On 20/04/2020 18:20, Andrea Cucciarre' wrote:> Hello Rowland, > > One of my customer is reporting that sometime intermittently they > can't access the share. > When the issue appear the "wbinfo ping-dc"? and "net ads info" show > the following: > > # /opt/samba/bin/wbinfo --ping-dc > checking the NETLOGON for domain[FLEET] dc connection to "" failed > failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND > > # /opt/samba/bin/net ads info > LDAP server: 10.5.20.13 > LDAP server name: VSPWADRO01M.FLEET.AD > Realm: FLEET.AD > Bind Path: dc=FLEET,dc=AD > LDAP port: 389 > Server time: Mon, 20 Apr 2020 01:08:45 EDT > KDC server: 10.5.20.13 > Server time offset: 0 > Last machine account password change: Tue, 03 Mar 2020 11:48:12 EST > > It seems the issue started when they added a read only domain > controller, which is just VSPWADRO01M.FLEET.AD > When the issue is recovered the "wbinfo ping-dc"? and "net ads info" > show the following, so the DC selected is not VSPWADRO01M.FLEET.AD > > # /opt/samba/bin/net ads info > LDAP server: 10.5.2.11 > LDAP server name: PSPWAD01P.FLEET.AD > Realm: FLEET.AD > Bind Path: dc=FLEET,dc=AD > LDAP port: 389 > Server time: Mon, 20 Apr 2020 03:59:19 EDT > KDC server: 10.5.2.11 > Server time offset: 0 > Last machine account password change: Tue, 03 Mar 2020 11:48:12 EST > > # /opt/samba/bin/wbinfo --ping-dc > checking the NETLOGON for domain[FLEET] dc connection to > "vspwad01p.FLEET.AD" succeededThis sounds like a dns problem, are you pointing the clients at the RODC and is it the nearest DC ? I would check the network, cables, switches etc. Rowland
Denis Morejon
2021-Mar-22 17:41 UTC
[Samba] Linux workstations lose relationship with domain
Hi: I have two domain controllers. dc1 and dc2. They both with debian 10 and samba 4.7.4 installed from source. And working find since a long time. Since a month ago some time a group of linux workstations lost domain's computer account a we had to re-join It. This have been happing each two weeks. I don't know what's the error. samba-tool dbcheck returns some warning: root at dc2:~# samba-tool dbcheck Checking 7283 objects NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448922\0ADEL:9a5dd0c0-cd08-40ac-a41a-71e6237dc952,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448925\0ADEL:ae135015-60dd-47df-8746-3015b124469a,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448921\0ADEL:27a24c2c-bddf-450d-8751-b3b9e457fbd9,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 Series PCL\0ADEL:38c22067-141b-427f-9e46-537e3a958823,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448923\0ADEL:ecd013b6-b9ef-4919-8da6-0e976e27fbcb,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component Checked 7283 objects (0 errors) I have 500 users, and I want to know if I need a mysql as backend or maybe something else to improve the db consistency. Best regards