Sense Zeng
2013-Nov-18 02:42 UTC
[Samba] How to keep samba4 dc work fine when windows dc offline?
I'm testing a samba4 server join AD (had 1 win2003 dc) as dc. Version:
Samba4 DC: samba 4.1.1 with ubuntu (172.16.3.8)
Win2003 DC: Win2003 SP2 (172.16.3.3)
AD domain name: dotest.com
The samba server had joined to AD as DC. When win2003 dc online, it seems
works fine.
When I test win2003 dc online, simulate the win2003 DC was failue, found
the samba4 DC can't work fine along. The AD client logon has been very
slow. And there are error log in the samba4 dc log file
/usr/local/samba/var/log.samba:
...
[2013/11/18 09:55:57.147627, 0]
../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect)
Failed to connect host 172.16.3.3 on port 135 - NT_STATUS_HOST_UNREACHABLE
[2013/11/18 09:55:57.148011, 0]
../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket)
Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._
msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE.
[2013/11/18 09:56:00.147628, 0]
../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect)
Failed to connect host 172.16.3.3 on port 135 - NT_STATUS_HOST_UNREACHABLE
[2013/11/18 09:56:00.148012, 0]
../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket)
Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._
msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE.
...
172.16.3.3 is the Win2003 DC
and my smb.conf setting is:
[global]
workgroup = DOTEST
realm = dotest.com
netbios name = GREEN
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
wins support = Yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dotest.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
I wanna keep the samba4 dc work fine when win2003 dc offline? What should I
do?
Sense Zeng
2013-Nov-18 03:40 UTC
[Samba] How to keep samba4 dc work fine when windows dc offline?
All FSMO of AD had transfer to the samba4 dc. 2013/11/18 Sense Zeng <opaperjam at gmail.com>> I'm testing a samba4 server join AD (had 1 win2003 dc) as dc. Version: > Samba4 DC: samba 4.1.1 with ubuntu (172.16.3.8) > Win2003 DC: Win2003 SP2 (172.16.3.3) > AD domain name: dotest.com > > The samba server had joined to AD as DC. When win2003 dc online, it seems > works fine. > When I test win2003 dc online, simulate the win2003 DC was failue, found > the samba4 DC can't work fine along. The AD client logon has been very > slow. And there are error log in the samba4 dc log file > /usr/local/samba/var/log.samba: > > ... > [2013/11/18 09:55:57.147627, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - > NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:55:57.148011, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE. > [2013/11/18 09:56:00.147628, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - > NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:56:00.148012, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE. > ... > > 172.16.3.3 is the Win2003 DC > > and my smb.conf setting is: > > [global] > workgroup = DOTEST > realm = dotest.com > netbios name = GREEN > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > wins support = Yes > [netlogon] > path = /usr/local/samba/var/locks/sysvol/dotest.com/scripts > read only = No > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > I wanna keep the samba4 dc work fine when win2003 dc offline? What should > I do? >
Antun Horvat
2013-Nov-18 07:34 UTC
[Samba] How to keep samba4 dc work fine when windows dc offline?
I had the same problem When windows 2k3 was offline, domain logons were very slow. The issue was that DFS folders (sysvol and netlogon) were accessible only when certain timeout expired (about 30 sec) and then I could access that folder. After I have removed windows DC records from the domain, everything went back to normal. On 11/18/2013 03:42 AM, Sense Zeng wrote:> I'm testing a samba4 server join AD (had 1 win2003 dc) as dc. Version: > Samba4 DC: samba 4.1.1 with ubuntu (172.16.3.8) > Win2003 DC: Win2003 SP2 (172.16.3.3) > AD domain name: dotest.com > > The samba server had joined to AD as DC. When win2003 dc online, it seems > works fine. > When I test win2003 dc online, simulate the win2003 DC was failue, found > the samba4 DC can't work fine along. The AD client logon has been very > slow. And there are error log in the samba4 dc log file > /usr/local/samba/var/log.samba: > > ... > [2013/11/18 09:55:57.147627, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:55:57.148011, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE. > [2013/11/18 09:56:00.147628, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:56:00.148012, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com) on port 135 - NT_STATUS_HOST_UNREACHABLE. > ... > > 172.16.3.3 is the Win2003 DC > > and my smb.conf setting is: > > [global] > workgroup = DOTEST > realm = dotest.com > netbios name = GREEN > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > wins support = Yes > [netlogon] > path = /usr/local/samba/var/locks/sysvol/dotest.com/scripts > read only = No > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > I wanna keep the samba4 dc work fine when win2003 dc offline? What should I > do?
Sense Zeng
2013-Nov-18 09:37 UTC
[Samba] Fwd: How to keep samba4 dc work fine when windows dc offline?
How could I remove the Win2003 DC? I try to run dcpromo in Win2003 DC, it aways tell me: The operation failed because: Active Directory could not find another domain controller to transfer the remaining data in directory partition DC=ForestDnsZones,DC=dotest,DC=com. "The specified domain either does not exist or could not be contacted." And there are following errors log by the Samba4 DC log.samba: ... [2013/11/15 10:52:56.646808, 0] ../source4/dsdb/repl/drepl_ out_helpers.c:840(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com CN=Schema,CN=Configuration,DC=dotest,DC=com [2013/11/15 10:52:57.106829, 0] ../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com CN=Configuration,DC=dotest,DC=com [2013/11/15 10:52:58.301792, 0] ../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done) UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com DC=dotest,DC=com ...
