Web lists-archives.com

Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working




Hi Louis and Rowland, 

Thanks for all your input. In answer to your questions, yes, all packages were upgraded to 4.9.4 so that was not the issue – the error messages you’ve seen in this regard are from during the upgrade. I can only guess that something was removed too early. Also both hostname and resolv.conf were set up correctly.  But these points seem moot now as I was able to solve the issue. 

I didn’t touch the base system which was upgraded but I did downgrade Samba and dependencies (samba, smbclient, libwbclient) back to v4.7.4, I then just overwrote the Samba folder (/var/lib/samba) which contains private and sysvol with a recent backup – and everything works again. Users can log in, GPOs are being distributed. I have not yet tried to upgrade again, I’ll leave this for some other day. 

samba-tool dbcheck isn’t showing any errors. samba-tool ntacl sysvolcheck does complain about an incorrect db acl on a gpo directory so I ran sysvolreset. The error remains but doesn’t seem to bother the AD otherwise. Still, to be safe, here is the error: 

$ sudo samba-tool ntacl sysvolcheck
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception - ProvisioningError: DB ACL on GPO directory /var/lib/samba/sysvol/samdom.example.com/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9} O:LAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) does not match expected value O:DAG:DAD:P(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;EA)(A;OICIIO;0x001f01ff;;;CO)(A;OICI;0x001f01ff;;;DA)(A;OICI;0x001f01ff;;;SY)(A;OICI;0x001200a9;;;AU)(A;OICI;0x001200a9;;;ED) from GPO object
  File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1674, in check_gpos_acl
    domainsid, direct_db_access)
  File "/usr/lib/python2.7/site-packages/samba/provision/__init__.py", line 1621, in check_dir_acl
    raise ProvisioningError('%s ACL on GPO directory %s %s does not match expected value %s from GPO object' % (acl_type(direct_db_access), path, fsacl_sddl, acl))

Any advice on how to take care of this error, or can this be safely ignored? 

Thanks, 
Viktor


From: Rowland Penny via samba
Sent: Donnerstag, 27. Dezember 2018 11:29
To: samba@xxxxxxxxxxxxxxx
Subject: Re: [Samba] After upgrade to 4.9.4, internal DNS no longer working

On Thu, 27 Dec 2018 11:07:08 +0100
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Gooood morning Rowland, :-) 
> 
> Your late ;-).. 
> What i also did see, so its more clear for others also. 
> 
> > Dez 22 21:08:31 dc1 systemd[1]: Starting Samba AD Daemon...
> > Dez 22 21:08:31 dc1 kernel: audit: type=1131
> > audit(1545509311.984:52): pid=1 uid=0 auid=4294967295
> > ses=4294967295 msg='unit=samba comm="systemd"
> > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> > res=failed' Dez 22 21:08:32 dc1 samba[733]: root process[733]:
> > [2018/12/22
> 
> This line:  exe="/usr/lib/systemd/systemd" hostname=? addr=?
> terminal=? res=failed' 
> 
> So incorrect hostname/resolving resulting in this problem. 

I actually think it could be a symptom and not the root cause. It
could be that two main things happened, systemd was upgraded and with
it 'resolved' was installed and smbclient wasn't upgraded.

I think that if 'resolved' is removed and ALL Samba packages are
upgraded, he might get it to work again.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba