Am 16.07.2015 um 17:18 schrieb Rowland Penny:> On 16/07/15 13:27, Reindl Harald wrote: >> >> Am 16.07.2015 um 14:02 schrieb Rowland Penny: >>> /etc/hosts should be: >>> >>> 127.0.0.1 localhost.localdomain localhost >> >> uhm no - you want 127.0.0.1 normally resolved to localhost and hence >> 127.0.0.1 localhost localhost.localdomain > > Ah NO, only if you are using a brain dead OS like red-hat :-) > > From 'man hosts' > > For each host a single line should be present with the following > information: > > IP_address canonical_hostname [aliases...] > > Optional aliases provide for name changes, alternate spellings, shorter > hostnames, or generic hostnames (for example, localhost)you quote exactly what i said gethostbyaddr will answer the canonical_hostname and not a random alias the real name for 127.0.0.1 is always localhost and hence that should not be the alias, frankly nobody needs the localhost.localdomain at all -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20150716/1c2d4dde/signature.sig>
mathias dufresne
2015-Jul-23 15:23 UTC
[Samba] 4.2.2 as AD with 2 DCs: database incoherency
Hi all,
I tried "samba-tool ldapcmp" several times to solve this issue,
without
success.
On DC acting as full FSMO:
dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan
ldap://dc20.ad.dgfip.lan domain
ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py",
line
968, in run
outf=self.outf, errf=self.errf)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py",
line
80, in __init__
self.server_names = self.find_servers()
File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py",
line
106, in find_servers
scope=SCOPE_SUBTREE, expression="(objectClass=computer)",
attrs=["cn"])
On the other one, which is the one with more group than the other:
dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan
ldap://dc20.ad.dgfip.lan domain
ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
968, in run
outf=self.outf, errf=self.errf)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line 83,
in __init__
self.get_sid_map()
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
257, in get_sid_map
expression="(objectSid=*)", scope=SCOPE_SUBTREE,
attrs=["objectSid",
"sAMAccountName"])
After modifying hostname configuration on FSMO which is a Centos for that
system does not reply FQDN when running "hostname" and not replying
short
name when running "hostname --fqdn", the error changed a bit on
non-FSMO:
dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan
ldap://dc20.ad.dgfip.lan domain
* Comparing [DOMAIN] context...
Failed search of base=DC=ad,DC=dgfip,DC=lan
ERROR(ldb): uncaught exception - LDAP client internal error:
NT_STATUS_UNEXPECTED_NETWORK_ERROR
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
979, in run
outf=self.outf, errf=self.errf)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
698, in __init__
self.dn_list = self.get_dn_list(context)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
841, in get_dn_list
res = self.con.ldb.search(base=self.search_base,
scope=self.search_scope, attrs=["dn"])
Finally I tried to demote non-FSMO DC:
dc00:~# samba-tool domain demote -Uadministrator
Using dc20.ad.dgfip.lan as partner server for the demotion
ERROR(<class 'samba.drs_utils.drsException'>): uncaught exception
-
drsException: DRS connection to dc20.ad.dgfip.lan failed: (-1073741643,
'{Device Timeout} The specified I/O operation on %hs was not completed
before the time-out period expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
693,
in run
(drsuapiBind, drsuapi_handle, supportedExtensions) drsuapi_connect(server,
lp, creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54,
in
drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server,
e))
And now before trying a MS Windows script to remove some broken DC from AD,
I come back to see if anyone has any clue to help me to solve that issue...
Best regards,
mathias
2015-07-16 17:31 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>:
>
>
> Am 16.07.2015 um 17:18 schrieb Rowland Penny:
>
>> On 16/07/15 13:27, Reindl Harald wrote:
>>
>>>
>>> Am 16.07.2015 um 14:02 schrieb Rowland Penny:
>>>
>>>> /etc/hosts should be:
>>>>
>>>> 127.0.0.1 localhost.localdomain localhost
>>>>
>>>
>>> uhm no - you want 127.0.0.1 normally resolved to localhost and
hence
>>> 127.0.0.1 localhost localhost.localdomain
>>>
>>
>> Ah NO, only if you are using a brain dead OS like red-hat :-)
>>
>> From 'man hosts'
>>
>> For each host a single line should be present with the following
>> information:
>>
>> IP_address canonical_hostname [aliases...]
