Louis, Upgraded to 4.13 and running "samba-check-db-repl.sh" exits with: "No Samba NT DOMAIN Name found exitting now...: Complete output:> #!/bin/bash -v > > ## > ## Version : 1.0.8 > ## release d.d. : 24-03-2015 > ## Author : L. van Belle > ## E-mail : louis at van-belle.nl > ## Copyright : Free as free can be, copy it, change it if needed. > ## Sidenote : if you change things, please inform me > ## ChangeLog : first release d.d. 23-03-2015 > ## 24-03-2015 : 1.0.2 few small changes, thanks Rowland for the > suggestions. > ## 22-04-2015 : 1.0.3 moved mailx part within check if an e-mail adres > is used. > ## 24-04-2015 : 1.0.4 added extra check, so if no is if found, you get > an error message and not a python error. > ## 21-11-2016 : 1.0.5 extra filter options. ( samba 4.5.x needs > adjusting ) > ## ( removed the . in the hostname resolving for the DCS, this was no > error, but its more clear what people want to see ) > ## 12-02-2018 : 1.0.6 fix the test for presence of "FAILURE" will be > true even if the actual result is "successful". > ## 13-02-2018 : 1.0.7 fix filter, variable was not used. optimized code, > remove ^M. > ## 30-01-2019 : 1.0.8 change filter defaults to whenChanged,dc,DC,cn,CN > > ## Samba database checker. ( samba 4.1-4.8 tested) > ## This script wil check for error in the samba databases with samba-tool > ## If needed adjust it to your os needs. > > ## !! Warning, samba 4.5.0 - 4.5.1 errors about cn CN ou OU differences. > ## This is a samba bug : https://bugzilla.samba.org/show_bug.cgi?id=12399 > # you may need to adjust the filter options below. (SAMBA_LDAPCMD_FILTER) > > ## NOTICE !! This script does only work with samba DC's > ## A samba DC + Windows DC wont work and is not tested, if you get that to > work, > ## please share the code ;-) > > ## Howto use it: > ## Put it on any samba4 DC and run it. > ## if you put it in a cron job, > ## set the mail report adres and put in the password for Administrator > ## and set the relayhost. > ## Test it, by remove-ing the email adres at EMAIL_REPORT_ADRES > ## and you get a console output of the checks. > ## Thats it, enjoy.. > ## All other settings are optional.. > > ## Only tested with user "Administrator".. best is not to change this. > SAMBA_NT_ADMIN_USER="Administrator" > ## if empty the script wil ask for the pass.. > ## for running this with cron this is a must ! > SAMBA_NT_ADMIN_PASS="mypassword" > > ## perform 2 checkes by default for the database replication > ## keep both set to yes, thats the best. > SAMBA_CHECKDB_WITH_DRS="yes" > SAMBA_CHECKDB_WITH_LDAPCMD="yes" > ## Filter non-synced attributes > ## Change the filter to avoid mismatching, some items can be ignored. > ## Some examples. : > whenChanged,usnChanged,usnCreated,msDS-NcType,serverState > ## add them with "," seperated. > SAMBA_LDAPCMD_FILTER="whenChanged,dc,DC,cn,CN" > > # TODO, this one is not integrated yet! > ## Compare single AD partitions on Domain Controller DC1 and DC2: > ## You can compair also only one for more partitions in stead of the full > DB. > ## The options are : domain configuration schema dnsdomain dnsforest > ## Keep empty for full DB compair, or space separated partition options. > #SAMBA_LDAPCMD_PARTITIONS="" > > > ## The email adress to report to. > ## If you put an e-mail adres here the script wil also check for mail > tools.. etc > ## Email are only send when errors are found and no console output ! > ## if you want console put, dont put any email address here.. > EMAIL_REPORT_ADDRESS="myemailaddress" > > > ## Normaly only e-mail are send when errors are found, or set yes for > always email > EMAIL_REPORT_ALWAYS="no" > > ## I use postfix as relay host. ( set to run on localhost only) > ## Put here your mail relay host > ## hostname or hostname-fqdn or ip or ip:port are ok. > ## This is only used when NO sendmail program if found. > POSTFIX_RELAY_HOST="" > > ## postfix wil be automatily setup for your. > ## If you did already setup any mail server on the server or you are able > to mail > ## from this server with "mail" command, then this script does not install > postfix. > > ## cleanup the log in /tmp > ## can be handy if you want to review manualy. > SETREMOVELOG="no" > > ## So you reached the end for the configure.. > ## Set this one to yes.. and your good to go. > ####CONFIGURED="no" > CONFIGURED="yes" > > > ####################################################################### > ## DONT CHANGE BELOW Please, if you make changes, please share them. # > ####################################################################### > > ## hostname in single word, but you dont need to change this > SETHOSTNAME="$(hostname -s)" > ## domainname.tld, but if you installed correct, you dont need to change > this > SETDNSDOMAIN="$(hostname -d)" > ## hostname.domainname.tld, but if you installed correct, you dont need to > change this > SETFQDN="$(hostname -f)" > > > SETTPUT="$(which tput)" > if [ -z "${SETTPUT}" ]; then > echo "program tput not found, installing it now.. please wait" > apt-get update > /dev/null > apt-get install -y --no-install-recommends ncurses-bin > /dev/null > fi > > RED="$(${SETTPUT} setaf 1)" > NORMAL="$(${SETTPUT} sgr0)" > GREEN="$(${SETTPUT} setaf 2)" > YELLOW="$(${SETTPUT} setaf 3)" > UNDERLINE="$(${SETTPUT} smul)" > WHITE="$(${SETTPUT} setaf 7)" > BOLD="$(${SETTPUT} bold)" > > message() { > printf "%40s\n" "${WHITE}${BOLD}$*${NORMAL}" > } > good() { > printf "%40s\n" "${GREEN}$*${NORMAL}" > } > error() { > printf "%40s\n" "${RED}$*${NORMAL}" > } > warning() { > printf "%40s\n" "${YELLOW}$*${NORMAL}" > } > warning_underline() { > printf "%40s\n" "${YELLOW}${UNDERLINE}$*${NORMAL}" > } > > check_run_as_sudo_root() { > if ! [[ $EUID -eq 0 ]]; then > error "This script should be run using sudo or by root." > exit 1 > fi > } > configured_script() { > if [ "${CONFIGURED}" = "no" ]; then > error "####################################################" > error "You need to configure this script first to run it. " > echo " " > error "exiting script now... " > exit 0 > fi > } > > configured_script > check_run_as_sudo_root > > if [ $SAMBA_CHECKDB_WITH_DRS = "no" ] && [ ${SAMBA_CHECKDB_WITH_LDAPCMD} > "no" ] ; then > error "When you set both SAMBA_CHECKBD... to NO.. then there is no > point of running this script" > error "Please set at least 1 of these checks to yes" > error "exiting script now... " > exit 0 > fi > > SET_SAMBATOOL="$(which samba-tool)" > if [ -z "$SET_SAMBATOOL" ]; then > error "No samba-tool tool found, this script wil exit now.. this.. I > cant fix." > exit 0 > fi > > SET_TR="$(which tr)" > if [ -z "$SET_TR" ]; then > warning "No tr tool found, running apt-get update and install > coreutils, please wait.." > apt-get update > /dev/null > apt-get install -y --no-install-recommends coreutils > /dev/null > sleep 0.5 > SET_TR="$(which tr)" > fi > > ## get DC info > DCS="$(host -t SRV _kerberos._udp."${SETDNSDOMAIN}" | awk '{print $NF}'| > sed 's/.$//')" > if [ -z "${DCS}" ]; then > error "No Samba DCS found, host -t SRV _kerberos.udp.${SETDNSDOMAIN} > returned nothing" > error "exitting now..." > exit 0 > fi > > #SAMBA_DC_FSMO=(${SET_SAMBATOOL} fsmo show | cut -d',' -f2 | head -n1 | > cut -c4-100 | ${SET_TR} '[:upper:]' '[:lower:]') > SAMBA_DC_FSMO=$(echo $(${SET_SAMBATOOL} fsmo show | cut -d"," -f2 | head > -n1 | cut -c4-100) | ${SET_TR} '[:upper:]' '[:lower:]') > SAMBA_DC1="${SAMBA_DC_FSMO}.