Web lists-archives.com

Re: [Samba] after a couple of year of success is not possible to add workstations to domain

Hi Denis,

Il 06/02/2018 20:05, Denis Cardon via samba ha scritto:
Hi Massimo,

Il 05/02/2018 16:41, Rowland Penny ha scritto:
On Mon, 5 Feb 2018 16:01:27 +0100
"Massimo Donato - Adcom.it via samba" <samba@xxxxxxxxxxxxxxx> wrote:

*/Hi all,
     after a couple of year of successfully working samba AD DC is
not possible to add workstations to domain
since a few day ago in windows i get a messagge complaining that the
account previously exists. ant that to try access with a different
account. after some investigation i found that the backupDC was in
hardware fault. the primary seems to work great, but still unable to
add workstation to domain.
seems like something is missing,
samba version is 4.7.4(upgraded during investigation)

any advice ? where to look ?

One of the problems here is that you are thinking in terms of 'primary'
and 'backup' DCs. You haven't got a 'primary' DC or a 'backup' DC, you
just have two DCs and they should both contain exactly the same data in
AD. Problem is, when your second DC became faulty, it may have
corrupted AD on the DC and then replicated this corruption to the
first DC.

I would turn off the faulty DC (if it is still running), demote the
dead DC and then run 'samba-tool dbcheck'

But, before I tried to do anything, I would ensure that the first DC
was fully backed up.


thank you Rowland for your answer.,
i understend what you mean regarding DC, there was just two dc.
the faulty DC is no more in our datacenter(disk dead)
so i have one DC that is corrupted, i have a backup, but only after
dbcheck is good, even with ncs option, 0 errors
any other advice to check ?

which server is/was the RID FSMO role owner?

I think the one still lives, was the forst one i configured.

i tryed something just not to bother all the list, may this help ?

[root@zeus log]# samba-tool dbcheck --fix
WARNING: The "profile acls" option is deprecated
Checking 309 objects
Checked 309 objects (0 errors)
[root@zeus log]# samba-tool dbcheck --cross-nc --fix
WARNING: The "profile acls" option is deprecated
Checking 3578 objects
Checked 3578 objects (0 errors)
[root@zeus log]# samba-tool drs showrepl
WARNING: The "profile acls" option is deprecated
DSA Options: 0x00000001
DSA object GUID: e0a28581-6f38-4a9e-b593-43b65cafb872
DSA invocationId: adb5b609-20d2-4b4c-a8da-1bdb74dc444e




Questa email è stata esaminata alla ricerca di virus da AVG.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba