search for: villach

Today's episode of "why is AD break", brought to you by: > [2017/09/05 10:17:06.015617, 3] ../source4/auth/gensec/gensec_gssapi.c:613(gensec_gssapi_update) > Server GC/graz-dc-1b.ad.tao.at/ad.tao.at is not registered with our KDC: Miscellaneous failure (see text): Server (GC/graz-dc-1b.ad.tao.at/ad.tao.at at AD.TAO.AT) unknown > [2017/09/05 10:17:06.015717, 0]

Situation: Trying to upgrade Samba from 4.1 to 4.5 without disruption too much by adding new DCs and demoting old ones. After bringing online the first 4.5 DC, I ran `demote --remove-other-dead-server=` on that DC to remove one of the old 4.1 DCs (held no FSMO roles). That seemed to run fine (the DC had been offline for a few weeks at that point and I didn't want to restore it just for

/etc/hostname:villach-file /etc/hosts:# The following lines are desirable for IPv6 capable hosts /etc/hosts:::1 localhost ip6-localhost ip6-loopback /etc/hosts:ff02::1 ip6-allnodes /etc/hosts:ff02::2 ip6-allrouters /etc/hosts:127.0.0.1 localhost /etc/hosts:192.168.16.214 villach-file /etc/krb5.conf:[libdefaults] /e...

...that means getting to a clean state. No, i dont want a quick and dirty solution for you. You need to get a good fix. > > Besides, recreating containers is faster than manually > messing around in /var/lib on each one of them. > > > I suggest the following, move fsmo roles to villach-dc and > check database replications. > > DB replication is already spewing errors, what am I to look out for? Ok, get my check db script, run it from any dc. And post me the output. https://github.com/thctlo/samba4/blob/master/samba-check-db-repl.sh With the output, we should be able...

...s every other > week), so I wasn't aware of that yesterday > > ? All sorts of replication issues between the various DCs: > > > https://up.tao.at/u/samba/graz-dc-sem.txt (FSMO role holder) > > https://up.tao.at/u/samba/graz-dc-1b.txt > > https://up.tao.at/u/samba/villach-dc-1a.txt > > https://up.tao.at/u/samba/villach-dc-bis.txt > > (Unchanged from yesterday) > > ? Some DB issues: > > > https://up.tao.at/u/samba/graz-dc-sem-dbcheck.txt > > https://up.tao.at/u/samba/graz-dc-1b-dbcheck.txt > > https://up.tao.at/u/samba/villac...

On 2017-04-20 18:38, Rowland Penny wrote: > On Thu, 20 Apr 2017 18:00:24 +0200 > Sven Schwedas via samba <samba at lists.samba.org> wrote: > >> On 2017-04-07 13:44, Sven Schwedas via samba wrote: >>> In the end I just upgraded all DCs to 4.5 and remote-deleted the >>> broken ones. Seemed to work without a hitch, manual removal was >>> only necessary

...t; > Verify that the directory replication between all DCs > is working correctly: > > That's already broken before the update: > > https://up.tao.at/u/samba/graz-dc-sem.txt (FSMO role holder) > https://up.tao.at/u/samba/graz-dc-1b.txt > https://up.tao.at/u/samba/villach-dc-1a.txt > https://up.tao.at/u/samba/villach-dc-bis.txt > > Similarly, if I do "samba-tool dbcheck --cross-ncs" without yet > upgrading, to see in what state the DBs are: > > https://up.tao.at/u/samba/graz-dc-sem-dbcheck.txt > https://up.tao.at/u/samba/graz-dc-1b-d...

Once again, something with Samba thirty bazillion components broke. Once again, my choices for logging are "nothing" or "15 MB/s spread of ten different files, because 'client authentication failed' totally needs to be lower priority than malloc debug info". Once again, none of these messages is actually able to convey what broke, where, why. Why is it impossible for

Sven, Fist fix the smb.conf as i suggested, cap and non caps where it should be. Resolving settings based on the script output looks ok. Fix krb5.conf Then how many DC's are you having? > So, could somebody maybe help with the NT_STATUS_INTERNAL_DB_CORRUPTION > / DRS replication issue? Or will it be easier to just demote > the DC and provision a new one? Are all DC's

...ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;_ldap._tcp.dc._msdcs.ad.tao.at. IN SRV > > ;; ANSWER SECTION: > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 100 389 graz-dc-sem.ad.tao.at. > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 100 389 villach-dc-sem.ad.tao.at. > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 100 389 villach-dc-bis.ad.tao.at. > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 100 389 graz-dc-1b.ad.tao.at. > > ;; AUTHORITY SECTION: > _msdcs.ad.tao.at. 3600 IN SOA graz-dc-sem.ad.tao.at. hostmaster.ad.tao.at. 29 9...

