Re: [Samba] Samba 4 Cleanup Managing and Otherwise

Fri, 18 Jun 2010 06:08:14 -0700 






--- Original message ---
Subject: Re: [Samba] Samba 4 Cleanup Managing and Otherwise
From: Michael Wood <[email protected]>
To: <[email protected]>
Cc: <[email protected]>
Date: Friday, 18/06/2010  5:34 AM

On 17 June 2010 04:49,  <[email protected]> wrote:



OK, there has got to be a way to work with this thing other than 
wiping the

Domain every time an error pops up.

Trying to resolve problems I did a git upgrade and:

setup# /usr/local/samba/sbin/upgradeprovision

Which provided the unhelpful:


Found 3 domain controllers, for the moment upgradeprovision is not 
able to
handle upgrade on domain with more than one DC, please demote the 
other(s)

DC(s) before upgrading


As I am actually trying to clean up an orphaned DC due to the fact 
that
dcpromo fails to remove AD from a windows server I am in even worse 
shape

than before the git upgrade.

As I don't have unlimited funds, and the M$ software is outrageously

expensive, I can't keep blowing Windows servers out and reprovisioning 
them.


Any ideas would be greatly appreciated here.


Maybe running ldapcmp against the samba box and the Windows box will
tell you something.  Also, maybe what you could do is get an LDIF
export of the directory, then add another Samba box to the domain and
get another LDIF export and compare them to see what was added.  Then
you should be able to know exactly what needs to be deleted again
afterwards.



Interestingly, after I wrote the above, I accessed the W2K3R2 DC and 
was able to use "sites and services" to delete the NTDS settings under 
the still listed orphaned DC, then go about manually deleting it from 
the rep lists for each server, then actually delete the server itself 
from the list, which is better than I was able to do.  It is now gone 
and Samba4 is no longer calling for it.


However, I am in a quandry over this mess now:


Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for 
CN=Schema,CN=Configuration,DC=tms3,DC=com - 
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for 
CN=Schema,CN=Configuration,DC=tms3,DC=com - 
NT_STATUS_INVALID_PARAMETER : WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
58bfc826-cd9f-445d-b6e5-ab7314ba0671._msdcs.tms3.com for 
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER : 
WERR_INVALID_PARAM
[Fri Jun 18 06:05:05 2010 PDT, 0 
../librpc/rpc/dcerpc_util.c:657:dcerpc_pipe_auth_recv()]
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 - 
NT_STATUS_INVALID_PARAMETER
[Fri Jun 18 06:05:05 2010 PDT, 0 
../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()]
dreplsrv_notify: Failed to send DsReplicaSync to 
af29c79c-57dc-40f3-bed1-95c3adda4cc8._msdcs.tms3.com for 
CN=Configuration,DC=tms3,DC=com - NT_STATUS_INVALID_PARAMETER : 
WERR_INVALID_PARAM



It has been suggested that it is a kerberos problem, but I'm stymied 
as to WHAT the problem is:


r...@t3:/usr/local/samba/var# kinit [email protected]
[email protected]'s Password:
r...@t3:/usr/local/samba/var# klist
Credentials cache: FILE:/tmp/krb5cc_0
       Principal: [email protected]

 Issued           Expires          Principal
Jun 18 06:05:36  Jun 18 16:05:36  krbtgt/[email protected]
r...@t3:/usr/local/samba/var#

Anywho, enough poking around for now.

Cheers,

TMS III





I haven't had a chance to try the above yet, though.

P.S.  I know the upgradeprovision script is being worked on at the
moment, so this might all be fixed soon, but maybe you should mention
it on the samba-technical list.

--
Michael Wood <[email protected]>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to