${SETDNSDOMAIN}" > if [ -z "${SAMBA_DC1}" ]; then > error "No Samba DC Found with FSMO Roles, you might have dns problems" > error "exitting now..." > exit 0 > fi > > #SAMBA_DCS="$(echo ${DCS} | grep -v ${SAMBA_DC_FSMO})" > SAMBA_DCS=$(echo "$DCS" | grep -v "${SAMBA_DC_FSMO}") > if [ -z "${SAMBA_DCS}" ]; then > error "No Samba DC's Found with, you might have dns problems" > error "exitting now..." > echo $SAMBA_DCS > exit 0 > fi > > SAMBA_NT_DOMAINNAME="$($SET_SAMBATOOL domain info "${SAMBA_DC1}" | grep > Netbios | cut -d":" -f2 | cut -c2-100)" > ERROR: Invalid IP address 'dc1.subdom.example.com'! > if [ -z "${SAMBA_NT_DOMAINNAME}" ]; then > error "No Samba NT DOMAIN Name found" > error "exitting now..." > exit 0 > fi > No Samba NT DOMAIN Name found > exitting now... >What to do?
Seems to relate to kerberos. I cannot "kinit administrator". Returns "kinit cannot contact KDC for realm 'subdom.example.com' while getting initial credentials." "samba-info.sh" script returns 'NT_STATUS_CONNECTION_REFUSED' and that 'ERROR: invalid ip address for dc1.subdom.example.com' (Sorry on my laptop. Difficult to copy & paste output info.) On Tue, Sep 29, 2020 at 6:43 AM Robert Wooden <wdn2420systm at gmail.com> wrote:> Louis, > Upgraded to 4.13 and running "samba-check-db-repl.sh" exits with: "No > Samba NT DOMAIN Name found exitting now...: > > Complete output: > >> #!/bin/bash -v >> >> ## >> ## Version : 1.0.8 >> ## release d.d. : 24-03-2015 >> ## Author : L. van Belle >> ## E-mail : louis at van-belle.nl >> ## Copyright : Free as free can be, copy it, change it if needed. >> ## Sidenote : if you change things, please inform me >> ## ChangeLog : first release d.d. 23-03-2015 >> ## 24-03-2015 : 1.0.2 few small changes, thanks Rowland for the >> suggestions. >> ## 22-04-2015 : 1.0.3 moved mailx part within check if an e-mail adres >> is used. >> ## 24-04-2015 : 1.0.4 added extra check, so if no is if found, you get >> an error message and not a python error. >> ## 21-11-2016 : 1.0.5 extra filter options. ( samba 4.5.x needs >> adjusting ) >> ## ( removed the . in the hostname resolving for the DCS, this was no >> error, but its more clear what people want to see ) >> ## 12-02-2018 : 1.0.6 fix the test for presence of "FAILURE" will be >> true even if the actual result is "successful". >> ## 13-02-2018 : 1.0.7 fix filter, variable was not used. optimized >> code, remove ^M. >> ## 30-01-2019 : 1.0.8 change filter defaults to whenChanged,dc,DC,cn,CN >> >> ## Samba database checker. ( samba 4.1-4.8 tested) >> ## This script wil check for error in the samba databases with samba-tool >> ## If needed adjust it to your os needs. >> >> ## !! Warning, samba 4.5.0 - 4.5.1 errors about cn CN ou OU differences. >> ## This is a samba bug : https://bugzilla.samba.org/show_bug.cgi?id=12399 >> # you may need to adjust the filter options below. (SAMBA_LDAPCMD_FILTER) >> >> ## NOTICE !! This script does only work with samba DC's >> ## A samba DC + Windows DC wont work and is not tested, if you get that >> to work, >> ## please share the code ;-) >> >> ## Howto use it: >> ## Put it on any samba4 DC and run it. >> ## if you put it in a cron job, >> ## set the mail report adres and put in the password for Administrator >> ## and set the relayhost. >> ## Test it, by remove-ing the email adres at EMAIL_REPORT_ADRES >> ## and you get a console output of the checks. >> ## Thats it, enjoy.. >> ## All other settings are optional.. >> >> ## Only tested with user "Administrator".. best is not to change this. >> SAMBA_NT_ADMIN_USER="Administrator" >> ## if empty the script wil ask for the pass.. >> ## for running this with cron this is a must ! >> SAMBA_NT_ADMIN_PASS="mypassword" >> >> ## perform 2 checkes by default for the database replication >> ## keep both set to yes, thats the best. >> SAMBA_CHECKDB_WITH_DRS="yes" >> SAMBA_CHECKDB_WITH_LDAPCMD="yes" >> ## Filter non-synced attributes >> ## Change the filter to avoid mismatching, some items can be ignored. >> ## Some examples. : >> whenChanged,usnChanged,usnCreated,msDS-NcType,serverState >> ## add them with "," seperated. >> SAMBA_LDAPCMD_FILTER="whenChanged,dc,DC,cn,CN" >> >> # TODO, this one is not integrated yet! >> ## Compare single AD partitions on Domain Controller DC1 and DC2: >> ## You can compair also only one for more partitions in stead of the full >> DB. >> ## The options are : domain configuration schema dnsdomain dnsforest >> ## Keep empty for full DB compair, or space separated partition options. >> #SAMBA_LDAPCMD_PARTITIONS="" >> >> >> ## The email adress to report to. >> ## If you put an e-mail adres here the script wil also check for mail >> tools.. etc >> ## Email are only send when errors are found and no console output ! >> ## if you want console put, dont put any email address here.. >> EMAIL_REPORT_ADDRESS="myemailaddress" >> >> >> ## Normaly only e-mail are send when errors are found, or set yes for >> always email >> EMAIL_REPORT_ALWAYS="no" >> >> ## I use postfix as relay host. ( set to run on localhost only) >> ## Put here your mail relay host >> ## hostname or hostname-fqdn or ip or ip:port are ok. >> ## This is only used when NO sendmail program if found. >> POSTFIX_RELAY_HOST="" >> >> ## postfix wil be automatily setup for your. >> ## If you did already setup any mail server on the server or you are able >> to mail >> ## from this server with "mail" command, then this script does not >> install postfix. >> >> ## cleanup the log in /tmp >> ## can be handy if you want to review manualy. >> SETREMOVELOG="no" >> >> ## So you reached the end for the configure.. >> ## Set this one to yes.. and your good to go. >> ####CONFIGURED="no" >> CONFIGURED="yes" >> >> >> ####################################################################### >> ## DONT CHANGE BELOW Please, if you make changes, please share them. # >> ####################################################################### >> >> ## hostname in single word, but you dont need to change this >> SETHOSTNAME="$(hostname -s)" >> ## domainname.tld, but if you installed correct, you dont need to change >> this >> SETDNSDOMAIN="$(hostname -d)" >> ## hostname.domainname.tld, but if you installed correct, you dont need >> to change this >> SETFQDN="$(hostname -f)" >> >> >> SETTPUT="$(which tput)" >> if [ -z "${SETTPUT}" ]; then >> echo "program tput not found, installing it now.. please wait" >> apt-get update > /dev/null >> apt-get install -y --no-install-recommends ncurses-bin > /dev/null >> fi >> >> RED="$(${SETTPUT} setaf 1)" >> NORMAL="$(${SETTPUT} sgr0)" >> GREEN="$(${SETTPUT} setaf 2)" >> YELLOW="$(${SETTPUT} setaf 3)" >> UNDERLINE="$(${SETTPUT} smul)" >> WHITE="$(${SETTPUT} setaf 7)" >> BOLD="$(${SETTPUT} bold)" >> >> message() { >> printf "%40s\n" "${WHITE}${BOLD}$*${NORMAL}" >> } >> good() { >> printf "%40s\n" "${GREEN}$*${NORMAL}" >> } >> error() { >> printf "%40s\n" "${RED}$*${NORMAL}" >> } >> warning() { >> printf "%40s\n" "${YELLOW}$*${NORMAL}" >> } >> warning_underline() { >> printf "%40s\n" "${YELLOW}${UNDERLINE}$*${NORMAL}" >> } >> >> check_run_as_sudo_root() { >> if ! [[ $EUID -eq 0 ]]; then >> error "This script should be run using sudo or by root." >> exit 1 >> fi >> } >> configured_script() { >> if [ "${CONFIGURED}" = "no" ]; then >> error "####################################################" >> error "You need to configure this script first to run it. " >> echo " " >> error "exiting script now... " >> exit 0 >> fi >> } >> >> configured_script >> check_run_as_sudo_root >> >> if [ $SAMBA_CHECKDB_WITH_DRS = "no" ] && [ ${SAMBA_CHECKDB_WITH_LDAPCMD} >> = "no" ] ; then >> error "When you set both SAMBA_CHECKBD... to NO.. then there is no >> point of running this script" >> error "Please set at least 1 of these checks to yes" >> error "exiting script now... " >> exit 0 >> fi >> >> SET_SAMBATOOL="$(which samba-tool)" >> if [ -z "$SET_SAMBATOOL" ]; then >> error "No samba-tool tool found, this script wil exit now.. this.. I >> cant fix." >> exit 0 >> fi >> >> SET_TR="$(which tr)" >> if [ -z "$SET_TR" ]; then >> warning "No tr tool found, running apt-get update and install >> coreutils, please wait.." >> apt-get update > /dev/null >> apt-get install -y --no-install-recommends coreutils > /dev/null >> sleep 0.5 >> SET_TR="$(which tr)" >> fi >> >> ## get DC info >> DCS="$(host -t SRV _kerberos._udp."${SETDNSDOMAIN}" | awk '{print $NF}'| >> sed 's/.$//')" >> if [ -z "${DCS}" ]; then >> error "No Samba DCS found, host -t SRV _kerberos.udp.${SETDNSDOMAIN} >> returned nothing" >> error "exitting now..." >> exit 0 >> fi >> >> #SAMBA_DC_FSMO=(${SET_SAMBATOOL} fsmo show | cut -d',' -f2 | head -n1 | >> cut -c4-100 | ${SET_TR} '[:upper:]' '[:lower:]') >> SAMBA_DC_FSMO=$(echo $(${SET_SAMBATOOL} fsmo show | cut -d"," -f2 | head >> -n1 | cut -c4-100) | ${SET_TR} '[:upper:]' '[:lower:]') >> SAMBA_DC1="${SAMBA_DC_FSMO}.${SETDNSDOMAIN}" >> if [ -z "${SAMBA_DC1}" ]; then >> error "No Samba DC Found with FSMO Roles, you might have dns problems" >> error "exitting now..." >> exit 0 >> fi >> >> #SAMBA_DCS="$(echo ${DCS} | grep -v ${SAMBA_DC_FSMO})" >> SAMBA_DCS=$(echo "$DCS" | grep -v "${SAMBA_DC_FSMO}") >> if [ -z "${SAMBA_DCS}" ]; then >> error "No Samba DC's Found with, you might have dns problems" >> error "exitting now..." >> echo $SAMBA_DCS >> exit 0 >> fi >> >> SAMBA_NT_DOMAINNAME="$($SET_SAMBATOOL domain info "${SAMBA_DC1}" | grep >> Netbios | cut -d":" -f2 | cut -c2-100)" >> ERROR: Invalid IP address 'dc1.subdom.example.com'! >> if [ -z "${SAMBA_NT_DOMAINNAME}" ]; then >> error "No Samba NT DOMAIN Name found" >> error "exitting now..." >> exit 0 >> fi >> No Samba NT DOMAIN Name found >> exitting now... >> > > What to do? > >
In addition, both DC's are not "running" root at tdc2:~# systemctl status samba-ad-dc.service> ? samba-ad-dc.service - Samba AD Daemon > Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; > vendor preset: enabled) > Active: failed (Result: timeout) since Tue 2020-09-29 06:25:00 CDT; 2h > 17min ago > Docs: man:samba(8) > man:samba(7) >man:smb.conf(5)> Process: 407 ExecStart=/usr/sbin/samba --foreground --no-process-group > $SAMBAOPTIONS (code=exited, status=127) > Main PID: 407 (code=exited, status=127) > > Sep 29 06:23:33 dc2 systemd[1]: samba-ad-dc.service: Got notification > message from PID 445, but reception only permitted for mai > Sep 29 06:23:33 dc2 smbd[445]: daemon_ready: daemon 'smbd' finished > starting up and ready to serve connections > Sep 29 06:25:00 dc2 systemd[1]: samba-ad-dc.service: Start operation timed > out. Terminating. > Sep 29 06:25:00 dc2 winbindd[591]: [2020/09/29 06:25:00.232182, 0] > ../../source3/winbindd/winbindd.c:248(winbindd_sig_term_hand > Sep 29 06:25:00 dc2 winbindd[591]: Got sig[15] terminate (is_parent=0) > Sep 29 06:25:00 dc2 winbindd[597]: [2020/09/29 06:25:00.232517, 0] > ../../source3/winbindd/winbindd.c:248(winbindd_sig_term_hand > Sep 29 06:25:00 dc2 winbindd[597]: Got sig[15] terminate (is_parent=0) > Sep 29 06:25:00 dc2 systemd[1]: samba-ad-dc.service: Main process exited, > code=exited, status=127/n/a > Sep 29 06:25:00 dc2 systemd[1]: samba-ad-dc.service: Failed with result > 'timeout'. > Sep 29 06:25:00 dc2 systemd[1]: Failed to start Samba AD Daemon. > lines 1-19/19 (END) >Suggestions?
L.P.H. van Belle
2020-Sep-29 14:21 UTC
[Samba] No Samba NT DOMAIN Name found exitting now...
