Rowland Penny
2018-Dec-26 13:24 UTC
[Samba] After upgrade to 4.9.4, internal DNS no longer working
On Wed, 26 Dec 2018 11:43:37 +0100 Viktor Trojanovic <viktor at troja.ch> wrote:> I could really use some support with this. I understand it's always > possible to just restore from a backup but the more interesting > question is if something can be done with the data at hand. > Basically, I'm trying to understand how it's possible that a dbcheck > shows no errors, an ldbsearch is successful, and yet it's not > possible to start the AD properly. What else is there that could be > corrupted, and is there a way to repair it? >OK, I have been reviewing all the posts in this thread and I have a few questions ;-) You posted that you are running the DC using the internal DNS server, but you also posted this: All checks on the flat files work fine What 'flat files' ? Are you referring to Bind9 flat files ? There is also this: kdc_task_init: Cannot determine if we are an RODC: operations error at ../source4/dsdb/common/util.c:3534 task_server_terminate: task_server_terminate: [kdc: krb5_init_context samdb RODC connect failed] Why is 'RODC' getting mentioned ? Can you post the contents of: /etc/hostname /etc/nsswitch.conf Could the separate Samba daemons (smbd, nmbd, winbind) be being started instead of/as well as the 'samba' daemon ? Rowland
Viktor Trojanovic
2018-Dec-26 13:40 UTC
[Samba] After upgrade to 4.9.4, internal DNS no longer working
Hi Rowland, Thanks for taking an interest. On Wed, 26 Dec 2018 at 14:27, Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 26 Dec 2018 11:43:37 +0100 > Viktor Trojanovic <viktor at troja.ch> wrote: > > > I could really use some support with this. I understand it's always > > possible to just restore from a backup but the more interesting > > question is if something can be done with the data at hand. > > Basically, I'm trying to understand how it's possible that a dbcheck > > shows no errors, an ldbsearch is successful, and yet it's not > > possible to start the AD properly. What else is there that could be > > corrupted, and is there a way to repair it? > > > > OK, I have been reviewing all the posts in this thread and I have a few > questions ;-) > > You posted that you are running the DC using the internal DNS server, > but you also posted this: > > All checks on the flat files work fine > > What 'flat files' ? > Are you referring to Bind9 flat files ? > >No. I meant the *.tdb and *.ldb files in the samba directory. I'm using the internal DNS server, I don't have Bind installed, never had.> There is also this: > > kdc_task_init: Cannot determine if we are an RODC: operations error at > ../source4/dsdb/common/util.c:3534 > task_server_terminate: task_server_terminate: [kdc: krb5_init_context > samdb RODC connect failed] > > Why is 'RODC' getting mentioned ? > >I don't even know what RODC is. :) This is a regular AD DC install as it is described on the Wiki, I didn't do anything exotic there.> Can you post the contents of: > > /etc/hostname >DC1> /etc/nsswitch.conf > >passwd: files winbind mymachines systemd group: files winbind mymachines systemd shadow: files publickey: files hosts: files mymachines myhostname resolve [!UNAVAIL=return] dns networks: files protocols: files services: files ethers: files rpc: files netgroup: files Could the separate Samba daemons (smbd, nmbd, winbind) be being started> instead of/as well as the 'samba' daemon ? > >No, it's really just the "Samba AD Daemon" (samba.service). smbd (smb.service), nmbd (nmb.service), as well as winbindd (winbind.service) are not started. As you could see from the log, the binaries such as smbd and winbindd are indeed started but I guess that is done by Samba automatically?
Rowland Penny
2018-Dec-26 14:02 UTC
[Samba] After upgrade to 4.9.4, internal DNS no longer working
On Wed, 26 Dec 2018 14:40:10 +0100 Viktor Trojanovic <viktor at troja.ch> wrote:> Hi Rowland, > > Thanks for taking an interest. > > On Wed, 26 Dec 2018 at 14:27, Rowland Penny via samba > <samba at lists.samba.org> wrote: > > > On Wed, 26 Dec 2018 11:43:37 +0100 > > Viktor Trojanovic <viktor at troja.ch> wrote: > > > > > I could really use some support with this. I understand it's > > > always possible to just restore from a backup but the more > > > interesting question is if something can be done with the data at > > > hand. Basically, I'm trying to understand how it's possible that > > > a dbcheck shows no errors, an ldbsearch is successful, and yet > > > it's not possible to start the AD properly. What else is there > > > that could be corrupted, and is there a way to repair it? > > > > > > > OK, I have been reviewing all the posts in this thread and I have a > > few questions ;-) > > > > You posted that you are running the DC using the internal DNS > > server, but you also posted this: > > > > All checks on the flat files work fine > > > > What 'flat files' ? > > Are you referring to Bind9 flat files ? > > > > > No. I meant the *.tdb and *.ldb files in the samba directory. I'm > using the internal DNS server, I don't have Bind installed, never had.Good, 'flat files' usually refers to the Bind9 zones conf files.> > > > There is also this: > > > > kdc_task_init: Cannot determine if we are an RODC: operations error > > at ../source4/dsdb/common/util.c:3534 > > task_server_terminate: task_server_terminate: [kdc: > > krb5_init_context samdb RODC connect failed] > > > > Why is 'RODC' getting mentioned ? > > > > > I don't even know what RODC is. :) This is a regular AD DC install as > it is described on the Wiki, I didn't do anything exotic there.A normal DC is an RWDC (Read Write Domain Controller), an RODC is a 'Read Only Domain Controller' For some reason, Your Samba is getting confused> > > > Can you post the contents of: > > > > /etc/hostname > > > > DC1 > > > > /etc/nsswitch.conf > > > > > passwd: files winbind mymachines systemd > group: files winbind mymachines systemd > shadow: files > > publickey: files > > hosts: files mymachines myhostname resolve [!UNAVAIL=return] dnsTry the above line like this: hosts: files dns> networks: files > > protocols: files > services: files > ethers: files > rpc: files > > netgroup: files > > > Could the separate Samba daemons (smbd, nmbd, winbind) be being > started > > instead of/as well as the 'samba' daemon ? > > > > > No, it's really just the "Samba AD Daemon" (samba.service). smbd > (smb.service), nmbd (nmb.service), as well as winbindd > (winbind.service) are not started. As you could see from the log, the > binaries such as smbd and winbindd are indeed started but I guess > that is done by Samba automatically?Yes, the 'samba' daemon does start smbd & winbind, but it was just a thought. Check if systemd is starting any other dns server (resolved ?) Rowland