samba - Feb 2020 - Pc's not added (shown) to AD after remove and re-add.

Hai, 
?
After some "strange" pc problems with pc-domain trust i did some
digging.
Im pretty sure this is a samba bug, if someone can verify this. 
?
My steps. 
?
- Setup a win10 pc, static ip. 
- Join the domain. 
?
And its shown in AD and DNS. 
Turn of the pc. 
?
but, now next, set a new pc, use the same name but a different IP. 
join the domain. 
login and turn the pc offf 
?
Back to pc1. turn it on, your unable to login, the pc compains about its domain
trust.
Login as admin, remove the pc from the domain. 
?
i cleanup/checked where needed in AD and DNS if the old pc name and IP did
exist, but no, its clean (looks like it).
?
As of here i changed the pc name and ipnumbers to the correct ones. 
?
i now rejoin both pc's again. 
?
1 pc works 1 not. 
?
The one that does not work is the one if i lookup in the DNS and AD again,
Its just not there but the use is able to login. 
?
So, i wanted to clean up AD. 
samba-tool domain tombstones expunge
Removed 0 objects and 0 links successfully

? 0 removed... and im pretty sure i remove about 5 pc's from the domain
today.
?
samba-tool dbcheck
Checking 903 objects
Checked 903 objects (0 errors)

samba-tool dbcheck --cross-nc
Checking 5135 objects
Checked 5135 objects (0 errors)

?
if someone is able to verify this, i'll report it in bugzilla. 
?
My setup, Debian Buster Samba 4.11.6. 
AD-DC + Bind9_DLZ.
?
Greetz, 
?
Louis
?

Ok, after rebooting the AD-DC's 

The missing pc showed up. 
Still bit funky this. 

I keep you guys informed of my findings. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: maandag 24 februari 2020 13:45
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Pc's not added (shown) to AD after remove 
> and re-add.
> 
> Hai, 
> ?
> After some "strange" pc problems with pc-domain trust i did 
> some digging. 
> Im pretty sure this is a samba bug, if someone can verify this. 
> ?
> My steps. 
> ?
> - Setup a win10 pc, static ip. 
> - Join the domain. 
> ?
> And its shown in AD and DNS. 
> Turn of the pc. 
> ?
> but, now next, set a new pc, use the same name but a different IP. 
> join the domain. 
> login and turn the pc offf 
> ?
> Back to pc1. turn it on, your unable to login, the pc 
> compains about its domain trust. 
> Login as admin, remove the pc from the domain. 
> ?
> i cleanup/checked where needed in AD and DNS if the old pc 
> name and IP did exist, but no, its clean (looks like it). 
> ?
> As of here i changed the pc name and ipnumbers to the correct ones. 
> ?
> i now rejoin both pc's again. 
> ?
> 1 pc works 1 not. 
> ?
> The one that does not work is the one if i lookup in the DNS 
> and AD again,
> Its just not there but the use is able to login. 
> ?
> So, i wanted to clean up AD. 
> samba-tool domain tombstones expunge
> Removed 0 objects and 0 links successfully
> 
> ? 0 removed... and im pretty sure i remove about 5 pc's from 
> the domain today. 
> ?
> samba-tool dbcheck
> Checking 903 objects
> Checked 903 objects (0 errors)
> 
> samba-tool dbcheck --cross-nc
> Checking 5135 objects
> Checked 5135 objects (0 errors)
> 
> ?
> if someone is able to verify this, i'll report it in bugzilla. 
> ?
> My setup, Debian Buster Samba 4.11.6. 
> AD-DC + Bind9_DLZ.
> ?
> Greetz, 
> ?
> Louis
> ?
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

On 24/02/2020 12:44, L.P.H. van Belle via samba wrote:
> Hai,
>   
> After some "strange" pc problems with pc-domain trust i did some
digging.
> Im pretty sure this is a samba bug, if someone can verify this.
Possibly, but then again it might be a Windows bug.
> My steps.
>   
> - Setup a win10 pc, static ip.
> - Join the domain.
>   
> And its shown in AD and DNS.
> Turn of the pc.
>   
> but, now next, set a new pc, use the same name but a different IP.
> join the domain.
> login and turn the pc offf
>   
> Back to pc1. turn it on, your unable to login, the pc compains about its
domain trust.
> Login as admin, remove the pc from the domain.
If there is a bug, this is where it is. You shouldn't be able to join 
two machines with the same name (even if they do have different
IPs).
> So, i wanted to clean up AD.
> samba-tool domain tombstones expunge
> Removed 0 objects and 0 links successfully
>
> ? 0 removed... and im pretty sure i remove about 5 pc's from the domain
today.
>   
Try adding '--tombstone-lifetime=1' to the expunge command.

Rowland

Hai Rowland, 

samba-tool domain tombstones expunge --tombstone-lifetime=1
Removed 37 objects and 13 links successfully 

:-) Your the man.. again.. :-) 

Why o why did i not check : 
samba-tool domain tombstones expunge -h 

Thank Rowland for re-freshing my mind. ;-) 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: maandag 24 februari 2020 14:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Pc's not added (shown) to AD after 
> remove and re-add.
> 
> On 24/02/2020 12:44, L.P.H. van Belle via samba wrote:
> > Hai,
> >   
> > After some "strange" pc problems with pc-domain trust i did 
> some digging.
> > Im pretty sure this is a samba bug, if someone can verify this.
> Possibly, but then again it might be a Windows bug.
> > My steps.
> >   
> > - Setup a win10 pc, static ip.
> > - Join the domain.
> >   
> > And its shown in AD and DNS.
> > Turn of the pc.
> >   
> > but, now next, set a new pc, use the same name but a different IP.
> > join the domain.
> > login and turn the pc offf
> >   
> > Back to pc1. turn it on, your unable to login, the pc 
> compains about its domain trust.
> > Login as admin, remove the pc from the domain.
> If there is a bug, this is where it is. You shouldn't be able to join 
> two machines with the same name (even if they do have different IPs).
> > So, i wanted to clean up AD.
> > samba-tool domain tombstones expunge
> > Removed 0 objects and 0 links successfully
> >
> > ? 0 removed... and im pretty sure i remove about 5 pc's 
> from the domain today.
> >   
> 
> Try adding '--tombstone-lifetime=1' to the expunge command.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

On 24/02/2020 13:27, L.P.H. van Belle via samba wrote:
> Hai Rowland,
>
> samba-tool domain tombstones expunge --tombstone-lifetime=1
> Removed 37 objects and 13 links successfully
>
> :-) Your the man.. again.. :-)
>
> Why o why did i not check :
> samba-tool domain tombstones expunge -h
>
> Thank Rowland for re-freshing my mind. ;-)
And for extra brownie points, I found this:

https://serverfault.com/questions/354630/block-computer-from-joining-a-domain-if-it-has-the-same-name-as-another-computer

I think that explains just what is going on.

Rowland

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: maandag 24 februari 2020 14:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Pc's not added (shown) to AD after 
> remove and re-add.
> 
> On 24/02/2020 13:27, L.P.H. van Belle via samba wrote:
> > Hai Rowland,
> >
> > samba-tool domain tombstones expunge --tombstone-lifetime=1
> > Removed 37 objects and 13 links successfully
> >
> > :-) Your the man.. again.. :-)
> >
> > Why o why did i not check :
> > samba-tool domain tombstones expunge -h
> >
> > Thank Rowland for re-freshing my mind. ;-)
> 
> And for extra brownie points, I found this:
> 
> https://serverfault.com/questions/354630/block-computer-from-j
> oining-a-domain-if-it-has-the-same-name-as-another-computer
> 
> I think that explains just what is going on.
Yes, it did look like that, but i found a problem pc's.
 2 with same names and 2 others with same ip. 

Thats what happens if you set people to work and they are distracted and dont
checkmarkt there steps.
But fixed now, users happy again. 

Thanks! 


Greetz, 

Louis