Hai, As im very busy, a quick reply. First try: systemctl stop samba-ad-dc bind9 systemctl start bind9 samba-ad-dc As far i quickly can tell, its a matter of "your resolving is not working." Verify /etc/hosts /etc/resolv.conf Is bind running? Last, after this update, did you wait a few min, per server? I just upgraded both my dc's way ahead of schedule .. ;-) 0 problems. Only after checking. So before upgrade. samba-tool domain info dc1 Forest : internal.domain.tld Domain : internal.domain.tld Netbios domain : ADDOM DC name : dc1.internal.domain.tld DC netbios name : DC1 Server site : Default-First-Site-Name Client site : Default-First-Site-Name root at dc1:~# samba-tool domain info dc1 ERROR: Invalid IP address dc1'! root at dc1:~# samba-tool domain info dc1.rotterdam.bazuin.nl ERROR: Invalid IP address 'dc1.rotterdam.bazuin.nl'! root at dc1:~# samba-tool domain info dc1 ERROR: Invalid IP address 'rtd-dc1'! root at dc1:~# samba-tool domain info Usage: samba-tool domain info <ip_address> [options] root at rtd-dc1:~# samba-tool domain info 192.168.0.1 ERROR: Invalid IP address '192.168.0.1'! I say restore backkup, dont use 4.13 on AD-DC YET! This is exactly why i dont upgrade my DC's with a .0 or .1 version.. Back to my work and reverting my own dc's.. Yeah, i did a quick test in my production... But i can snapshot them and revert them very quickly.. So again, im adding : Just my tip, test 4.13 good before you use it in production. ( as with every new big release) None of the? xx.yy.0 versions are used in production environment. This what i follow. a .0 will go on a test server in production environment. a .1 will go on auth only servers. a .2 will go on auth and file share servers. a .3 will go on AD-DC's Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert Wooden via samba > Verzonden: dinsdag 29 september 2020 15:19 > Aan: SAMBA MailList > Onderwerp: Re: [Samba] No Samba NT DOMAIN Name found exitting now... > > Seems to relate to kerberos. I cannot "kinit administrator". > Returns "kinit cannot contact KDC for realm 'subdom.example.com' while > getting initial credentials." > > "samba-info.sh" script returns 'NT_STATUS_CONNECTION_REFUSED' and that > 'ERROR: invalid ip address for dc1.subdom.example.com' > > (Sorry on my laptop. Difficult to copy & paste output info.) > > > > On Tue, Sep 29, 2020 at 6:43 AM Robert Wooden <wdn2420systm at gmail.com> > wrote: > > > Louis, > > Upgraded to 4.13 and running "samba-check-db-repl.sh" exits > with: "No > > Samba NT DOMAIN Name found exitting now...: > > > > Complete output: > > > >> #!/bin/bash -v > >> > >> ## > >> ## Version : 1.0.8 > >> ## release d.d. : 24-03-2015 > >> ## Author : L. van Belle > >> ## E-mail : louis at van-belle.nl > >> ## Copyright : Free as free can be, copy it, change it > if needed. > >> ## Sidenote : if you change things, please inform me > >> ## ChangeLog : first release d.d. 23-03-2015 > >> ## 24-03-2015 : 1.0.2 few small changes, thanks Rowland for the > >> suggestions. > >> ## 22-04-2015 : 1.0.3 moved mailx part within check if > an e-mail adres > >> is used. > >> ## 24-04-2015 : 1.0.4 added extra check, so if no is if > found, you get > >> an error message and not a python error. > >> ## 21-11-2016 : 1.0.5 extra filter options. ( samba 4.5.x needs > >> adjusting ) > >> ## ( removed the . in the hostname resolving for the DCS, > this was no > >> error, but its more clear what people want to see ) > >> ## 12-02-2018 : 1.0.6 fix the test for presence of > "FAILURE" will be > >> true even if the actual result is "successful". > >> ## 13-02-2018 : 1.0.7 fix filter, variable was not used. > optimized > >> code, remove ^M. > >> ## 30-01-2019 : 1.0.8 change filter defaults to > whenChanged,dc,DC,cn,CN > >> > >> ## Samba database checker. ( samba 4.1-4.8 tested) > >> ## This script wil check for error in the samba databases > with samba-tool > >> ## If needed adjust it to your os needs. > >> > >> ## !! Warning, samba 