Tom Cannaerts - INTRACTO
2017-Jan-02 12:22 UTC
[Samba] AD Replication issues due to lingering objects
We're using the Debian 8 repository version, which is 4.2.14 Tom Op ma 2 jan. 2017 om 13:15 schreef Rowland Penny via samba < samba at lists.samba.org>:> On Mon, 02 Jan 2017 11:30:44 +0000 > Tom Cannaerts - INTRACTO via samba <samba at lists.samba.org> wrote: > > > We are trying to migrate away from out Windows 2008 R2 server to a > > Samba based DC. At this point we have both the Windows server as a > > Samba server as DC in the domain. After a while, we noticed that > > changes from the Samba server were not replicated to the Windows > > machine. Further investigation show that there are 2 lingering > > objects that prevent replication, and it has been for quite a while. > > > > The various procedures on the Microsoft site to remove the lingering > > objects don't work against the Samba DC. > > eg. repadmin /removelingeringobjects on the objects gives following > > error, and no usefull information was found on Google: > > > > DsReplicaVerifyObjectsW() failed with status 1745 (0x6d1): > > The procedure number is out of range. > > > > I also disabled the Strict Replication Consistency on the Windows DC, > > so that the object would be recreated and rereplicated, but that > > doesn't help either. The eventlog says it's going to re-request the > > object from the other DC as it doesn't have enough attribute > > information to recreate it, but the object doesn't exists anymore on > > the other DC. > > > > So basically, I'm looking for a solution that can solve this problem. > > > > Can demoting and re-promoting the Samba DC solve this problem? If so, > > is it as simple as running samba-tool domain demote on the samba DC > > and afterwards running samba-tool domain join again? > > > > Tom > > What version of Samba are you using ? > 'samba-tool dbcheck' has been improved lately, perhaps upgrading could > fix your problem. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Met vriendelijke groeten, Tom Cannaerts *Service and MaintenanceIntracto - digital agency* Zavelheide 15 - 2200 Herentals Tel: +32 14 28 29 29 www.intracto.com Ben je tevreden over deze e-mail? <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5> <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4> <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3> <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2> <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
Rowland Penny
2017-Jan-02 14:31 UTC
[Samba] AD Replication issues due to lingering objects
On Mon, 02 Jan 2017 12:22:07 +0000 Tom Cannaerts - INTRACTO <tom.cannaerts at intracto.com> wrote:> We're using the Debian 8 repository version, which is 4.2.14 > > Tom > >I don't know if you can/want to use them, but one of the regular posters on this list, Louis Van Belle, maintains his own version of the latest samba debs for Jessie here: https://downloads.van-belle.nl/samba4/samba-4.5.3/ Rowland
Tom Cannaerts - INTRACTO
2017-Jan-03 21:01 UTC
[Samba] AD Replication issues due to lingering objects
Do you tnink I can simply apt-get install from that repo to upgrade the
current samba?
Going down the demote/re-join route, I'm encountering problems demoting the
DC:
Deactivating inbound replication
Asking partner server DC1.mydomain.local to synchronize from us
Error while demoting, re-enabling inbound replication
ERROR(<class 'samba.drs_utils.drsException'>): Error while sending
a
DsReplicaSync for partion DC=mydomain,DC=local - drsException:
DsReplicaSync failed (8240, 'WERR_DS_NO_SUCH_OBJECT')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
712,
in run
sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
drsuapi.DRSUAPI_DRS_WRIT_REP)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83,
in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
What are the steps to force the DC2 (samba) server to forget about
everything and get it in a state where I can re-join it to the domain as a
domaincontroller? I can remove the DC from the AD using a metadata cleanup
on the Windows DC, but what do I need to do on the samba server? There's
more on that server, so I can't just destroy it and install it from
scratch.
Op ma 2 jan. 2017 om 15:35 schreef Rowland Penny via samba <
samba at lists.samba.org>:
On Mon, 02 Jan 2017 12:22:07 +0000
Tom Cannaerts - INTRACTO <tom.cannaerts at intracto.com> wrote:
> We're using the Debian 8 repository version, which is 4.2.14
>
> Tom
>
>
I don't know if you can/want to use them, but one of the regular posters
on this list, Louis Van Belle, maintains his own version of the latest
samba debs for Jessie here:
https://downloads.van-belle.nl/samba4/samba-4.5.3/
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Met vriendelijke groeten,
Tom Cannaerts
*Service and MaintenanceIntracto - digital agency*
Zavelheide 15 - 2200 Herentals
Tel: +32 14 28 29 29
www.intracto.com
Ben je tevreden over deze e-mail?
