Denis Morejon
2021-Mar-22 17:41 UTC
[Samba] Linux workstations lose relationship with domain
Hi: I have two domain controllers. dc1 and dc2. They both with debian 10 and samba 4.7.4 installed from source. And working find since a long time. Since a month ago some time a group of linux workstations lost domain's computer account a we had to re-join It. This have been happing each two weeks. I don't know what's the error. samba-tool dbcheck returns some warning: root at dc2:~# samba-tool dbcheck Checking 7283 objects NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448922\0ADEL:9a5dd0c0-cd08-40ac-a41a-71e6237dc952,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448925\0ADEL:ae135015-60dd-47df-8746-3015b124469a,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448921\0ADEL:27a24c2c-bddf-450d-8751-b3b9e457fbd9,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 Series PCL\0ADEL:38c22067-141b-427f-9e46-537e3a958823,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 0016448923\0ADEL:ecd013b6-b9ef-4919-8da6-0e976e27fbcb,CN=Deleted Objects,DC=dtcf,DC=etecsa,DC=cu - <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu Not fixing old string component Checked 7283 objects (0 errors) I have 500 users, and I want to know if I need a mysql as backend or maybe something else to improve the db consistency. Best regards
Denis Morejon
2021-Mar-22 17:51 UTC
[Samba] Linux workstations lose relationship with domain
> Hi: > > I have two domain controllers. dc1 and dc2. They both with debian 10 > and samba 4.7.4 installed from source. And working find since a long > time. Since a month ago some time a group of linux workstations lost > domain's computer account a we had to re-join It. This have been > happing each two weeks. I don't know what's the error. samba-tool > dbcheck returns some warning: > > root at dc2:~# samba-tool dbcheck > Checking 7283 objects > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448922\0ADEL:9a5dd0c0-cd08-40ac-a41a-71e6237dc952,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448925\0ADEL:ae135015-60dd-47df-8746-3015b124469a,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448921\0ADEL:27a24c2c-bddf-450d-8751-b3b9e457fbd9,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 Series > PCL\0ADEL:38c22067-141b-427f-9e46-537e3a958823,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448923\0ADEL:ecd013b6-b9ef-4919-8da6-0e976e27fbcb,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string component > Checked 7283 objects (0 errors) > > I have 500 users, and I want to know if I need a mysql as backend or > maybe something else to improve the db consistency. > > Best regards > > >
Rowland penny
2021-Mar-22 18:22 UTC
[Samba] Linux workstations lose relationship with domain
On 22/03/2021 17:41, Denis Morejon via samba wrote:> Hi: > > I have two domain controllers. dc1 and dc2. They both with debian 10 > and samba 4.7.4 installed from source.Got to ask why 4.7.4 ? Debian 10 come with 4.9.5> And working find since a long time. Since a month ago some time a > group of linux workstations lost domain's computer account a we had to > re-join It. This have been happing each two weeks. I don't know what's > the error. samba-tool dbcheck returns some warning: > > root at dc2:~# samba-tool dbcheck > Checking 7283 objects > NOTE: old (due to rename or delete) DN string component for > lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 > 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted > Objects,DC=dtcf,DC=etecsa,DC=cu - > <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu > Not fixing old string componentthey are deleted objects I would suggest you update Samba on the DC's (probably best to do this by adding new DC's and demoting? the old ones after). You can find the latest Samba here: https://apt.van-belle.nl/ Can you post your smb.conf files, one from a DC and another from one of the Unix domain members. Rowland