Thanks Rowland, for the thoughts. > If you are running Samba4 as an AD DC, you should never start the nmbd > deamon, you should also never start smbd manually. Yes, I could optimize to use /etc/init.d/samba-ad-dc immediately,but in fact this is what /etc/init.d/samba does. The messages with "AD DC daemon" are generated by that script, and it is the failing one. > What you are trying to do is, in my opinion, the wrong way to go about > fixing the problem, you really should try to ascertain why you are > losing sync. Agreed. But I've no idea how to troubleshoot that issue. Any help on fixing the cause is also appreciated. Am 30.11.2015 um 12:13 schrieb Rowland Penny:> On 30/11/15 10:01, Lars Hanke wrote: >> For some reason my secondary DC loses sync every once in a while. It >> looks like this in samba-tool drs showrepl: >> >> Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 >> (WERR_ACCESS_DENIED) >> 229 consecutive failure(s). >> Last success @ Wed Nov 18 18:48:07 2015 CET >> >> Restarting samba fixes the issue for an unpredictable time. Sometimes >> hours, sometimes many weeks. So I wrote a script to restart samba in >> this case: >> >> #!/bin/bash >> # >> # Check if samba replication broke down and restart samba in this case >> # >> SAMBA_TOOL=/usr/bin/samba-tool >> SED=/bin/sed >> MAIL=/usr/bin/mail >> RM=/bin/rm >> MKTMP=/bin/mktemp >> >> FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive >> failure(s)\.$/p"` >> >> if [[ -n "$FAIL" ]]; then >> TMP=$($MKTMP) >> $SAMBA_TOOL drs showrepl > "$TMP" >> echo "Restart ..." >> "$TMP" >> /etc/init.d/samba restart >> "$TMP" >> echo "... done!" >> "$TMP" >> $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" >> $RM -f "$TMP" >> fi >> >> And it works perfectly, if I run it manually. However, the idea is to >> run it by cron every 5 minutes. But when it's run from cron restarting >> samba fails: >> >> Restart ... >> Stopping NetBIOS name server: nmbd. >> Stopping SMB/CIFS daemon: smbd. >> Stopping Samba AD DC daemon: samba. >> Starting Samba AD DC daemon: samba failed! >> ... done! > > I think you may be using the wrong start/stop/restart init script. On > Debian there are usually 4 samba init scripts: > > nmbd > smbd > samba > samba-ad-dc > > There is also the winbind init script, but this will only be installed > if you are using winbind i.e. on a domain member > > The nmbd & smbd init scripts are there to start and stop the individual > deamons, the samba init script runs both of the nmbd & smbd init > scripts, samba-ad-dc starts/stops the samba deamon, which will then > start the smbd deamon. > > If you are running Samba4 as an AD DC, you should never start the nmbd > deamon, you should also never start smbd manually. > > What you are trying to do is, in my opinion, the wrong way to go about > fixing the problem, you really should try to ascertain why you are > losing sync. > > Rowland > >> >> Running the same script manually from a root shell works however fine. >> >> The system is Debian Jessie using samba 4.1.17-Debian. I start the >> script using the following entry in root's crontab: >> >> */5 * * * * /root/samba-restart.sh >> >> Any ideas what I'm doing wrong? >> >> Thanks for your help, >> - lars. >> > >
On 30/11/15 12:35, Lars Hanke wrote:> Thanks Rowland, for the thoughts. > > > If you are running Samba4 as an AD DC, you should never start the nmbd > > deamon, you should also never start smbd manually. > > Yes, I could optimize to use /etc/init.d/samba-ad-dc immediately,but > in fact this is what /etc/init.d/samba does. The messages with "AD DC > daemon" are generated by that script, and it is the failing one.Yes, you are correct running /etc/init.d/samba does run samba-ad-dc, but I still wouldn't run it, this is part of that script: case $1 in start) /etc/init.d/nmbd start /etc/init.d/smbd start /etc/init.d/samba-ad-dc start ;; So, it checks if it should start nmbd, exits because it shouldn't, checks if it should start smbd, exits because it shouldn't, it then checks if it should start samba and because it should, it does. Why bother with all the above, just use samba-ad-dc instead.> > > What you are trying to do is, in my opinion, the wrong way to go about > > fixing the problem, you really should try to ascertain why you are > > losing sync. > > Agreed. But I've no idea how to troubleshoot that issue. Any help on > fixing the cause is also appreciated. > >You are going to have to supply more info, is there anything in the logs when replication fails? If not, try raising the log level until you do get something. Rowland> Am 30.11.2015 um 12:13 schrieb Rowland Penny: >> On 30/11/15 10:01, Lars Hanke wrote: >>> For some reason my secondary DC loses sync every once in a while. It >>> looks like this in samba-tool drs showrepl: >>> >>> Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 >>> (WERR_ACCESS_DENIED) >>> 229 consecutive failure(s). >>> Last success @ Wed Nov 18 18:48:07 2015 CET >>> >>> Restarting samba fixes the issue for an unpredictable time. Sometimes >>> hours, sometimes many weeks. So I wrote a script to restart samba in >>> this case: >>> >>> #!/bin/bash >>> # >>> # Check if samba replication broke down and restart samba in this case >>> # >>> SAMBA_TOOL=/usr/bin/samba-tool >>> SED=/bin/sed >>> MAIL=/usr/bin/mail >>> RM=/bin/rm >>> MKTMP=/bin/mktemp >>> >>> FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive >>> failure(s)\.$/p"` >>> >>> if [[ -n "$FAIL" ]]; then >>> TMP=$($MKTMP) >>> $SAMBA_TOOL drs showrepl > "$TMP" >>> echo "Restart ..." >> "$TMP" >>> /etc/init.d/samba restart >> "$TMP" >>> echo "... done!" >> "$TMP" >>> $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" >>> $RM -f "$TMP" >>> fi >>> >>> And it works perfectly, if I run it manually. However, the idea is to >>> run it by cron every 5 minutes. But when it's run from cron restarting >>> samba fails: >>> >>> Restart ... >>> Stopping NetBIOS name server: nmbd. >>> Stopping SMB/CIFS daemon: smbd. >>> Stopping Samba AD DC daemon: samba. >>> Starting Samba AD DC daemon: samba failed! >>> ... done! >> >> I think you may be using the wrong start/stop/restart init script. On >> Debian there are usually 4 samba init scripts: >> >> nmbd >> smbd >> samba >> samba-ad-dc >> >> There is also the winbind init script, but this will only be installed >> if you are using winbind i.e. on a domain member >> >> The nmbd & smbd init scripts are there to start and stop the individual >> deamons, the samba init script runs both of the nmbd & smbd init >> scripts, samba-ad-dc starts/stops the samba deamon, which will then >> start the smbd deamon. >> >> If you are running Samba4 as an AD DC, you should never start the nmbd >> deamon, you should also never start smbd manually. >> >> What you are trying to do is, in my opinion, the wrong way to go about >> fixing the problem, you really should try to ascertain why you are >> losing sync. >> >> Rowland >> >>> >>> Running the same script manually from a root shell works however fine. >>> >>> The system is Debian Jessie using samba 4.1.17-Debian. I start the >>> script using the following entry in root's crontab: >>> >>> */5 * * * * /root/samba-restart.sh >>> >>> Any ideas what I'm doing wrong? >>> >>> Thanks for your help, >>> - lars. >>> >> >> > >
> Why bother with all the above, just use samba-ad-dc instead.Yes, I streamlined the script somewhat. Let's see what happens when replication fails next time. > You are going to have to supply more info, is there anything in the logs > when replication fails? > If not, try raising the log level until you do get something. Anything specific I should look for? As said it happens at unpredictable intervals, usually after many days. An of course I cannot leave the system in that state for long. So I have to get as many information at once. Any recommendation for settings? Am 30.11.2015 um 14:24 schrieb Rowland Penny:> On 30/11/15 12:35, Lars Hanke wrote: >> Thanks Rowland, for the thoughts. >> >> > If you are running Samba4 as an AD DC, you should never start the nmbd >> > deamon, you should also never start smbd manually. >> >> Yes, I could optimize to use /etc/init.d/samba-ad-dc immediately,but >> in fact this is what /etc/init.d/samba does. The messages with "AD DC >> daemon" are generated by that script, and it is the failing one. > > Yes, you are correct running /etc/init.d/samba does run samba-ad-dc, but > I still wouldn't run it, this is part of that script: > > case $1 in > start) > /etc/init.d/nmbd start > /etc/init.d/smbd start > /etc/init.d/samba-ad-dc start > ;; > > So, it checks if it should start nmbd, exits because it shouldn't, > checks if it should start smbd, exits because it shouldn't, it then > checks if it should start samba and because it should, it does. > > Why bother with all the above, just use samba-ad-dc instead. > >> >> > What you are trying to do is, in my opinion, the wrong way to go about >> > fixing the problem, you really should try to ascertain why you are >> > losing sync. >> >> Agreed. But I've no idea how to troubleshoot that issue. Any help on >> fixing the cause is also appreciated. >> >> > > You are going to have to supply more info, is there anything in the logs > when replication fails? > If not, try raising the log level until you do get something. > > Rowland > >> Am 30.11.2015 um 12:13 schrieb Rowland Penny: >>> On 30/11/15 10:01, Lars Hanke wrote: >>>> For some reason my secondary DC loses sync every once in a while. It >>>> looks like this in samba-tool drs showrepl: >>>> >>>> Last attempt @ Thu Nov 19 13:53:09 2015 CET failed, result 5 >>>> (WERR_ACCESS_DENIED) >>>> 229 consecutive failure(s). >>>> Last success @ Wed Nov 18 18:48:07 2015 CET >>>> >>>> Restarting samba fixes the issue for an unpredictable time. Sometimes >>>> hours, sometimes many weeks. So I wrote a script to restart samba in >>>> this case: >>>> >>>> #!/bin/bash >>>> # >>>> # Check if samba replication broke down and restart samba in this case >>>> # >>>> SAMBA_TOOL=/usr/bin/samba-tool >>>> SED=/bin/sed >>>> MAIL=/usr/bin/mail >>>> RM=/bin/rm >>>> MKTMP=/bin/mktemp >>>> >>>> FAIL=`$SAMBA_TOOL drs showrepl | $SED -n "/^\s*[1-9][0-9]* consecutive >>>> failure(s)\.$/p"` >>>> >>>> if [[ -n "$FAIL" ]]; then >>>> TMP=$($MKTMP) >>>> $SAMBA_TOOL drs showrepl > "$TMP" >>>> echo "Restart ..." >> "$TMP" >>>> /etc/init.d/samba restart >> "$TMP" >>>> echo "... done!" >> "$TMP" >>>> $MAIL -s 'DC2 restart' sysop at example.com < "$TMP" >>>> $RM -f "$TMP" >>>> fi >>>> >>>> And it works perfectly, if I run it manually. However, the idea is to >>>> run it by cron every 5 minutes. But when it's run from cron restarting >>>> samba fails: >>>> >>>> Restart ... >>>> Stopping NetBIOS name server: nmbd. >>>> Stopping SMB/CIFS daemon: smbd. >>>> Stopping Samba AD DC daemon: samba. >>>> Starting Samba AD DC daemon: samba failed! >>>> ... done! >>> >>> I think you may be using the wrong start/stop/restart init script. On >>> Debian there are usually 4 samba init scripts: >>> >>> nmbd >>> smbd >>> samba >>> samba-ad-dc >>> >>> There is also the winbind init script, but this will only be installed >>> if you are using winbind i.e. on a domain member >>> >>> The nmbd & smbd init scripts are there to start and stop the individual >>> deamons, the samba init script runs both of the nmbd & smbd init >>> scripts, samba-ad-dc starts/stops the samba deamon, which will then >>> start the smbd deamon. >>> >>> If you are running Samba4 as an AD DC, you should never start the nmbd >>> deamon, you should also never start smbd manually. >>> >>> What you are trying to do is, in my opinion, the wrong way to go about >>> fixing the problem, you really should try to ascertain why you are >>> losing sync. >>> >>> Rowland >>> >>>> >>>> Running the same script manually from a root shell works however fine. >>>> >>>> The system is Debian Jessie using samba 4.1.17-Debian. I start the >>>> script using the following entry in root's crontab: >>>> >>>> */5 * * * * /root/samba-restart.sh >>>> >>>> Any ideas what I'm doing wrong? >>>> >>>> Thanks for your help, >>>> - lars. >>>> >>> >>> >> >> > >