4.5.0 - 4.5.1 errors about cn CN ou > OU differences. > >> ## This is a samba bug : > https://bugzilla.samba.org/show_bug.cgi?id=12399 > >> # you may need to adjust the filter options below. > (SAMBA_LDAPCMD_FILTER) > >> > >> ## NOTICE !! This script does only work with samba DC's > >> ## A samba DC + Windows DC wont work and is not tested, if > you get that > >> to work, > >> ## please share the code ;-) > >> > >> ## Howto use it: > >> ## Put it on any samba4 DC and run it. > >> ## if you put it in a cron job, > >> ## set the mail report adres and put in the password for > Administrator > >> ## and set the relayhost. > >> ## Test it, by remove-ing the email adres at EMAIL_REPORT_ADRES > >> ## and you get a console output of the checks. > >> ## Thats it, enjoy.. > >> ## All other settings are optional.. > >> > >> ## Only tested with user "Administrator".. best is not to > change this. > >> SAMBA_NT_ADMIN_USER="Administrator" > >> ## if empty the script wil ask for the pass.. > >> ## for running this with cron this is a must ! > >> SAMBA_NT_ADMIN_PASS="mypassword" > >> > >> ## perform 2 checkes by default for the database replication > >> ## keep both set to yes, thats the best. > >> SAMBA_CHECKDB_WITH_DRS="yes" > >> SAMBA_CHECKDB_WITH_LDAPCMD="yes" > >> ## Filter non-synced attributes > >> ## Change the filter to avoid mismatching, some items can > be ignored. > >> ## Some examples. : > >> whenChanged,usnChanged,usnCreated,msDS-NcType,serverState > >> ## add them with "," seperated. > >> SAMBA_LDAPCMD_FILTER="whenChanged,dc,DC,cn,CN" > >> > >> # TODO, this one is not integrated yet! > >> ## Compare single AD partitions on Domain Controller DC1 and DC2: > >> ## You can compair also only one for more partitions in > stead of the full > >> DB. > >> ## The options are : domain configuration schema dnsdomain > dnsforest > >> ## Keep empty for full DB compair, or space separated > partition options. > >> #SAMBA_LDAPCMD_PARTITIONS="" > >> > >> > >> ## The email adress to report to. > >> ## If you put an e-mail adres here the script wil also > check for mail > >> tools.. etc > >> ## Email are only send when errors are found and no > console output ! > >> ## if you want console put, dont put any email address here.. > >> EMAIL_REPORT_ADDRESS="myemailaddress" > >> > >> > >> ## Normaly only e-mail are send when errors are found, or > set yes for > >> always email > >> EMAIL_REPORT_ALWAYS="no" > >> > >> ## I use postfix as relay host. ( set to run on localhost only) > >> ## Put here your mail relay host > >> ## hostname or hostname-fqdn or ip or ip:port are ok. > >> ## This is only used when NO sendmail program if found. > >> POSTFIX_RELAY_HOST="" > >> > >> ## postfix wil be automatily setup for your. > >> ## If you did already setup any mail server on the server > or you are able > >> to mail > >> ## from this server with "mail" command, then this script does not > >> install postfix. > >> > >> ## cleanup the log in /tmp > >> ## can be handy if you want to review manualy. > >> SETREMOVELOG="no" > >> > >> ## So you reached the end for the configure.. > >> ## Set this one to yes.. and your good to go. > >> ####CONFIGURED="no" > >> CONFIGURED="yes" > >> > >> > >> > ############################################################## > ######### > >> ## DONT CHANGE BELOW Please, if you make changes, please > share them. # > >> > ############################################################## > ######### > >> > >> ## hostname in single word, but you dont need to change this > >> SETHOSTNAME="$(hostname -s)" > >> ## domainname.tld, but if you installed correct, you dont > need to change > >> this > >> SETDNSDOMAIN="$(hostname -d)" > >> ## hostname.domainname.tld, but if you installed correct, > you dont need > >> to change