Stefan G. Weichinger
2022-Nov-24 16:17 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
found https://www.spinics.net/lists/samba/msg162375.html - "samba-tool spn list adc1$" looks different on adc1 and adc2, while for adc2$ it looks the same -> root at adc1:~# samba-tool spn list adc1$ adc1$ User CN=ADC1,OU=Domain Controllers,DC=arbeitsgruppe,DC=my,DC=tld has the following servicePrincipalName: HOST/ADC1 HOST/adc1.arbeitsgruppe.my.tld GC/adc1.arbeitsgruppe.my.tld/arbeitsgruppe.my.tld E3514235-4B06-11D1-AB04-00C04FC2DCD2/2ea0c6cd-cc15-4db7-8fe3-378491fc08e8/arbeitsgruppe.my.tld HOST/adc1.arbeitsgruppe.my.tld/ARBEITSGRUPPE ldap/adc1.arbeitsgruppe.my.tld/ARBEITSGRUPPE ldap/adc1.arbeitsgruppe.my.tld HOST/adc1.arbeitsgruppe.my.tld/arbeitsgruppe.my.tld ldap/adc1.arbeitsgruppe.my.tld/arbeitsgruppe.my.tld ldap/2ea0c6cd-cc15-4db7-8fe3-378491fc08e8._msdcs.arbeitsgruppe.my.tld ldap/ADC1 RestrictedKrbHost/ADC1 RestrictedKrbHost/adc1.arbeitsgruppe.my.tld ldap/adc1.arbeitsgruppe.my.tld/DomainDnsZones.arbeitsgruppe.my.tld ldap/adc1.arbeitsgruppe.my.tld/ForestDnsZones.arbeitsgruppe.my.tld root at adc2:~# samba-tool spn list adc1$ adc1$ User CN=ADC1,OU=Domain Controllers,DC=arbeitsgruppe,DC=my,DC=tld has the following servicePrincipalName: HOST/ADC1 HOST/adc1.arbeitsgruppe.my.tld GC/adc1.arbeitsgruppe.my.tld/arbeitsgruppe.my.tld E3514235-4B06-11D1-AB04-00C04FC2DCD2/2ea0c6cd-cc15-4db7-8fe3-378491fc08e8/arbeitsgruppe.my.tld - maybe I should demote adc1 again, then check for spn and remove, if it exists, then rejoin ... ?
Stefan G. Weichinger
2022-Nov-24 17:22 UTC
[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Am 24.11.22 um 17:17 schrieb Stefan G. Weichinger via samba:> maybe I should demote adc1 again, then check for spn and remove, if it > exists, then rejoin ... ?after some other things ... currently the spns look good dbcheck ok on both DCs drs showrepl good on both DCs ... logs quite quiet (no obvious errors) But still that winbind-issue on adc1 I can't tell how much of a problem that is for a DC right now. To me it seems that no clients connect to adc1 ... but maybe I am wrong. After a day of fiddling I let it as it is and look forward to some helpful hint .. thanks all.