Stefan G. Weichinger
2022-Nov-22 11:00 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 22.11.22 um 11:34 schrieb Stefan G. Weichinger via samba:> Am 22.11.22 um 10:59 schrieb Stefan G. Weichinger via samba: >> Am 22.11.22 um 10:00 schrieb Andrew Bartlett: >>> On Tue, 2022-11-22 at 09:53 +0100, Stefan G. Weichinger via samba >>> wrote: >>>> Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba: >>>> >>>>> but I don't have it OK yet: >>>> >>>> Update: seems OK now >>>> >>>> I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now. >>>> >>>> Vacation starts on thursday ... >>> >>> It really comes down to how much you trust your users. ?Remember that >>> each of them is domain admin in Samba 4.16.2 >> >> Hmm, yes, that sounds scary. Although the users there should be >> trustworthy. >> >> I check that DNS/resolved-issue again and retry the upgrade to 4.17.3 >> soon. > > On 4.17.3 now on one DC. > > The DCs recently also became Kea-DHCP-servers, so they have interfaces > in various VLANs. > > That seems to mess with winbind ... > > # wbinfo -u > could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE > could not obtain winbind domain name! > Error looking up domain users > > I added this to smb.conf: > > bind interfaces only = yes > interfaces = lo enp0s31f6 > > .. to only let the DC run in the LAN. > > Restarted samba-ad-dc.service, doesn't help. > > systemd-resolved is disabled and stoppped > > > > journal shows: > > Nov 22 11:25:33 adc2 samba[303310]:?? /usr/sbin/samba_dnsupdate: ; TSIG > error with server: tsig verify failure > Nov 22 11:25:33 adc2 samba[303310]: [2022/11/22 11:25:33.849094,? 0] > ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler) > Nov 22 11:25:33 adc2 samba[303310]:?? /usr/sbin/samba_dnsupdate: ; TSIG > error with server: tsig verify failure > Nov 22 11:25:33 adc2 samba[303310]: [2022/11/22 11:25:33.920546,? 0] > ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done) > Nov 22 11:25:33 adc2 samba[303310]:?? dnsupdate_nameupdate_done: Failed > DNS update with exit code 20 > > - > > DRS replication seems to work, though > > random tests: > > # wbinfo -t > could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE > could not obtain winbind domain name! > checking the trust secret for domain (null) via RPC calls failed > failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE > Could not check secret > > # wbinfo --ping-dc > could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE > could not obtain winbind domain name! > checking the NETLOGON for domain[] dc connection to "" failed > failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE > > - > > winbindd is running according to journal and "ps avx"Additional observations on ADC2: # tail log.samba [2022/11/22 11:52:06.058000, 1] ../../source4/dsdb/kcc/garbage_collect_tombstones.c:67(garbage_collect_tombstones_part) Doing a full scan on CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at and looking for deleted objects [2022/11/22 11:53:57.118027, 1] ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) dns_server_process_query_got_auth: Failed to add SOA record: WERR_DNS_ERROR_RCODE_FORMAT_ERROR [2022/11/22 11:53:57.959838, 1] ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) dns_server_process_query_got_auth: Failed to add SOA record: WERR_DNS_ERROR_RCODE_FORMAT_ERROR [2022/11/22 11:54:24.196900, 1] ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) dns_server_process_query_got_auth: Failed to add SOA record: WERR_DNS_ERROR_RCODE_FORMAT_ERROR [2022/11/22 11:54:25.032117, 1] ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) dns_server_process_query_got_auth: Failed to add SOA record: WERR_DNS_ERROR_RCODE_FORMAT_ERROR # tail log.wb-ARBEITSGRUPPE [2022/11/20 00:00:07.109539, 1] ../../source3/winbindd/winbindd.c:364(winbindd_sig_hup_handler) Reloading services after SIGHUP [2022/11/22 09:03:04.040791, 0] ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=0) [2022/11/22 11:22:52.368820, 0] ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=0) [2022/11/22 11:50:17.402770, 0] ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=0) [2022/11/22 11:58:34.500594, 0] ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=0)
Stefan G. Weichinger
2022-Nov-22 12:23 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 22.11.22 um 12:00 schrieb Stefan G. Weichinger via samba:> Additional observations on ADC2: > > # tail log.samba > [2022/11/22 11:52:06.058000,? 1] > ../../source4/dsdb/kcc/garbage_collect_tombstones.c:67(garbage_collect_tombstones_part) > ? Doing a full scan on > CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at and looking for > deleted objects > [2022/11/22 11:53:57.118027,? 1] > ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) > ? dns_server_process_query_got_auth: Failed to add SOA record: > WERR_DNS_ERROR_RCODE_FORMAT_ERROR > [2022/11/22 11:53:57.959838,? 1] > ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) > ? dns_server_process_query_got_auth: Failed to add SOA record: > WERR_DNS_ERROR_RCODE_FORMAT_ERROR > [2022/11/22 11:54:24.196900,? 1] > ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) > ? dns_server_process_query_got_auth: Failed to add SOA record: > WERR_DNS_ERROR_RCODE_FORMAT_ERROR > [2022/11/22 11:54:25.032117,? 1] > ../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth) > ? dns_server_process_query_got_auth: Failed to add SOA record: > WERR_DNS_ERROR_RCODE_FORMAT_ERRORI fixed this one by removing wrong A-Records from the DNS: there was one entry per VLAN for the DCs ...> # tail log.wb-ARBEITSGRUPPE > [2022/11/20 00:00:07.109539,? 1] > ../../source3/winbindd/winbindd.c:364(winbindd_sig_hup_handler) > ? Reloading services after SIGHUP > [2022/11/22 09:03:04.040791,? 0] > ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) > ? Got sig[15] terminate (is_parent=0) > [2022/11/22 11:22:52.368820,? 0] > ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) > ? Got sig[15] terminate (is_parent=0) > [2022/11/22 11:50:17.402770,? 0] > ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) > ? Got sig[15] terminate (is_parent=0) > [2022/11/22 11:58:34.500594,? 0] > ../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler) > ? Got sig[15] terminate (is_parent=0)winbindd still just terminates somehow increased loglevel to 5 -> [2022/11/22 13:19:27.912603, 5] ../../source3/winbindd/winbindd_dual_srv.c:72(_wbint_InitConnection) _wbint_InitConnection: ARBEITSGRUPPE returning without initialization online = 1