Am 16.07.2015 um 17:18 schrieb Rowland Penny:> On 16/07/15 13:27, Reindl Harald wrote: >> >> Am 16.07.2015 um 14:02 schrieb Rowland Penny: >>> /etc/hosts should be: >>> >>> 127.0.0.1 localhost.localdomain localhost >> >> uhm no - you want 127.0.0.1 normally resolved to localhost and hence >> 127.0.0.1 localhost localhost.localdomain > > Ah NO, only if you are using a brain dead OS like red-hat :-) > > From 'man hosts' > > For each host a single line should be present with the following > information: > > IP_address canonical_hostname [aliases...] > > Optional aliases provide for name changes, alternate spellings, shorter > hostnames, or generic hostnames (for example, localhost)you quote exactly what i said gethostbyaddr will answer the canonical_hostname and not a random alias the real name for 127.0.0.1 is always localhost and hence that should not be the alias, frankly nobody needs the localhost.localdomain at all -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150716/1c2d4dde/signature.sig>
mathias dufresne
2015-Jul-23 15:23 UTC
[Samba] 4.2.2 as AD with 2 DCs: database incoherency
Hi all, I tried "samba-tool ldapcmp" several times to solve this issue, without success. On DC acting as full FSMO: dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan ldap://dc20.ad.dgfip.lan domain ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line 968, in run outf=self.outf, errf=self.errf) File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line 80, in __init__ self.server_names = self.find_servers() File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line 106, in find_servers scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"]) On the other one, which is the one with more group than the other: dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan ldap://dc20.ad.dgfip.lan domain ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 968, in run outf=self.outf, errf=self.errf) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 83, in __init__ self.get_sid_map() File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 257, in get_sid_map expression="(objectSid=*)", scope=SCOPE_SUBTREE, attrs=["objectSid", "sAMAccountName"]) After modifying hostname configuration on FSMO which is a Centos for that system does not reply FQDN when running "hostname" and not replying short name when running "hostname --fqdn", the error changed a bit on non-FSMO: dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan ldap://dc20.ad.dgfip.lan domain * Comparing [DOMAIN] context... Failed search of base=DC=ad,DC=dgfip,DC=lan ERROR(ldb): uncaught exception - LDAP client internal error: NT_STATUS_UNEXPECTED_NETWORK_ERROR File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 979, in run outf=self.outf, errf=self.errf) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 698, in __init__ self.dn_list = self.get_dn_list(context) File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 841, in get_dn_list res = self.con.ldb.search(base=self.search_base, scope=self.search_scope, attrs=["dn"]) Finally I tried to demote non-FSMO DC: dc00:~# samba-tool domain demote -Uadministrator Using dc20.ad.dgfip.lan as partner server for the demotion ERROR(<class 'samba.drs_utils.drsException'>): uncaught exception - drsException: DRS connection to dc20.ad.dgfip.lan failed: (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 693, in run (drsuapiBind, drsuapi_handle, supportedExtensions) drsuapi_connect(server, lp, creds) File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in drsuapi_connect raise drsException("DRS connection to %s failed: %s" % (server, e)) And now before trying a MS Windows script to remove some broken DC from AD, I come back to see if anyone has any clue to help me to solve that issue... Best regards, mathias 2015-07-16 17:31 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:> > > Am 16.07.2015 um 17:18 schrieb Rowland Penny: > >> On 16/07/15 13:27, Reindl Harald wrote: >> >>> >>> Am 16.07.2015 um 14:02 schrieb Rowland Penny: >>> >>>> /etc/hosts should be: >>>> >>>> 127.0.0.1 localhost.localdomain localhost >>>> >>> >>> uhm no - you want 127.0.0.1 normally resolved to localhost and hence >>> 127.0.0.1 localhost localhost.localdomain >>> >> >> Ah NO, only if you are using a brain dead OS like red-hat :-) >> >> From 'man hosts' >> >> For each host a single line should be present with the following >> information: >> >> IP_address canonical_hostname [aliases...] >> >> Optional aliases provide for name changes, alternate spellings, shorter >> hostnames, or generic hostnames (for example, localhost) >> > > you quote exactly what i said > gethostbyaddr will answer the canonical_hostname and not a random alias > > the real name for 127.0.0.1 is always localhost and hence that should not > be the alias, frankly nobody needs the localhost.localdomain at all > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 23/07/15 