>>
>> Optional aliases provide for name changes, alternate spellings, shorter
>> hostnames, or generic hostnames (for example, localhost)
>>
>
> you quote exactly what i said
> gethostbyaddr will answer the canonical_hostname and not a random alias
>
> the real name for 127.0.0.1 is always localhost and hence that should not
> be the alias, frankly nobody needs the localhost.localdomain at all
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On 23/07/15 16:23, mathias dufresne wrote:> Hi all, > > I tried "samba-tool ldapcmp" several times to solve this issue, without > success. > > On DC acting as full FSMO: > dc20:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 968, in run > outf=self.outf, errf=self.errf) > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 80, in __init__ > self.server_names = self.find_servers() > File "/usr/lib64/python2.6/site-packages/samba/netcmd/ldapcmp.py", line > 106, in find_servers > scope=SCOPE_SUBTREE, expression="(objectClass=computer)", attrs=["cn"]) > > On the other one, which is the one with more group than the other: > dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > ERROR(ldb): uncaught exception - ldb_wait: Time limit exceeded (3) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 968, in run > outf=self.outf, errf=self.errf) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line 83, > in __init__ > self.get_sid_map() > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 257, in get_sid_map > expression="(objectSid=*)", scope=SCOPE_SUBTREE, attrs=["objectSid", > "sAMAccountName"]) > > After modifying hostname configuration on FSMO which is a Centos for that > system does not reply FQDN when running "hostname" and not replying short > name when running "hostname --fqdn", the error changed a bit on non-FSMO: > > dc00:~# samba-tool ldapcmp ldap://dc00.ad.dgfip.lan > ldap://dc20.ad.dgfip.lan domain > > * Comparing [DOMAIN] context... > Failed search of base=DC=ad,DC=dgfip,DC=lan > ERROR(ldb): uncaught exception - LDAP client internal error: > NT_STATUS_UNEXPECTED_NETWORK_ERROR > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 979, in run > outf=self.outf, errf=self.errf) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 698, in __init__ > self.dn_list = self.get_dn_list(context) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py", line > 841, in get_dn_list > res = self.con.ldb.search(base=self.search_base, > scope=self.search_scope, attrs=["dn"]) > > Finally I tried to demote non-FSMO DC: > > dc00:~# samba-tool domain demote -Uadministrator > Using dc20.ad.dgfip.lan as partner server for the demotion > ERROR(<class 'samba.drs_utils.drsException'>): uncaught exception - > drsException: DRS connection to dc20.ad.dgfip.lan failed: (-1073741643, > '{Device Timeout} The specified I/O operation on %hs was not completed > before the time-out period expired.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 693, > in run > (drsuapiBind, drsuapi_handle, supportedExtensions) > drsuapi_connect(server, lp, creds) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in > drsuapi_connect > raise drsException("DRS connection to %s failed: %s" % (server, e)) > > And now before trying a MS Windows script to remove some broken DC from AD, > I come back to see if anyone has any clue to help me to solve that issue... > > Best regards, > > mathias > > > 2015-07-16 17:31 GMT+02:00 Reindl Harald <h.reindl at thelounge.net>: > >> >> Am 16.07.2015 um 17:18 schrieb Rowland Penny: >> >>> On 16/07/15 13:27, Reindl Harald wrote: >>> >>>> Am 16.07.2015 um 14:02 schrieb Rowland Penny: >>>> >>>>> /etc/hosts should be: >>>>> >>>>> 127.0.0.1 localhost.localdomain localhost >>>>> >>>> uhm no - you want 127.0.0.1 normally resolved to localhost and hence >>>> 127.0.0.1 localhost localhost.localdomain >>>> >>> Ah NO, only if you are using a brain dead OS like red-hat :-) >>> >>> From 'man hosts' >>> >>> For each host a single line should be present with the following >>> information: >>> >>> IP_address canonical_hostname [aliases...] >>> >>> Optional aliases provide for name changes, alternate spellings, shorter >>> hostnames, or generic hostnames (for example, localhost) >>> >> you quote exactly what i said >> gethostbyaddr will answer the canonical_hostname and not a random alias >> >> the real name for 127.0.0.1 is always localhost and hence that should not >> be the alias, frankly nobody needs the localhost.localdomain at all >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>This sounds more & more like a DNS problem. I tried Centos and had a hard time getting DNS to work properly, something that is easy on Debian. You need to be able to ping each DC from the other, by short hostname and by FQDN, you should also be able to run 'host -t A <short_hostname_of_other_DC>' and 'host -t A <fqdn_hostname_of_other_DC>' and get a result. /etc/resolv.conf needs to point first at the other DC, then to itself /etc/hosts should contain at a minimum '127.0.0.1 localhost' , you can also have '127.0.0.1 localhost.localdomain localhost' You can add the ipaddresses of the DCs to /etc/hosts i.e. 192.168.0.2 dc1.example.com dc1 192.168.0.3 dc2.example.com dc2 Though you shouldn't have to, if the DNS servers are working correctly. Running 'hostname' should return just the short hostname, running 'hostname -f' or 'hostname --fqdn' should return the FQDN hostname, /etc/hostname should contain just the DCs short hostname, when I tried out Centos, I seem to remember finding that it contained 'localhost.localdomain', something it should never contain. Rowland