Antun Horvat
2013-Nov-18 09:41 UTC
[Samba] How to keep samba4 dc work fine when windows dc offline?
That also happened to me, so I had to remove the controller manually. First you need to remove win dc records from the "sites and services", and then from the "users and computers" application. After that is done, you need to remove it's records from the DNS, and optionally update the zone SOA record. On 11/18/2013 10:34 AM, Sense Zeng wrote:> How could I remove the Win2003 DC? I try to run dcpromo in > Win2003 DC, it aways tell me: > > The operation failed because: > Active Directory could not find another domain controller to transfer > the remaining data in directory partition > DC=ForestDnsZones,DC=dotest,DC=com. > "The specified domain either does not exist or could not be contacted." > > And there are following errors log by the Samba4 DC log.samba: > > ... > [2013/11/15 10:52:56.646808, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done) > UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for > de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com > <http://msdcs.dotest.com> CN=Schema,CN=Configuration,DC=dotest,DC=com > [2013/11/15 10:52:57.106829, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done) > UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for > de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com > <http://msdcs.dotest.com> CN=Configuration,DC=dotest,DC=com > [2013/11/15 10:52:58.301792, 0] > ../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done) > UpdateRefs failed with WERR_DS_DRA_BUSY/NT code 0xc00020f6 for > de9d1c2e-5584-4b33-b99d-330ae93b9d9d._msdcs.dotest.com > <http://msdcs.dotest.com> DC=dotest,DC=com > ... > > > 2013/11/18 Antun Horvat <antun.horvat at radio101.hr > <mailto:antun.horvat at radio101.hr>> > > I had the same problem > > When windows 2k3 was offline, domain logons were very slow. > The issue was that DFS folders (sysvol and netlogon) were > accessible only when certain timeout expired (about 30 sec) and > then I could access that folder. After I have removed windows DC > records from the domain, everything went back to normal. > > > > > On 11/18/2013 03:42 AM, Sense Zeng wrote: > > I'm testing a samba4 server join AD (had 1 win2003 dc) as dc. > Version: > Samba4 DC: samba 4.1.1 with ubuntu (172.16.3.8) > Win2003 DC: Win2003 SP2 (172.16.3.3) > AD domain name: dotest.com <http://dotest.com> > > The samba server had joined to AD as DC. When win2003 dc > online, it seems > works fine. > When I test win2003 dc online, simulate the win2003 DC was > failue, found > the samba4 DC can't work fine along. The AD client logon has > been very > slow. And there are error log in the samba4 dc log file > /usr/local/samba/var/log.samba: > > ... > [2013/11/18 09:55:57.147627, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - > NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:55:57.148011, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 > (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com <http://msdcs.dotest.com>) on port 135 - > NT_STATUS_HOST_UNREACHABLE. > [2013/11/18 09:56:00.147628, 0] > ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) > Failed to connect host 172.16.3.3 on port 135 - > NT_STATUS_HOST_UNREACHABLE > [2013/11/18 09:56:00.148012, 0] > ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) > Failed to connect host 172.16.3.3 > (880d3cbe-93a7-4e9d-a286-62b54a73a6ea._ > msdcs.dotest.com <http://msdcs.dotest.com>) on port 135 - > NT_STATUS_HOST_UNREACHABLE. > ... > > 172.16.3.3 is the Win2003 DC > > and my smb.conf setting is: > > [global] > workgroup = DOTEST > realm = dotest.com <http://dotest.com> > netbios name = GREEN > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > wins support = Yes > [netlogon] > path > /usr/local/samba/var/locks/sysvol/dotest.com/scripts > <http://dotest.com/scripts> > read only = No > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > I wanna keep the samba4 dc work fine when win2003 dc offline? > What should I > do? > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Amaury Viera Hernández
2013-Nov-18 15:18 UTC
[Samba] How to keep samba4 dc work fine when windows dc offline?
On 11/17/2013 09:42 PM, Sense Zeng wrote:> I'm testing a samba4 server join AD (had 1 win2003 dc) as dc. Version: > Samba4 DC: samba 4.1.1 with ubuntu (172.16.3.8) > Win2003 DC: Win2003 SP2 (172.16.3.3) > AD domain name: dotest.com > > The samba server had joined to AD as DC. When win2003 dc online, it seems > works fine. > When I test win2003 dc online, simulate the win2003 DC was failue, found > the samba4 DC can't work fine along. The AD client logon has been very > slow. And there are error log in the samba4 dc log file > /usr/local/samba/var/log.samba: >I have this problem too, When the Win2003 dc is offline the samba4 dc can't work. The users can't access or is very slow the authentication. I'm thinking that the principal problem is that the internal dns for samba4 dc is not working because since the beggining(before to switch off the win2003 domain controller and later to switch off the win2003 domain controller) when I try to connect to the internal dns using the windows administration tools it said something like: the dns server doesn't exist. Dou you want to add anyway? I have been using the official documentation: https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC but the results are the same: When the Win2003 dc is offline the samba4 dc can't work. The users can't not access or is very slow the authentication. I don't speak English. Apologize for my language, -- Atentamente, Amaury. The following mail is attached automatically: ________________________________________________________________________________________________ III Escuela Internacional de Invierno en la UCI del 17 al 28 de febrero del 2014. Ver www.uci.cu