Web lists-archives.com

Re: [Samba] after a couple of year of success is not possible to add workstations to domain




Hi to all,

*//*

Il 07/02/2018 14:45, Massimo Donato - Adcom.it via samba ha scritto:
*//*
Hi Denis,

Il 06/02/2018 20:05, Denis Cardon via samba ha scritto:
Hi Massimo,

Il 05/02/2018 16:41, Rowland Penny ha scritto:
On Mon, 5 Feb 2018 16:01:27 +0100
"Massimo Donato - Adcom.it via samba" <samba@xxxxxxxxxxxxxxx> wrote:

*/Hi all,
     after a couple of year of successfully working samba AD DC is
not possible to add workstations to domain
since a few day ago in windows i get a messagge complaining that the
account previously exists. ant that to try access with a different
account. after some investigation i found that the backupDC was in
hardware fault. the primary seems to work great, but still unable to
add workstation to domain.
seems like something is missing,
samba version is 4.7.4(upgraded during investigation)

any advice ? where to look ?

One of the problems here is that you are thinking in terms of 'primary'
and 'backup' DCs. You haven't got a 'primary' DC or a 'backup' DC, you
just have two DCs and they should both contain exactly the same data in
AD. Problem is, when your second DC became faulty, it may have
corrupted AD on the DC and then replicated this corruption to the
first DC.

I would turn off the faulty DC (if it is still running), demote the
dead DC and then run 'samba-tool dbcheck'

But, before I tried to do anything, I would ensure that the first DC
was fully backed up.

Rowland


thank you Rowland for your answer.,
i understend what you mean regarding DC, there was just two dc.
the faulty DC is no more in our datacenter(disk dead)
so i have one DC that is corrupted, i have a backup, but only after
corruption.
dbcheck is good, even with ncs option, 0 errors
any other advice to check ?

which server is/was the RID FSMO role owner?

Denis
I think the one still lives, was the forst one i configured.

i tryed something just not to bother all the list, may this help ?

[root@zeus log]# samba-tool dbcheck --fix
WARNING: The "profile acls" option is deprecated
Checking 309 objects
Checked 309 objects (0 errors)
[root@zeus log]# samba-tool dbcheck --cross-nc --fix
WARNING: The "profile acls" option is deprecated
Checking 3578 objects
Checked 3578 objects (0 errors)
[root@zeus log]# samba-tool drs showrepl
WARNING: The "profile acls" option is deprecated
Default-First-Site-Name\ZEUS
DSA Options: 0x00000001
DSA object GUID: e0a28581-6f38-4a9e-b593-43b65cafb872
DSA invocationId: adb5b609-20d2-4b4c-a8da-1bdb74dc444e

==== INBOUND NEIGHBORS ====

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====
also tryed this and no errors:
any idea on how to remove the dead server from dns entries ?

[root@zeus /]# host -t SRV _kerberos._udp.somdomain.com.
_kerberos._udp.somdomain.com has SRV record 0 100 88 zeus.somdomain.com.
_kerberos._udp.somdomain.com has SRV record 0 100 88 backupdc.somdomain.com.
[root@zeus /]# host -t SRV _ldap._tcp.somdomain.com
_ldap._tcp.somdomain.com has SRV record 0 100 389 zeus.somdomain.com.
_ldap._tcp.somdomain.com has SRV record 0 100 389 backupdc.somdomain.com.





---
Questa email è stata esaminata alla ricerca di virus da AVG.
http://www.avg.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba