thr3ads.net - samba - [Samba] samba-tool domain join DC hangs [Sep 2016]

If this information is useful, please help other people find it:
Share via:

Heinz Hölzl

2016-Sep-28 13:33 UTC

[Samba] samba-tool domain join DC hangs

Hi list,

i removed my second DC from the domain, and now the re-join as DC hangs.

the join hangs now for ca. 2 hours at the step "Committing SAM
database"

version: samba 4.5.0 on ubuntu 14.04


with a "strace -p " i see this:

strace -p 1793
Process 1793 attached
brk(0x35e18000)                         = 0x35e18000
brk(0x35e39000)                         = 0x35e39000
brk(0x35e5a000)                         = 0x35e5a000
brk(0x35e7b000)                         = 0x35e7b000
brk(0x35e9c000)                         = 0x35e9c000
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
--- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---



my smb.conf:

# Global parameters
[global]
	bind interfaces only = Yes
	interfaces = lo eth0 eth2
	netbios name = DC1
	realm = EXAMPLE.NET
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
	workgroup = EXAMPLE
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes
	comment = 
	template homedir = /home/%U
 	template shell = /bin/bash
	ldap server require strong auth = No


[netlogon]
	path = /srv/samba/var/locks/sysvol/example.net/scripts
	read only = No

[sysvol]
	path = /srv/samba/var/locks/sysvol
	read only = No


samba-tool domain join example.net DC --option="interfaces=lo eth0"
--option="bind interfaces only"=yes --realm=example.net
--dns-backend=BIND9_DLZ -Uadministrator
Finding a writeable DC for domain 'example.net'
Found DC dc1.example.net
Password for [EXAMPLE\administrator]:
workgroup is EXAMPLE
realm is example.net
Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
Setting account password for DC2$
Enabling account
Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
Setting account password for dns-DC2
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/srv/samba/private/krb5.conf
Provision OK for domain DN DC=example,DC=net
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1206/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1550/1550]
linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=example,DC=net] objects[402/1628]
linked_values[0/0]
Partition[CN=Configuration,DC=example,DC=net] objects[804/1628]
linked_values[0/0]
Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628]
linked_values[0/0]
Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628]
linked_values[0/0]
Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628]
linked_values[30/0]
Replicating critical objects from the base DN of the domain
Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]

Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=example,DC=net
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122]
linked_values[0/0]
Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=example,DC=net
Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22] linked_values[0/0]
Committing SAM database



can someone help me please?

regards,
heinz

Heinz Hölzl

2016-Sep-28 14:22 UTC

head link

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

hi again,

now the join finished 

but ... i have a high CPU load caused by a samba-process. Samba is consuming
100% of one CPU and the replication fails.

Is my AD to large????





root at dc2:# samba-tool drs showrepl
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805

==== INBOUND NEIGHBORS ===
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The
operation cannot be performed.')



root at dc1:~#  samba-tool drs showrepl
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483

==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=example,DC=net
	Default-First-Site-Name\DC2 via RPC
		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
		30 consecutive failure(s).
		Last success @ NTTIME(0)

DC=DomainDnsZones,DC=example,DC=net
	Default-First-Site-Name\DC2 via RPC
		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
		30 consecutive failure(s).
		Last success @ NTTIME(0)

DC=example,DC=net
	Default-First-Site-Name\DC2 via RPC
		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
		30 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=example,DC=net
	Default-First-Site-Name\DC2 via RPC
		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
		30 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Configuration,DC=example,DC=net
	Default-First-Site-Name\DC2 via RPC
		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2 (WERR_BADFILE)
		30 consecutive failure(s).
		Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ===
==== KCC CONNECTION OBJECTS ===
Connection --
	Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
	Enabled        : TRUE
	Server DNS name : dc2.example.net
	Server DN name  : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!





 

regards,
heinz
 > Hi list,
> 
> i removed my second DC from the domain, and now the re-join as DC hangs.
> 
> the join hangs now for ca. 2 hours at the step "Committing SAM
database"
> 
> version: samba 4.5.0 on ubuntu 14.04
> 
> 
> with a "strace -p " i see this:
> 
> strace -p 1793
> Process 1793 attached
> brk(0x35e18000)                         = 0x35e18000
> brk(0x35e39000)                         = 0x35e39000
> brk(0x35e5a000)                         = 0x35e5a000
> brk(0x35e7b000)                         = 0x35e7b000
> brk(0x35e9c000)                         = 0x35e9c000
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
> 
> 
> 
> my smb.conf:
> 
> # Global parameters
> [global]
> 	bind interfaces only = Yes
> 	interfaces = lo eth0 eth2
> 	netbios name = DC1
> 	realm = EXAMPLE.NET
> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
> 	workgroup = EXAMPLE
> 	server role = active directory domain controller
> 	idmap_ldb:use rfc2307 = yes
> 	comment = 
> 	template homedir = /home/%U
>  	template shell = /bin/bash
> 	ldap server require strong auth = No
> 
> 
> [netlogon]
> 	path = /srv/samba/var/locks/sysvol/example.net/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /srv/samba/var/locks/sysvol
> 	read only = No
> 
> 
> samba-tool domain join example.net DC --option="interfaces=lo
eth0" --option="bind interfaces only"=yes --realm=example.net
--dns-backend=BIND9_DLZ -Uadministrator
> Finding a writeable DC for domain 'example.net'
> Found DC dc1.example.net
> Password for [EXAMPLE\administrator]:
> workgroup is EXAMPLE
> realm is example.net
> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
> Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
> Setting account password for DC2$
> Enabling account
> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
> Setting account password for dns-DC2
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba 4 has been generated at
/srv/samba/private/krb5.conf
> Provision OK for domain DN DC=example,DC=net
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[402/1550]
linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[804/1550]
linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1206/1550]
linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net] objects[1550/1550]
linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628]
linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628]
linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628]
linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628]
linked_values[0/0]
> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628]
linked_values[30/0]
> Replicating critical objects from the base DN of the domain
> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
> 
> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=example,DC=net
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122]
linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122]
linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=example,DC=net
> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22]
linked_values[0/0]
> Committing SAM database
> 
> 
> 
> can someone help me please?
> 
> regards,
> heinz
> 
>

Denis Cardon

2016-Sep-28 15:17 UTC

head link

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

Hi Heinz,
> now the join finished
>
> but ... i have a high CPU load caused by a samba-process. Samba is
consuming 100% of one CPU and the replication fails.
you have quite a few objects (>12000) in you main partition. Do you have 
a large group with all those objects inside? The commit of large group 
used to result in very very long commit time. There should have been 
some improvement in 4.5 though.

One way to join faster is to add the --domain-critical-only. It will 
sync only the necessary objects during the join, then after first samba 
startup it will start replicating objects. Actually it is not solution 
to the problem, it just move the problem a little bit downstream, so you 
can have more debug options.
> Is my AD to large????
no

Cheers,

Denis

>
>
>
>
>
> root at dc2:# samba-tool drs showrepl
> Default-First-Site-Name\DC2
> DSA Options: 0x00000001
> DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805
>
> ==== INBOUND NEIGHBORS ===>
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The
operation cannot be performed.')
>
>
>
> root at dc1:~#  samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
> DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483
>
> ==== INBOUND NEIGHBORS ===>
> DC=ForestDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ===>
> ==== KCC CONNECTION OBJECTS ===>
> Connection --
> 	Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
> 	Enabled        : TRUE
> 	Server DNS name : dc2.example.net
> 	Server DN name  : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> 		TransportType: RPC
> 		options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
>
>
>
>
> regards,
> heinz
>
>> Hi list,
>>
>> i removed my second DC from the domain, and now the re-join as DC
hangs.
>>
>> the join hangs now for ca. 2 hours at the step "Committing SAM
database"
>>
>> version: samba 4.5.0 on ubuntu 14.04
>>
>>
>> with a "strace -p " i see this:
>>
>> strace -p 1793
>> Process 1793 attached
>> brk(0x35e18000)                         = 0x35e18000
>> brk(0x35e39000)                         = 0x35e39000
>> brk(0x35e5a000)                         = 0x35e5a000
>> brk(0x35e7b000)                         = 0x35e7b000
>> brk(0x35e9c000)                         = 0x35e9c000
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>>
>>
>>
>> my smb.conf:
>>
>> # Global parameters
>> [global]
>> 	bind interfaces only = Yes
>> 	interfaces = lo eth0 eth2
>> 	netbios name = DC1
>> 	realm = EXAMPLE.NET
>> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
>> 	workgroup = EXAMPLE
>> 	server role = active directory domain controller
>> 	idmap_ldb:use rfc2307 = yes
>> 	comment >> 	template homedir = /home/%U
>>  	template shell = /bin/bash
>> 	ldap server require strong auth = No
>>
>>
>> [netlogon]
>> 	path = /srv/samba/var/locks/sysvol/example.net/scripts
>> 	read only = No
>>
>> [sysvol]
>> 	path = /srv/samba/var/locks/sysvol
>> 	read only = No
>>
>>
>> samba-tool domain join example.net DC --option="interfaces=lo
eth0" --option="bind interfaces only"=yes --realm=example.net
--dns-backend=BIND9_DLZ -Uadministrator
>> Finding a writeable DC for domain 'example.net'
>> Found DC dc1.example.net
>> Password for [EXAMPLE\administrator]:
>> workgroup is EXAMPLE
>> realm is example.net
>> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Setting account password for DC2$
>> Enabling account
>> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
>> Setting account password for dns-DC2
>> Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> A Kerberos configuration suitable for Samba 4 has been generated at
/srv/samba/private/krb5.conf
>> Provision OK for domain DN DC=example,DC=net
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[402/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[804/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[1206/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[1550/1550] linked_values[0/0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628]
linked_values[30/0]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
>>
>> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=example,DC=net
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122]
linked_values[0/0]
>> Replicating DC=ForestDnsZones,DC=example,DC=net
>> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22]
linked_values[0/0]
>> Committing SAM database
>>
>>
>>
>> can someone help me please?
>>
>> regards,
>> heinz
>>
>>
>
>
>
-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Denis Cardon

2016-Sep-28 15:36 UTC

head link

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

Hi Heinz,
> now the join finished
>
> but ... i have a high CPU load caused by a samba-process. Samba is
consuming 100% of one CPU and the replication fails.
you have quite a few objects (>12000) in you main partition. Do you have 
a large group with all those objects inside? The commit of large group 
used to result in very very long commit time. There should have been 
some improvement in 4.5 though.

One way to join faster is to add the --domain-critical-only. It will 
sync only the necessary objects during the join, then after first samba 
startup it will start replicating objects. Actually it is not solution 
to the problem, it just move the problem a little bit downstream, so you 
can have more debug options.
> Is my AD to large????
no

Cheers,

Denis

>
>
>
>
>
> root at dc2:# samba-tool drs showrepl
> Default-First-Site-Name\DC2
> DSA Options: 0x00000001
> DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> DSA invocationId: 49a80da8-975f-49ef-834b-224b2bbf0805
>
> ==== INBOUND NEIGHBORS ===>
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The
operation cannot be performed.')
>
>
>
> root at dc1:~#  samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 3b97b772-7006-4e18-b572-e05932f63986
> DSA invocationId: 84cac16c-79dd-4949-8a0f-e0638b251483
>
> ==== INBOUND NEIGHBORS ===>
> DC=ForestDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> CN=Configuration,DC=example,DC=net
> 	Default-First-Site-Name\DC2 via RPC
> 		DSA object GUID: e9d31c7e-acb3-4473-823a-39b06ab9fa95
> 		Last attempt @ Wed Sep 28 16:15:13 2016 CEST failed, result 2
(WERR_BADFILE)
> 		30 consecutive failure(s).
> 		Last success @ NTTIME(0)
>
> ==== OUTBOUND NEIGHBORS ===>
> ==== KCC CONNECTION OBJECTS ===>
> Connection --
> 	Connection name: 3005b361-e2ec-465c-92f1-620c8d0b0bec
> 	Enabled        : TRUE
> 	Server DNS name : dc2.example.net
> 	Server DN name  : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
> 		TransportType: RPC
> 		options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
>
>
>
>
> regards,
> heinz
>
>> Hi list,
>>
>> i removed my second DC from the domain, and now the re-join as DC
hangs.
>>
>> the join hangs now for ca. 2 hours at the step "Committing SAM
database"
>>
>> version: samba 4.5.0 on ubuntu 14.04
>>
>>
>> with a "strace -p " i see this:
>>
>> strace -p 1793
>> Process 1793 attached
>> brk(0x35e18000)                         = 0x35e18000
>> brk(0x35e39000)                         = 0x35e39000
>> brk(0x35e5a000)                         = 0x35e5a000
>> brk(0x35e7b000)                         = 0x35e7b000
>> brk(0x35e9c000)                         = 0x35e9c000
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>> --- SIGWINCH {si_signo=SIGWINCH, si_code=SI_KERNEL} ---
>>
>>
>>
>> my smb.conf:
>>
>> # Global parameters
>> [global]
>> 	bind interfaces only = Yes
>> 	interfaces = lo eth0 eth2
>> 	netbios name = DC1
>> 	realm = EXAMPLE.NET
>> 	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
>> 	workgroup = EXAMPLE
>> 	server role = active directory domain controller
>> 	idmap_ldb:use rfc2307 = yes
>> 	comment >> 	template homedir = /home/%U
>>  	template shell = /bin/bash
>> 	ldap server require strong auth = No
>>
>>
>> [netlogon]
>> 	path = /srv/samba/var/locks/sysvol/example.net/scripts
>> 	read only = No
>>
>> [sysvol]
>> 	path = /srv/samba/var/locks/sysvol
>> 	read only = No
>>
>>
>> samba-tool domain join example.net DC --option="interfaces=lo
eth0" --option="bind interfaces only"=yes --realm=example.net
--dns-backend=BIND9_DLZ -Uadministrator
>> Finding a writeable DC for domain 'example.net'
>> Found DC dc1.example.net
>> Password for [EXAMPLE\administrator]:
>> workgroup is EXAMPLE
>> realm is example.net
>> Adding CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=net
>> Adding SPNs to CN=DC2,OU=Domain Controllers,DC=example,DC=net
>> Setting account password for DC2$
>> Enabling account
>> Adding DNS account CN=dns-DC2,CN=Users,DC=example,DC=net with dns/ SPN
>> Setting account password for dns-DC2
>> Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> A Kerberos configuration suitable for Samba 4 has been generated at
/srv/samba/private/krb5.conf
>> Provision OK for domain DN DC=example,DC=net
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[402/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[804/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[1206/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=net]
objects[1550/1550] linked_values[0/0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=example,DC=net] objects[402/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[804/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1206/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1608/1628]
linked_values[0/0]
>> Partition[CN=Configuration,DC=example,DC=net] objects[1628/1628]
linked_values[30/0]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1402/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[98/98] linked_values[679/0]
>>
>> Partition[DC=example,DC=net] objects[500/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[902/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1304/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[1706/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2108/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2510/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[2912/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3314/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[3716/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4118/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4520/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[4922/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5324/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[5726/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6128/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6530/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[6932/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7334/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[7736/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8138/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8540/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[8942/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9344/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[9746/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10148/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10550/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[10952/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11354/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[11756/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12158/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12560/12791] linked_values[0/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1171/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[1500/0]
>> Partition[DC=example,DC=net] objects[12889/12791] linked_values[405/0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=example,DC=net
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[402/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[804/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1206/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[1608/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2010/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2412/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[2814/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3216/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[3618/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4020/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4422/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[4824/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5226/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[5628/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6030/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6432/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[6834/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7236/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[7638/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8040/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8442/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[8844/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9246/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[9648/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10050/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10452/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[10854/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11256/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[11658/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12060/12122]
linked_values[0/0]
>> Partition[DC=DomainDnsZones,DC=example,DC=net] objects[12122/12122]
linked_values[0/0]
>> Replicating DC=ForestDnsZones,DC=example,DC=net
>> Partition[DC=ForestDnsZones,DC=example,DC=net] objects[22/22]
linked_values[0/0]
>> Committing SAM database
>>
>>
>>
>> can someone help me please?
>>
>> regards,
>> heinz
>>
>>
>
>
>
-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Maybe Matching Threads

Search for more apparently analagous threads

samba - Sep 2016 - samba-tool domain join DC hangs

[Samba] samba-tool domain join DC hangs

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

[Samba] ?==?utf-8?q? samba-tool domain join DC hangs

Maybe Matching Threads