16:23, mathias dufresne wrote:> Hi all, > > I tried "samba-tool ldapcmp" several times to solve this issue, without > success. > > On DC acting as full FSMO: > dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 968, in run > outf=self.outf, errf=self.errf) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 80, in __init__ > self.server_names = self.find_servers() > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 106, in find_servers > scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"]) > > On the other one, which is the one with more group than the other: > dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 968, in run > outf=self.outf, errf=self.errf) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 83, > in __init__ > self.get_sid_map() > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 257, in get_sid_map > expression="(objectSid=*)", scope=SCOPE_SUBTREE, attrs=["objectSid", > "sAMAccountName"]) > > After modifying hostname configuration on FSMO which is a Centos for that > system does not reply FQDN when running "hostname" and not replying short > name when running "hostname --fqdn", the error changed a bit on non-FSMO: > > dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > > * Comparing [DOMAIN] context... > Failed search of base=DC=ad,DC=dgfip,DC=lan > ERROR(ldb): uncaught exception - LDAP client internal error: > NT_STATUS_UNEXPECTED_NETWORK_ERROR > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 979, in run > outf=self.outf, errf=self.errf) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 698, in __init__ > self.dn_list = self.get_dn_list(context) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 841, in get_dn_list > res = self.con.ldb.search(base=self.search_base, > scope=self.search_scope, attrs=["dn"]) > > Finally I tried to demote non-FSMO DC: > > dc00:~# samba-tool domain demote -Uadministrator > Using dc20.ad.dgfip.lan as partner server for the demotion > ERROR(<class 'samba.drs_utils.drsException'>): uncaught exception - > drsException: DRS connection to dc20.ad.dgfip.lan failed: (-1073741643, > '{Device Timeout} The specified I/O operation on %hs was not completed > before the time-out period expired.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 693, > in run > (drsuapiBind, drsuapi_handle, supportedExtensions) > drsuapi_connect(server, lp, creds) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in > drsuapi_connect > raise drsException("DRS connection to %s failed: %s" % (server, e)) > > And now before trying a MS Windows script to remove some broken DC from AD, > I come back to see if anyone has any clue to help me to solve that issue... > > Best regards, > > mathias > > > 2015-07-16 17:31 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>: > >> >> Am 16.07.2015 um 17:18 schrieb Rowland Penny: >> >>> On 16/07/15 13:27, Reindl Harald wrote: >>> >>>> Am 16.07.2015 um 14:02 schrieb Rowland Penny: >>>> >>>>> /etc/hosts should be: >>>>> >>>>> 127.0.0.1 localhost.localdomain localhost >>>>> >>>> uhm no - you want 127.0.0.1 normally resolved to localhost and hence >>>> 127.0.0.1 localhost localhost.localdomain >>>> >>> Ah NO, only if you are using a brain dead OS like red-hat :-) >>> >>> From 'man hosts' >>> >>> For each host a single line should be present with the following >>> information: >>> >>> IP_address canonical_hostname [aliases...] >>> >>> Optional aliases provide for name changes, alternate spellings, shorter >>> hostnames, or generic hostnames (for example, localhost) >>> >> you quote exactly what i said >> gethostbyaddr will answer the canonical_hostname and not a random alias >> >> the real name for 127.0.0.1 is always localhost and hence that should not >> be the alias, frankly nobody needs the localhost.localdomain at all >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>This sounds more & more like a DNS problem. I tried Centos and had a hard time getting DNS to work properly, something that is easy on Debian. You need to be able to ping each DC from the other, by short hostname and by FQDN, you should also be able to run 'host -t A <short_hostname_of_other_DC>' and 'host -t A <fqdn_hostname_of_other_DC>' and get a result. /etc/resolv.conf needs to point first at the other DC, then to itself /etc/hosts should contain at a minimum '127.0.0.1 localhost' , you can also have '127.0.0.1 localhost.localdomain localhost' You can add the ipaddresses of the DCs to /etc/hosts i.e. 192.168.0.2 dc1.example.com dc1 192.168.0.3 dc2.example.com dc2 Though you shouldn't have to, if the DNS servers are working correctly. Running 'hostname' should return just the short hostname, running 'hostname -f' or 'hostname --fqdn' should return the FQDN hostname, /etc/hostname should contain just the DCs short hostname, when I tried out Centos, I seem to remember finding that it contained 'localhost.localdomain', something it should never contain. Rowland