Hi, We are using Samba AD DC (Version 4.6.5) on CentOS 7.3. We have two servers with BIND9 DNS and all are working just fine. Today, when we attempted to move couple of users from one OU to another, Windows RSAT reported /*"Windows cannot move object. Ther*//*e *//*is not enough storage space*//*"*/. Our servers have 300 GB Storage more that 270GB is free on the storage. At the moment we have added about 1000 users and about 450 computers into domain. Overall, we will add about 7500 users and equal no of computers to domain. I also noticed that RSAT lost the connection to domain all of a sudden. However, when I restarted the samba-ad-dc service, it reconnected. I am able to add new computers and new users into domain. But moving the user from one OU to another is throwing above error. I believe the DB is a 32 bit one and should support upto 4 GB. When I checked in /usr/local/samba/private folder the size of smb.ldb file is about 4.1 MB and rest of the ldb and tdb files are around 1 MB in size. Now, how do I correctly check the current DB size? Is the above error a strange behaviour? How do we fix the above error? Thanks in advance. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees.
Hi Anantha, Am 02.08.2017 um 17:39 schrieb Anantha Raghava via samba:> Today, when we attempted to move couple of users from one OU to another, > Windows RSAT reported /*"Windows cannot move object. Ther*//*e *//*is > not enough storage space*//*"*/. Our servers have 300 GB Storage more > that 270GB is free on the storage. At the moment we have added about > 1000 users and about 450 computers into domain. Overall, we will add > about 7500 users and equal no of computers to domain. I also noticed > that RSAT lost the connection to domain all of a sudden. However, when I > restarted the samba-ad-dc service, it reconnected. I am able to add new > computers and new users into domain. But moving the user from one OU to > another is throwing above error. > > I believe the DB is a 32 bit one and should support upto 4 GB. When I > checked in /usr/local/samba/private folder the size of smb.ldb file is > about 4.1 MB and rest of the ldb and tdb files are around 1 MB in size.Just some thoughts and things you can check: * Do you move only one or a few user objects or a large number at once? * Does it happen also for other objects (computer accounts or groups)? * Have you checked if there is maybe no free RAM left? * Does it work after you restart Samba or reboot the host? * I guess you already checked that the mount point, where your Samba databases are located, is not full. * Does "samba-tool dbcheck --cross-ncs" reports any errors? Run it on all Samba DCs. * Do you see any errors in the log when you try to move an AD entry? Increase the log level, in case you don't see anything interesting: https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_Server * Do you have multiple DCs? If yes, can you temporarily shut down Samba on all DCs except one and connect ADUC to this one and retry. And then do the same with an other DC. Just to make sure that it's not related to one DC. * Is this a new environment or is it an older AD that was more or less frequently updated? Regards, Marc
On Wed, 2017-08-02 at 21:09 +0530, Anantha Raghava via samba wrote:> Hi, > > We are using Samba AD DC (Version 4.6.5) on CentOS 7.3. We have two > servers with BIND9 DNS and all are working just fine. > > Today, when we attempted to move couple of users from one OU to > another, > Windows RSAT reported /*"Windows cannot move object. Ther*//*e > *//*is > not enough storage space*//*"*/.I wouldn't take the error string literally. There are too many layers of mapping going on. LDAP does not contain such an error, so think of it as a bad translation.> Our servers have 300 GB Storage more > that 270GB is free on the storage. At the moment we have added about > 1000 users and about 450 computers into domain. Overall, we will add > about 7500 users and equal no of computers to domain. I also noticed > that RSAT lost the connection to domain all of a sudden. However, > when I > restarted the samba-ad-dc service, it reconnected. I am able to add > new > computers and new users into domain. But moving the user from one OU > to > another is throwing above error. > > I believe the DB is a 32 bit one and should support upto 4 GB. When > I > checked in /usr/local/samba/private folder the size of smb.ldb file > is > about 4.1 MB and rest of the ldb and tdb files are around 1 MB in > size. > > Now, how do I correctly check the current DB size? Is the above error > a > strange behaviour? How do we fix the above error?Turn up the logging on the AD DC and see what the real error and error string is. Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Hello Andrew, From the day one, we set the log level to 3. Log size is really huge. However, I did not see some thing very interesting and related to this error. It is all to do with user login, information, etc. Should I have to increase the log level to get more info? One thing we noticed. When we restart the samba-ad-dc service, it allows us to add new users, add new computers to domain, and even move the user from one OU to another. However, from last two days, at around evening (around 4:45 PM), samba all of a sudden cuts off all users from domain and even fails to list the domain controllers in RSAT. If we restart samba-ad-dc, it starts working properly. Now we need to see, what is that event that is causing this cut off all of a sudden? Is it a shear coincidence? Or is it something to do with the large number of PCs are now getting added from different places? Incidentally, we use the same domain admin account (limited administrator) to add PCs to domain. Is this causing some problem? -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 03/08/17 8:09 AM, Andrew Bartlett wrote:> On Wed, 2017-08-02 at 21:09 +0530, Anantha Raghava via samba wrote: >> Hi, >> >> We are using Samba AD DC (Version 4.6.5) on CentOS 7.3. We have two >> servers with BIND9 DNS and all are working just fine. >> >> Today, when we attempted to move couple of users from one OU to >> another, >> Windows RSAT reported /*"Windows cannot move object. Ther*//*e >> *//*is >> not enough storage space*//*"*/. > I wouldn't take the error string literally. There are too many layers > of mapping going on. LDAP does not contain such an error, so think of > it as a bad translation. > >> Our servers have 300 GB Storage more >> that 270GB is free on the storage. At the moment we have added about >> 1000 users and about 450 computers into domain. Overall, we will add >> about 7500 users and equal no of computers to domain. I also noticed >> that RSAT lost the connection to domain all of a sudden. However, >> when I >> restarted the samba-ad-dc service, it reconnected. I am able to add >> new >> computers and new users into domain. But moving the user from one OU >> to >> another is throwing above error. >> >> I believe the DB is a 32 bit one and should support upto 4 GB. When >> I >> checked in /usr/local/samba/private folder the size of smb.ldb file >> is >> about 4.1 MB and rest of the ldb and tdb files are around 1 MB in >> size. >> >> Now, how do I correctly check the current DB size? Is the above error >> a >> strange behaviour? How do we fix the above error? > Turn up the logging on the AD DC and see what the real error and error > string is. > > Thanks, > > Andrew Bartlett >
Hello Marc,> Hi Anantha, > > Am 02.08.2017 um 17:39 schrieb Anantha Raghava via samba: >> Today, when we attempted to move couple of users from one OU to another, >> Windows RSAT reported /*"Windows cannot move object. Ther*//*e *//*is >> not enough storage space*//*"*/. Our servers have 300 GB Storage more >> that 270GB is free on the storage. At the moment we have added about >> 1000 users and about 450 computers into domain. Overall, we will add >> about 7500 users and equal no of computers to domain. I also noticed >> that RSAT lost the connection to domain all of a sudden. However, when I >> restarted the samba-ad-dc service, it reconnected. I am able to add new >> computers and new users into domain. But moving the user from one OU to >> another is throwing above error. >> >> I believe the DB is a 32 bit one and should support upto 4 GB. When I >> checked in /usr/local/samba/private folder the size of smb.ldb file is >> about 4.1 MB and rest of the ldb and tdb files are around 1 MB in size. > > Just some thoughts and things you can check: > > * Do you move only one or a few user objects or a large number at once?It depends. Sometimes one, many a times around 10 belonging to same group at once.> > * Does it happen also for other objects (computer accounts or groups)?We did not try. While we are adding the PCs to domain, we are working to reproduce our Organization Structure in AD OU and group structure.> > * Have you checked if there is maybe no free RAM left?Our physical server has 64 GB RAM. Utilization is only about 13%. Our Virtual Server has 16 GB RAM. Utilization is about 43%> > * Does it work after you restart Samba or reboot the host?Yes, it works after restarting the samba-ad-dc service.> > * I guess you already checked that the mount point, where your Samba > databases are located, is not full.samba databases are on "/". It has more than 270 GB free on physical server and on Virtual Server it more than 24GB free.> > * Does "samba-tool dbcheck --cross-ncs" reports any errors? Run it on > all Samba DCs.Will check & report back.> > * Do you see any errors in the log when you try to move an AD entry? > Increase the log level, in case you don't see anything interesting: > https://wiki.samba.org/index.php/Configuring_Logging_on_a_Samba_ServerLog level is set to 3 from day one. Log is too large. However, I did not notice anything related to this particular error. Will check in detail once again.> > * Do you have multiple DCs? If yes, can you temporarily shut down Samba > on all DCs except one and connect ADUC to this one and retry. And then > do the same with an other DC. Just to make sure that it's not related to > one DC.Will check & let you know.> > * Is this a new environment or is it an older AD that was more or less > frequently updated?This is a new environment. From last two days, samba, all of a sudden, cutting off all users from domain. It even fails to list domain controllers from RSAT. When we restart samba-ad-dc service, it starts working again. Except a flood of user log in attempts (many failed), did not see much information from logs? Do you suggest, we increase the log level to 4 and above to get more information? Another point for you to note. We use the same limited admin account to add PCs to domain from multiple places. Would it have caused something, resulted in this strange behaviour? Regards, Ananth> > > Regards, > Marc