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2>
<http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1>
L.P.H. van Belle
2017-Jan-04 08:52 UTC
[Samba] AD Replication issues due to lingering objects
Hai Tom, Sure, you can apt-get install from that repo. You have 3 options. 1) http://apt.van-belle.nl/ the apt repo. Use it like any apt repo. Info on the site. 2) http://downloads.van-belle.nl/samba4/samba-4.5.3/ and use the installer This is when you want to get packages localy in you network and when you want to keep one version, and/or distribute this internaly. The installer script takes care of most of this setup. It starts with a deb file://path_to_debs/ switch to http is easy done by. Installing apache2 ( or other webserver) and change file:// to http:// Do it yourself, make a deb. 3) Get the packages or sources from debian stretch and build them yourself, The debian TESTING/Stretch now 4.5.2-2 version = samba 4.5.3 How are my packages build? Same way as the backported packages, in a pbuilder environment. Only these 4.5.3, i build myself, at that time there was no debian package. Normaly i follow the TESTING (stretch) packages for rebuilding exept in case of security fixes. When are packages going in the repo? After i've tested them in my office network and when im in production with these for at least a week. Only then i upgrade the repo packages. When dont you want to use my repo. If you want to stay in one version, like now with debian the 4.2.x line and you dont keep track of samba changes smb.conf. The defaults have changed a lot since 4.2.10. These "behaivor changes" is what is keeping samba at 4.2.x in debian. A logical choice but some like me wanted new futures, which are in 4.5.x and i saw a few bug fixes which i wanted in 4.5.3. This is why i build my own. The next apt repo update will be after a security update of if there are really annoying bugs fixed or after tracking the samba list messages and something special comes up. But with any repo update i post it also on the list. Handy things. Read the http://downloads.van-belle.nl/samba4/README.txt this one has good info about the builds. The http://downloads.van-belle.nl/samba4/Upgrade-info.txt contains the change history, this is same as on the samba.org site, so all credits to the samba dev here, i just summeraized the changes. current-packages-in-apt.txt says what it is. The apt packages listed in the apt repo. Good lock and if you have questions, just ask. Preffered through the samba list. Greetz, Louis GPG Key fingerprint = 3843 C126 C596 738E 7C87 75B5 E6F6 A3C7 EB7A 89CF> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Tom Cannaerts - > INTRACTO via samba > Verzonden: dinsdag 3 januari 2017 22:02 > Aan: Rowland Penny; samba at lists.samba.org > Onderwerp: Re: [Samba] AD Replication issues due to lingering objects > > Do you tnink I can simply apt-get install from that repo to upgrade the > current samba? > > Going down the demote/re-join route, I'm encountering problems demoting > the > DC: > > Deactivating inbound replication > Asking partner server DC1.mydomain.local to synchronize from us > Error while demoting, re-enabling inbound replication > ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a > DsReplicaSync for partion DC=mydomain,DC=local - drsException: > DsReplicaSync failed (8240, 'WERR_DS_NO_SUCH_OBJECT') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 712, > in run > sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part), > drsuapi.DRSUAPI_DRS_WRIT_REP) > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in > sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > What are the steps to force the DC2 (samba) server to forget about > everything and get it in a state where I can re-join it to the domain as a > domaincontroller? I can remove the DC from the AD using a metadata cleanup > on the Windows DC, but what do I need to do on the samba server? There's > more on that server, so I can't just destroy it and install it from > scratch. > > > Op ma 2 jan. 2017 om 15:35 schreef Rowland Penny via samba < > samba at lists.samba.org>: > > On Mon, 02 Jan 2017 12:22:07 +0000 > Tom Cannaerts - INTRACTO <tom.cannaerts at intracto.com> wrote: > > > We're using the Debian 8 repository version, which is 4.2.14 > > > > Tom > > > > > > I don't know if you can/want to use them, but one of the regular posters > on this list, Louis Van Belle, maintains his own version of the latest > samba debs for Jessie here: > > https://downloads.van-belle.nl/samba4/samba-4.5.3/ > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > Met vriendelijke groeten, > Tom Cannaerts > > > *Service and MaintenanceIntracto - digital agency* > > Zavelheide 15 - 2200 Herentals > Tel: +32 14 28 29 29 > www.intracto.com > > > Ben je tevreden over deze e-mail? > > <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=5> > <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=4> > <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=3> > <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=2> > <http://www.intracto.com/feedback?user=tom.cannaerts&response_code=1> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba