thr3ads.net - samba - [Samba] Recently joined RODC looses machine accounts [Dec 2024]

If this information is useful, please help other people find it:
Share via:

Mitja Tavčar

2024-Dec-06 11:29 UTC

[Samba] Recently joined RODC looses machine accounts

Il 06/12/24 10:45, Rowland Penny via samba ha scritto:> On Fri, 6 Dec 2024 10:19:31 +0100
> Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> 
>> But the machine accoounts are not completely lost, they seem lost if
>> i query the Read Only DC, when i query some of the other DC the
>> machine accounts result ok.
>>
>> I'have found that restarting winbind seems to solve the problem but
>> only for some short time. So i set up a testing script that checks
>> join every 5 minutes and eventually restarts winbind.
>>
>> The output is this:
>> [Thu 05 Dec 2024 03:40:02 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:45:01 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:50:03 PM CET] - Join is OK
>> [Thu 05 Dec 2024 03:55:01 PM CET] - Not joined - restart winbind
>> [Thu 05 Dec 2024 04:00:02 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:05:03 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:10:01 PM CET] - Join is OK
>> [Thu 05 Dec 2024 04:15:02 PM CET] - Not joined - restart winbind
>>
> 
> So, AD doesn't loose the clients, it is the clients that loose AD.
> 
> Try adding 'winbind refresh tickets = yes' to the clients smb.conf
file
> and restarting Samba.
> 
I added winbind refresh tickets = yes and restarted samba, smbd and winbind.
But nothing seems to change.

[Fri 06 Dec 2024 11:45:01 AM CET] - Join is OK
[Fri 06 Dec 2024 11:50:02 AM CET] - Join is OK
[Fri 06 Dec 2024 11:55:03 AM CET] - Join is OK
[Fri 06 Dec 2024 12:00:03 PM CET] - Join is OK
[Fri 06 Dec 2024 12:05:02 PM CET] - Not joined - restart winbind
[Fri 06 Dec 2024 12:10:02 PM CET] - Join is OK
[Fri 06 Dec 2024 12:15:02 PM CET] - Not joined - restart winbind
[Fri 06 Dec 2024 12:20:06 PM CET] - Join is OK


I also noticed that in log: log.wb-INTRA  these entries.
The "No server for domain .... available in site ..." at winbind
restart.

[2024/12/06 12:05:04.722326,  1, traceid=1]
source3/libsmb/namequery.c:3487(get_sorted_dc_list)
   get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT'
available in site 'PSN', fallback to all servers
[2024/12/06 12:05:08.142492,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
[2024/12/06 12:05:08.142531,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such file or
directory
[2024/12/06 12:05:34.401421,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
[2024/12/06 12:05:34.401456,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such file or
directory
[2024/12/06 12:15:02.199866,  1, traceid=1]
source3/libsmb/namequery.c:3487(get_sorted_dc_list)
   get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT'
available in site 'PSN', fallback to all servers
[2024/12/06 12:15:02.458944,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
[2024/12/06 12:15:02.458974,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such file or
directory
[2024/12/06 12:15:03.894741,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
[2024/12/06 12:15:03.894769,  1, traceid=1]
lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
   ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such file or
directory



-- 
Mitja Tav?ar



-- 
Mitja Tav?ar

Rowland Penny

2024-Dec-06 12:20 UTC

head link

[Samba] Recently joined RODC looses machine accounts

On Fri, 6 Dec 2024 12:29:03 +0100
Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> Il 06/12/24 10:45, Rowland Penny via samba ha scritto:
> > On Fri, 6 Dec 2024 10:19:31 +0100
> > Mitja Tav?ar via samba <samba at lists.samba.org> wrote:
> > 
> >> But the machine accoounts are not completely lost, they seem lost
> >> if i query the Read Only DC, when i query some of the other DC the
> >> machine accounts result ok.
> >>
> >> I'have found that restarting winbind seems to solve the
problem but
> >> only for some short time. So i set up a testing script that checks
> >> join every 5 minutes and eventually restarts winbind.
> >>
> >> The output is this:
> >> [Thu 05 Dec 2024 03:40:02 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:45:01 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:50:03 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 03:55:01 PM CET] - Not joined - restart winbind
> >> [Thu 05 Dec 2024 04:00:02 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:05:03 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:10:01 PM CET] - Join is OK
> >> [Thu 05 Dec 2024 04:15:02 PM CET] - Not joined - restart winbind
> >>
> > 
> > So, AD doesn't loose the clients, it is the clients that loose AD.
> > 
> > Try adding 'winbind refresh tickets = yes' to the clients
smb.conf
> > file and restarting Samba.
> > 
> 
> I added winbind refresh tickets = yes and restarted samba, smbd and
> winbind. But nothing seems to change.
If you are starting the 'samba', 'smbd' and 'winbindd'
binaries, then
something is very wrong.

You only start the 'samba' binary on a Samba AD DC, this will then
start the other required binaries.

On a Samba Unix domain member, you only start the 'smbd' and
'winbindd'
binaries (you can optionally start 'nmbd' as well if you require SMBv1).
> 
> [Fri 06 Dec 2024 11:45:01 AM CET] - Join is OK
> [Fri 06 Dec 2024 11:50:02 AM CET] - Join is OK
> [Fri 06 Dec 2024 11:55:03 AM CET] - Join is OK
> [Fri 06 Dec 2024 12:00:03 PM CET] - Join is OK
> [Fri 06 Dec 2024 12:05:02 PM CET] - Not joined - restart winbind
> [Fri 06 Dec 2024 12:10:02 PM CET] - Join is OK
> [Fri 06 Dec 2024 12:15:02 PM CET] - Not joined - restart winbind
> [Fri 06 Dec 2024 12:20:06 PM CET] - Join is OK
> 
> 
> I also noticed that in log: log.wb-INTRA  these entries.
> The "No server for domain .... available in site ..." at winbind
> restart.
> 
> [2024/12/06 12:05:04.722326,  1, traceid=1]
> source3/libsmb/namequery.c:3487(get_sorted_dc_list)
> get_sorted_dc_list: No server for domain 'INTRA.COMUNE.TRENTO.IT'
> available in site 'PSN', fallback to all servers [2024/12/06
> 12:05:08.142492,  1, traceid=1]
> lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug) ldb: Unable to open tdb
> '/var/lib/samba/private/secrets.ldb': No such file or directory
I think this is because it is an RODC, but is the RODC using itself as
its first nameserver ?

You will probably get more in the logs if you raise the log level in
smb.conf on the RODC, try '4'

Rowland

Apparently Analagous Threads

Search for more maybe matching threads

samba - Dec 2024 - Recently joined RODC looses machine accounts

[Samba] Recently joined RODC looses machine accounts

[Samba] Recently joined RODC looses machine accounts

Apparently Analagous Threads