...Checking file: /etc/nsswitch.conf passwd: files winbind group: files winbind shadow: files ( removed winbind from shadow) not used. winbind enum users = yes winbind enum groups = yes Better no, works the same, but your server is faster. #### site.conf netbios name = villach-file < in CAPS For windows/samba netbios resolving: NETBIOSNAME =! netbiosname DNS resolving : NETBIOSNAME == netbiosname REALM resolving : REALM =! realm Dnsdomain name : realm often looks like dnsdomainname but.. dnsdomainname =! REALM .. Clean up you site.conf. Make it as little a...

...had some things todo first here. > > 's fine. It's not like I don't have other stuff to worry about either. Pfew, im thinging your just waiting for me ;-) > > >> -----Oorspronkelijk bericht----- > >>>>> I suggest the following, move fsmo roles to villach-dc and > >>>> check database replications. > >>>> > >>>> DB replication is already spewing errors, what am I to look out > >>>> for? > >>> Ok, get my check db script, run it from any dc. And post me the > >>> outp...

...expected?). Mail servers are no longer domain joined, and unencrypted LDAP is finally gone, together with the terrible PHP scripts that needed it. Which allowed me to finally cleanup all the samba setups: https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt (File servers) https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt https://up.tao.at/u/samba/villach-dc-bis.2...

...e above, so make a checklist for this. They should be all modified accordingly now: https://up.tao.at/u/samba/graz-file.info2.txt https://up.tao.at/u/samba/graz-mail.info2.txt https://up.tao.at/u/samba/graz-dc-sem.info2.txt https://up.tao.at/u/samba/graz-dc-1b.info2.txt https://up.tao.at/u/samba/villach-file.info2.txt https://up.tao.at/u/samba/villach-mail.info2.txt https://up.tao.at/u/samba/villach-dc-1a.info2.txt https://up.tao.at/u/samba/villach-dc-bis.info2.txt And now that business hours are over, also all restarted. I'll let them do their thing overnight and check up on replication stat...

...lists.samba.org > Onderwerp: Re: [Samba] Server GC/name.dom/dom is not > registered with our KDC: Miscellaneous failure (see text): > Server (GC/name/dom at DOM) unknown > > On 2017-09-06 09:28, L.P.H. van Belle wrote: > >>> I suggest the following, move fsmo roles to villach-dc and > >> check database replications. > >> > >> DB replication is already spewing errors, what am I to > look out for? > > Ok, get my check db script, run it from any dc. And post me > the output. > > Output attached. Seems like all servers but gr...

...t;> >> 's fine. It's not like I don't have other stuff to worry about >> either. > Pfew, im thinging your just waiting for me ;-) > >> >>>> -----Oorspronkelijk bericht----- >>>>>>> I suggest the following, move fsmo roles to villach-dc >>>>>>> and >>>>>> check database replications. >>>>>> >>>>>> DB replication is already spewing errors, what am I to look >>>>>> out for? >>>>> Ok, get my check db script, run it from any...

...omain > joined, and unencrypted LDAP is finally gone, together with > the terrible > PHP scripts that needed it. > > Which allowed me to finally cleanup all the samba setups: > > https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt > https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt > > (File servers) > > https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt > https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt > https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt > https:/...

...gt; > > > ;; QUESTION SECTION: > > ;_ldap._tcp.dc._msdcs.ad.tao.at. IN SRV > > > > ;; ANSWER SECTION: > > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 > > 100 389 graz-dc-sem.ad.tao.at. > > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 > > 100 389 villach-dc-sem.ad.tao.at. > > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 > > 100 389 villach-dc-bis.ad.tao.at. > > _ldap._tcp.dc._msdcs.ad.tao.at. 900 IN SRV 0 > > 100 389 graz-dc-1b.ad.tao.at. > > > > ;; AUTHORITY SECTION: > > _msdcs.ad.tao.at. 3600 IN SOA >...

...them. /etc/hosts # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters 127.0.0.1 localhost 192.168.17.79 graz-mail.ad.tao.at graz-mail mail.graz.tao.at 192.168.17.58 database.local 192.168.16.209 mail.villach.tao.at Now the last 2 entries, if you resolving is correct, then the last too lines should not be needed. But, its not wrong, as long as the resolves also on the other servers where its needed. https://up.tao.at/u/samba/graz-dc-sem.info2.txt You are probley having a good reason for it. templ...

On 2017-11-13 12:33, Rowland Penny via samba wrote: > On Mon, 13 Nov 2017 12:05:33 +0100 > Sven Schwedas <sven.schwedas at tao.at> wrote: > >> /etc/hostname:villach-file >> /etc/hosts:# The following lines are desirable for IPv6 capable hosts >> /etc/hosts:::1 localhost ip6-localhost ip6-loopback >> /etc/hosts:ff02::1 ip6-allnodes >> /etc/hosts:ff02::2 ip6-allrouters >> /etc/hosts:127.0.0.1 localhost >> /etc/hosts:192.1...