this > >> SETFQDN="$(hostname -f)" > >> > >> > >> SETTPUT="$(which tput)" > >> if [ -z "${SETTPUT}" ]; then > >> echo "program tput not found, installing it now.. please wait" > >> apt-get update > /dev/null > >> apt-get install -y --no-install-recommends ncurses-bin > > /dev/null > >> fi > >> > >> RED="$(${SETTPUT} setaf 1)" > >> NORMAL="$(${SETTPUT} sgr0)" > >> GREEN="$(${SETTPUT} setaf 2)" > >> YELLOW="$(${SETTPUT} setaf 3)" > >> UNDERLINE="$(${SETTPUT} smul)" > >> WHITE="$(${SETTPUT} setaf 7)" > >> BOLD="$(${SETTPUT} bold)" > >> > >> message() { > >> printf "%40s\n" "${WHITE}${BOLD}$*${NORMAL}" > >> } > >> good() { > >> printf "%40s\n" "${GREEN}$*${NORMAL}" > >> } > >> error() { > >> printf "%40s\n" "${RED}$*${NORMAL}" > >> } > >> warning() { > >> printf "%40s\n" "${YELLOW}$*${NORMAL}" > >> } > >> warning_underline() { > >> printf "%40s\n" "${YELLOW}${UNDERLINE}$*${NORMAL}" > >> } > >> > >> check_run_as_sudo_root() { > >> if ! [[ $EUID -eq 0 ]]; then > >> error "This script should be run using sudo or by root." > >> exit 1 > >> fi > >> } > >> configured_script() { > >> if [ "${CONFIGURED}" = "no" ]; then > >> error > "####################################################" > >> error "You need to configure this script first to run it. " > >> echo " " > >> error "exiting script now... " > >> exit 0 > >> fi > >> } > >> > >> configured_script > >> check_run_as_sudo_root > >> > >> if [ $SAMBA_CHECKDB_WITH_DRS = "no" ] && [ > ${SAMBA_CHECKDB_WITH_LDAPCMD} > >> = "no" ] ; then > >> error "When you set both SAMBA_CHECKBD... to NO.. then > there is no > >> point of running this script" > >> error "Please set at least 1 of these checks to yes" > >> error "exiting script now... " > >> exit 0 > >> fi > >> > >> SET_SAMBATOOL="$(which samba-tool)" > >> if [ -z "$SET_SAMBATOOL" ]; then > >> error "No samba-tool tool found, this script wil exit > now.. this.. I > >> cant fix." > >> exit 0 > >> fi > >> > >> SET_TR="$(which tr)" > >> if [ -z "$SET_TR" ]; then > >> warning "No tr tool found, running apt-get update and install > >> coreutils, please wait.." > >> apt-get update > /dev/null > >> apt-get install -y --no-install-recommends coreutils > > /dev/null > >> sleep 0.5 > >> SET_TR="$(which tr)" > >> fi > >> > >> ## get DC info > >> DCS="$(host -t SRV _kerberos._udp."${SETDNSDOMAIN}" | awk > '{print $NF}'| > >> sed 's/.$//')" > >> if [ -z "${DCS}" ]; then > >> error "No Samba DCS found, host -t SRV > _kerberos.udp.${SETDNSDOMAIN} > >> returned nothing" > >> error "exitting now..." > >> exit 0 > >> fi > >> > >> #SAMBA_DC_FSMO=(${SET_SAMBATOOL} fsmo show | cut -d',' -f2 > | head -n1 | > >> cut -c4-100 | ${SET_TR} '[:upper:]' '[:lower:]') > >> SAMBA_DC_FSMO=$(echo $(${SET_SAMBATOOL} fsmo show | cut > -d"," -f2 | head > >> -n1 | cut -c4-100) | ${SET_TR} '[:upper:]' '[:lower:]') > >> SAMBA_DC1="${SAMBA_DC_FSMO}.${SETDNSDOMAIN}" > >> if [ -z "${SAMBA_DC1}" ]; then > >> error "No Samba DC Found with FSMO Roles, you might > have dns problems" > >> error "exitting now..." > >> exit 0 > >> fi > >> > >> #SAMBA_DCS="$(echo ${DCS} | grep -v ${SAMBA_DC_FSMO})" > >> SAMBA_DCS=$(echo "$DCS" | grep -v "${SAMBA_DC_FSMO}") > >> if [ -z "${SAMBA_DCS}" ]; then > >> error "No Samba DC's Found with, you might have dns problems" > >> error "exitting now..." > >> echo $SAMBA_DCS > >> exit 0 > >> fi > >> > >> SAMBA_NT_DOMAINNAME="$($SET_SAMBATOOL domain info > "${SAMBA_DC1}" | grep > >> Netbios | cut -d":" -f2 | cut -c2-100)" > >> ERROR: Invalid IP address 'dc1.subdom.example.com'! > >> if [ -z "${SAMBA_NT_DOMAINNAME}" ]; then > >> error "No Samba NT DOMAIN Name found" > >> error "exitting now..." > >> exit 0 > >> fi > >> No Samba NT DOMAIN Name found > >> exitting now... > >> > > > > What to do? > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >