Web lists-archives.com

Re: [Samba] Samba DC: How to verify proper functioning




On Sun, 10 Jun 2018 15:01:12 +0300
Alexei Rozenvaser via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello
> 
> Please advise some ways to verify that my newly created samba DC
> (holding no FSMO roles) is functioning properly from standpoint of
> Windows Server DC and Windows clients.
> So far I tried to run "dcdiag" command.
> Can you please look at following command output and tell me is
> everything OK there?
> Is there other ways to check if DC works well?
> ---------------------------------------------------------------------------------
> dcdiag /s:ubuntu-dc
> Directory Server Diagnosis
> 
> 
 
> Doing primary tests

>       Starting test: SysVolCheck
> 
>          The SysVol is not ready.  This can cause the DC to not
> advertise
> 
>          itself as a DC for netlogon after dcpromo.  Also trouble
> with FRS
> 
>          SysVol replication can cause Group Policy problems.  Check
> the FRS
> 
>          event log on this DC.
>          ......................... UBUNTU-DC failed test SysVolCheck

This can be expected, Sysvol on a Samba DC doesn't replicate yet, see
the wiki.

>       Starting test: ObjectsReplicated
> 
>          Failed to read object metadata on UBUNTU-DC, error
> 
>          The request is not supported.
> 
>          Failed to read object metadata on UBUNTU-DC, error
> 
>          The request is not supported.
> 
>          ......................... UBUNTU-DC passed test
> ObjectsReplicated

I wouldn't worry about the above, the test passed even though it
couldn't read an attribute.

> 
>       Starting test: Replications
> 
>          REPLICATION-RECEIVED LATENCY WARNING
> 
>          UBUNTU-DC:  Current time is 2018-06-10 14:47:51.
> 
>             CN=Schema,CN=Configuration,DC=Gal-Shvav,DC=local
>                Last replication received from GSAD at
>           1601-01-01 02:21:57
>                WARNING:  This latency is over the Tombstone Lifetime
> of 180 days!
> 
>          ......................... UBUNTU-DC passed test Replications

This is very strange, the last replication seemed to have happened at
the Windows epoch, but it still past. Try creating a user on the
windows DC and see if gets replicated to the Samba DC.

> 
>       Starting test: Services
> 
>             Could not open EventSystem Service on UBUNTU-DC, error 0x8
> 
>             "Not enough storage is available to process this command."
> 
>             Could not open RpcSs Service on UBUNTU-DC, error 0x8
> 
>             "Not enough storage is available to process this command."
> .......... 
>          ......................... UBUNTU-DC failed test Services

These failures are probably down to trying to run windows services on a
Unix DC where the do not exist.

>       Starting test: VerifyReferences
> 
>          Some objects relating to the DC UBUNTU-DC have problems:
>             [1] Problem: Missing Expected Value
> 
>              Base Object:
> 
>             CN=NTDS
> Settings,CN=UBUNTU-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Gal-Shvav,DC=local
> 
>              Base Object Description: "DSA Object"
> 
>              Value Object Attribute Name: serverReferenceBL
> 
>              Value Object Description: "SYSVOL FRS Member Object"
> 
>              Recommended Action: See Knowledge Base Article: Q312862
> 
> 
>             [1] Problem: Missing Expected Value
> 
>              Base Object:
> 
>             CN=UBUNTU-DC,OU=Domain Controllers,DC=Gal-Shvav,DC=local
> 
>              Base Object Description: "DC Account Object"
> 
>              Value Object Attribute Name: frsComputerReferenceBL
> 
>              Value Object Description: "SYSVOL FRS Member Object"
> 
>              Recommended Action: See Knowledge Base Article: Q312862
> 
> 
>          ......................... UBUNTU-DC failed test
> VerifyReferences

Again, I wouldn't worry about the above, they seem to to do with sysvol
replication, that a Samba DC doesn't do.

Samba has its own tools:

samba-tool dbcheck
samba-tool ldapcmp
samba-tool drs showrepl

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba