For some reason my secondary DC loses sync every once in a while. It looks like this in samba-tool drs showrepl: Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 (WERR_ACCESS_DENIED) 229 consecutive failure(s). Last success @ Wed Nov 18 18:48:07 2015 CET Restarting samba fixes the issue for an unpredictable time. Sometimes hours, sometimes many weeks. So I wrote a script to restart samba in this case: #!/bin/bash # # Check if samba replication broke down and restart samba in this case # SAMBA_TOOL=/usr/bin/samba-tool SED=/bin/sed MAIL=/usr/bin/mail RM=/bin/rm MKTMP=/bin/mktemp FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive failure(s)\.$/p"` if [[ -n "$FAIL" ]]; then TMP=$($MKTMP) $SAMBA_TOOL drs showrepl > "$TMP" echo "Restart ..." >> "$TMP" /etc/init.d/samba restart >> "$TMP" echo "... done!" >> "$TMP" $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" $RM -f "$TMP" fi And it works perfectly, if I run it manually. However, the idea is to run it by cron every 5 minutes. But when it's run from cron restarting samba fails: Restart ... Stopping NetBIOS name server: nmbd. Stopping SMB/CIFS daemon: smbd. Stopping Samba AD DC daemon: samba. Starting Samba AD DC daemon: samba failed! ... done! Running the same script manually from a root shell works however fine. The system is Debian Jessie using samba 4.1.17-Debian. I start the script using the following entry in root's crontab: */5 * * * * /root/samba-restart.sh Any ideas what I'm doing wrong? Thanks for your help, - lars.
On 30/11/15 10:01, Lars Hanke wrote:> For some reason my secondary DC loses sync every once in a while. It > looks like this in samba-tool drs showrepl: > > Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 > (WERR_ACCESS_DENIED) > 229 consecutive failure(s). > Last success @ Wed Nov 18 18:48:07 2015 CET > > Restarting samba fixes the issue for an unpredictable time. Sometimes > hours, sometimes many weeks. So I wrote a script to restart samba in > this case: > > #!/bin/bash > # > # Check if samba replication broke down and restart samba in this case > # > SAMBA_TOOL=/usr/bin/samba-tool > SED=/bin/sed > MAIL=/usr/bin/mail > RM=/bin/rm > MKTMP=/bin/mktemp > > FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive > failure(s)\.$/p"` > > if [[ -n "$FAIL" ]]; then > TMP=$($MKTMP) > $SAMBA_TOOL drs showrepl > "$TMP" > echo "Restart ..." >> "$TMP" > /etc/init.d/samba restart >> "$TMP" > echo "... done!" >> "$TMP" > $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" > $RM -f "$TMP" > fi > > And it works perfectly, if I run it manually. However, the idea is to > run it by cron every 5 minutes. But when it's run from cron restarting > samba fails: > > Restart ... > Stopping NetBIOS name server: nmbd. > Stopping SMB/CIFS daemon: smbd. > Stopping Samba AD DC daemon: samba. > Starting Samba AD DC daemon: samba failed! > ... done!I think you may be using the wrong start/stop/restart init script. On Debian there are usually 4 samba init scripts: nmbd smbd samba samba-ad-dc There is also the winbind init script, but this will only be installed if you are using winbind i.e. on a domain member The nmbd & smbd init scripts are there to start and stop the individual deamons, the samba init script runs both of the nmbd & smbd init scripts, samba-ad-dc starts/stops the samba deamon, which will then start the smbd deamon. If you are running Samba4 as an AD DC, you should never start the nmbd deamon, you should also never start smbd manually. What you are trying to do is, in my opinion, the wrong way to go about fixing the problem, you really should try to ascertain why you are losing sync. Rowland> > Running the same script manually from a root shell works however fine. > > The system is Debian Jessie using samba 4.1.17-Debian. I start the > script using the following entry in root's crontab: > > */5 * * * * /root/samba-restart.sh > > Any ideas what I'm doing wrong? > > Thanks for your help, > - lars. >
Thanks Rowland, for the thoughts. > If you are running Samba4 as an AD DC, you should never start the nmbd > deamon, you should also never start smbd manually. Yes, I could optimize to use /etc/init.d/samba-ad-dc immediately,but in fact this is what /etc/init.d/samba does. The messages with "AD DC daemon" are generated by that script, and it is the failing one. > What you are trying to do is, in my opinion, the wrong way to go about > fixing the problem, you really should try to ascertain why you are > losing sync. Agreed. But I've no idea how to troubleshoot that issue. Any help on fixing the cause is also appreciated. Am 30.11.2015 um 12:13 schrieb Rowland Penny:> On 30/11/15 10:01, Lars Hanke wrote: >> For some reason my secondary DC loses sync every once in a while. It >> looks like this in samba-tool drs showrepl: >> >> Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 >> (WERR_ACCESS_DENIED) >> 229 consecutive failure(s). >> Last success @ Wed Nov 18 18:48:07 2015 CET >> >> Restarting samba fixes the issue for an unpredictable time. Sometimes >> hours, sometimes many weeks. So I wrote a script to restart samba in >> this case: >> >> #!/bin/bash >> # >> # Check if samba replication broke down and restart samba in this case >> # >> SAMBA_TOOL=/usr/bin/samba-tool >> SED=/bin/sed >> MAIL=/usr/bin/mail >> RM=/bin/rm >> MKTMP=/bin/mktemp >> >> FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive >> failure(s)\.$/p"` >> >> if [[ -n "$FAIL" ]]; then >> TMP=$($MKTMP) >> $SAMBA_TOOL drs showrepl > "$TMP" >> echo "Restart ..." >> "$TMP" >> /etc/init.d/samba restart >> "$TMP" >> echo "... done!" >> "$TMP" >> $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" >> $RM -f "$TMP" >> fi >> >> And it works perfectly, if I run it manually. However, the idea is to >> run it by cron every 5 minutes. But when it's run from cron restarting >> samba fails: >> >> Restart ... >> Stopping NetBIOS name server: nmbd. >> Stopping SMB/CIFS daemon: smbd. >> Stopping Samba AD DC daemon: samba. >> Starting Samba AD DC daemon: samba failed! >> ... done! > > I think you may be using the wrong start/stop/restart init script. On > Debian there are usually 4 samba init scripts: > > nmbd > smbd > samba > samba-ad-dc > > There is also the winbind init script, but this will only be installed > if you are using winbind i.e. on a domain member > > The nmbd & smbd init scripts are there to start and stop the individual > deamons, the samba init script runs both of the nmbd & smbd init > scripts, samba-ad-dc starts/stops the samba deamon, which will then > start the smbd deamon. > > If you are running Samba4 as an AD DC, you should never start the nmbd > deamon, you should also never start smbd manually. > > What you are trying to do is, in my opinion, the wrong way to go about > fixing the problem, you really should try to ascertain why you are > losing sync. > > Rowland > >> >> Running the same script manually from a root shell works however fine. >> >> The system is Debian Jessie using samba 4.1.17-Debian. I start the >> script using the following entry in root's crontab: >> >> */5 * * * * /root/samba-restart.sh >> >> Any ideas what I'm doing wrong? >> >> Thanks for your help, >> - lars. >> > >