Martin, Here you go, # echo "mypassword" | net --no-dns-updates -U service-account-name ads testjoin domain.local kerberos_kinit_password NETBIOS_NAME$@DOMAIN.LOCAL failed: Client not found in Kerberos database Join to domain is not valid: The name provided is not a properly formed account name. On Wed, Sep 30, 2020 at 9:34 PM Martin Schwenke <martin at meltin.net> wrote:> Hi Bob, > > On Wed, 30 Sep 2020 08:59:41 -0400, Robert Buck <robert.buck at som.com> > wrote: > > > [...] > > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * Could not > > fetch our SID - did we join?* > > > > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: *[2020/09/30 > > 12:58:25.161629, 0] > > ../../source3/winbindd/winbindd.c:1462(winbindd_register_handlers)* > > > > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * unable to > > initialize domain list* > > This looks to be a generic winbind and domain joining issue, which > probably doesn't have anything to do with CTDB. Phew... :-) > > Searching for "Could not fetch our SID - did we join?" gets a bunch of > hits, including this one: > > > http://samba.2283325.n4.nabble.com/Winbind-error-quot-Could-not-fetch-our-SID-did-we-join-quot-td4726277.html > > Did you use "net ads join" to join the domain? What does "net ads > testjoin" say? > > peace & happiness, > martin > >-- BOB BUCK SENIOR PLATFORM SOFTWARE ENGINEER SKIDMORE, OWINGS & MERRILL 7 WORLD TRADE CENTER 250 GREENWICH STREET NEW YORK, NY 10007 T (212) 298-9624 ROBERT.BUCK at SOM.COM
And more information, wondering about DNS issues or DC issues... # wbinfo --ping-dc checking the NETLOGON for domain[MYDOMAINNAME] dc connection to "" failed failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND On Thu, Oct 1, 2020 at 9:21 AM Robert Buck <robert.buck at som.com> wrote:> Martin, > > Here you go, > > # echo "mypassword" | net --no-dns-updates -U service-account-name ads > testjoin domain.local > > kerberos_kinit_password NETBIOS_NAME$@DOMAIN.LOCAL failed: Client not > found in Kerberos database > > Join to domain is not valid: The name provided is not a properly formed > account name. > > On Wed, Sep 30, 2020 at 9:34 PM Martin Schwenke <martin at meltin.net> wrote: > >> Hi Bob, >> >> On Wed, 30 Sep 2020 08:59:41 -0400, Robert Buck <robert.buck at som.com> >> wrote: >> >> > [...] >> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * Could not >> > fetch our SID - did we join?* >> > >> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: *[2020/09/30 >> > 12:58:25.161629, 0] >> > ../../source3/winbindd/winbindd.c:1462(winbindd_register_handlers)* >> > >> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * unable to >> > initialize domain list* >> >> This looks to be a generic winbind and domain joining issue, which >> probably doesn't have anything to do with CTDB. Phew... :-) >> >> Searching for "Could not fetch our SID - did we join?" gets a bunch of >> hits, including this one: >> >> >> http://samba.2283325.n4.nabble.com/Winbind-error-quot-Could-not-fetch-our-SID-did-we-join-quot-td4726277.html >> >> Did you use "net ads join" to join the domain? What does "net ads >> testjoin" say? >> >> peace & happiness, >> martin >> >> > > -- > > BOB BUCK > SENIOR PLATFORM SOFTWARE ENGINEER > > SKIDMORE, OWINGS & MERRILL > 7 WORLD TRADE CENTER > 250 GREENWICH STREET > NEW YORK, NY 10007 > T (212) 298-9624 > ROBERT.BUCK at SOM.COM >-- BOB BUCK SENIOR PLATFORM SOFTWARE ENGINEER SKIDMORE, OWINGS & MERRILL 7 WORLD TRADE CENTER 250 GREENWICH STREET NEW YORK, NY 10007 T (212) 298-9624 ROBERT.BUCK at SOM.COM
On 01/10/2020 14:35, Robert Buck via samba wrote:> And more information, wondering about DNS issues or DC issues... > > # wbinfo --ping-dc > > checking the NETLOGON for domain[MYDOMAINNAME] dc connection to "" failed > > failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND > > On Thu, Oct 1, 2020 at 9:21 AM Robert Buck <robert.buck at som.com> wrote: > >> Martin, >> >> Here you go, >> >> # echo "mypassword" | net --no-dns-updates -U service-account-name ads >> testjoin domain.local >> >> kerberos_kinit_password NETBIOS_NAME$@DOMAIN.LOCAL failed: Client not >> found in Kerberos database >> >> Join to domain is not valid: The name provided is not a properly formed >> account name. >> >> On Wed, Sep 30, 2020 at 9:34 PM Martin Schwenke <martin at meltin.net> wrote: >> >>> Hi Bob, >>> >>> On Wed, 30 Sep 2020 08:59:41 -0400, Robert Buck <robert.buck at som.com> >>> wrote: >>> >>>> [...] >>>> Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * Could not >>>> fetch our SID - did we join?* >>>> >>>> Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: *[2020/09/30 >>>> 12:58:25.161629, 0] >>>> ../../source3/winbindd/winbindd.c:1462(winbindd_register_handlers)* >>>> >>>> Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * unable to >>>> initialize domain list* >>> This looks to be a generic winbind and domain joining issue, which >>> probably doesn't have anything to do with CTDB. Phew... :-) >>> >>> Searching for "Could not fetch our SID - did we join?" gets a bunch of >>> hits, including this one: >>> >>> >>> http://samba.2283325.n4.nabble.com/Winbind-error-quot-Could-not-fetch-our-SID-did-we-join-quot-td4726277.html >>> >>> Did you use "net ads join" to join the domain? What does "net ads >>> testjoin" say? >>> >>> peace & happiness, >>> martin >>> >>> >> -- >> >> BOB BUCK >> SENIOR PLATFORM SOFTWARE ENGINEER >> >> SKIDMORE, OWINGS & MERRILL >> 7 WORLD TRADE CENTER >> 250 GREENWICH STREET >> NEW YORK, NY 10007 >> T (212) 298-9624 >> ROBERT.BUCK at SOM.COM >> >Can you please post the smb.conf you are using. Rowland
Hi Martin It seems as though, when I go from `clustering = no` to `clustering = yes`, if I do a domain join, it will fail. However, if I do a `systemctl restart ctdb` (knowing full well it will fail every time), if after this I add a sleep(15), then do a domain join, then do a `systemctl restart ctdb`, then the join will have worked, AND CTDB will start properly. So in a nutshell, in Ansible, - do all the samba setup without clustering on, even winbind setup; verify it works - do all the ctdb setup and turn clustering on, but we must again domain-join, but only after having run restart-ctdb once first, then after the join, do another restart-ctdb Only then does the system come to a stable point. This appears to be the only way to have a repeatable deployment process of CTDB over multiple regions globally. Any thoughts or recommendations? Bob On Thu, Oct 1, 2020 at 9:35 AM Robert Buck <robert.buck at som.com> wrote:> And more information, wondering about DNS issues or DC issues... > > # wbinfo --ping-dc > > checking the NETLOGON for domain[MYDOMAINNAME] dc connection to "" failed > > failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND > > On Thu, Oct 1, 2020 at 9:21 AM Robert Buck <robert.buck at som.com> wrote: > >> Martin, >> >> Here you go, >> >> # echo "mypassword" | net --no-dns-updates -U service-account-name ads >> testjoin domain.local >> >> kerberos_kinit_password NETBIOS_NAME$@DOMAIN.LOCAL failed: Client not >> found in Kerberos database >> >> Join to domain is not valid: The name provided is not a properly formed >> account name. >> >> On Wed, Sep 30, 2020 at 9:34 PM Martin Schwenke <martin at meltin.net> >> wrote: >> >>> Hi Bob, >>> >>> On Wed, 30 Sep 2020 08:59:41 -0400, Robert Buck <robert.buck at som.com> >>> wrote: >>> >>> > [...] >>> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * Could not >>> > fetch our SID - did we join?* >>> > >>> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: *[2020/09/30 >>> > 12:58:25.161629, 0] >>> > ../../source3/winbindd/winbindd.c:1462(winbindd_register_handlers)* >>> > >>> > Sep 30 12:58:25 euw2-samba-server-c21-01 winbindd[484378]: * unable to >>> > initialize domain list* >>> >>> This looks to be a generic winbind and domain joining issue, which >>> probably doesn't have anything to do with CTDB. Phew... :-) >>> >>> Searching for "Could not fetch our SID - did we join?" gets a bunch of >>> hits, including this one: >>> >>> >>> http://samba.2283325.n4.nabble.com/Winbind-error-quot-Could-not-fetch-our-SID-did-we-join-quot-td4726277.html >>> >>> Did you use "net ads join" to join the domain? What does "net ads >>> testjoin" say? >>> >>> peace & happiness, >>> martin >>> >>> >> >> -- >> >> BOB BUCK >> SENIOR PLATFORM SOFTWARE ENGINEER >> >> SKIDMORE, OWINGS & MERRILL >> 7 WORLD TRADE CENTER >> 250 GREENWICH STREET >> NEW YORK, NY 10007 >> T (212) 298-9624 >> ROBERT.BUCK at SOM.COM >> > > > -- > > BOB BUCK > SENIOR PLATFORM SOFTWARE ENGINEER > > SKIDMORE, OWINGS & MERRILL > 7 WORLD TRADE CENTER > 250 GREENWICH STREET > NEW YORK, NY 10007 > T (212) 298-9624 > ROBERT.BUCK at SOM.COM >-- BOB BUCK SENIOR PLATFORM SOFTWARE ENGINEER SKIDMORE, OWINGS & MERRILL 7 WORLD TRADE CENTER 250 GREENWICH STREET NEW YORK, NY 10007 T (212) 298-9624 ROBERT.BUCK at SOM.COM