_auth_trailer)
> >>   ../librpc/rpc/dcerpc_util.c:227: ERROR: pad length mismatch.
> >> Calculated 44 got 0
> >> [2017/11/10 09:46:51.945841,  0]
> >> 
> ../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1085(dnsser
> ver_query_zone)
> >> 
> >> I have also strange thing with SOA record. It is changing onself to
> >> DC2 and later during the day or next day back to DC1. Is it normal
> >> behaviour ? What do you think about that ?
> >> ---
> >> Mariusz
> >> Thanks
> >> 
> >> 
> >> 
> >> --
> >> Sent from:
> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
> >> 
> > 
> > Can you post all your BIND named.conf files
> > 
> > Rowland
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> Of course, here they are:
> /etc/bind/named.conf
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> 
> /etc/bind/named.conf.default-zones
> // prime the server with knowledge of the root servers
> zone "." {
> 	type hint;
> 	file "/etc/bind/db.root";
> };
> 
> // be authoritative for the localhost forward and reverse 
> zones, and for
> // broadcast zones as per RFC 1912
> 
> zone "localhost" {
> 	type master;
> 	file "/etc/bind/db.local";
> };
> 
> zone "127.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.127";
> };
> 
> zone "0.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.0";
> };
> 
> zone "255.in-addr.arpa" {
> 	type master;
> 	file "/etc/bind/db.255";
> };
> 
> /etc/bind/named.conf.local
> include "/var/lib/samba/private/named.conf";
> 
> /etc/bind/named.conf.options
> options {
>         directory "/var/cache/bind";
>         allow-query { any; };
>         forwarders { 10.10.10.2; };
>         allow-recursion { any; };
>         dnssec-validation no;
>         dnssec-enable no;
>         listen-on-v6 { none; };
>          listen-on port 53 { any; };
>         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> #auth-nxdomain no;
> };
> 
> ------------
> Thanks
> Mariusz
> 
> 
> 
> 
> --
> Sent from: 
> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba