corrupted db after upgrading to 4.7

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

corrupted db after upgrading to 4.7

Samba - General mailing list
Hello


last week we updated three domain controllers (Sernet Samba) from 4.2 to
4.7, typical upgrade path (4.3->4.4->4.5->4.6->4.7), everything was ok.

The next day we got a mail from the Sernet team informing they fixed a
bug affecting the group memberships.

https://bugzilla.samba.org/show_bug.cgi?id=13095

We've applied the update and few days after the update which should fix
the bug, we got a database corruption with multiple times the same user
in a group and the coherency check between all DC was bad.

I tried a dbcheck --cross-ncs --fix --yes, it fixed several errors
(>2000) but now i still have 372 persistant errors and the dbcheck
script won't fix them.

The domain is still working great, creating / removing users, edit
membership, the replication, everything works.

Here's a part of the errors, all of them are "missing backlink" or
"orphaned backlink".

[root@dc1 ~]# samba-tool dbcheck
Checking 1233 objects
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_ila,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_insertion,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_report_bud,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_public_commun,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_report,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_insertion,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_art_60,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_report_bud,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_public_commun,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_energie,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_accueil,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_ss,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_smd,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Marine
Mathias,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee_03,OU=AC,OU=MGROUPS,DC=contoso,DC=com
......
Not removing orphaned backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Sabine
Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Sabine
Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Sabine
Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Sabine
Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Cédric De
Mul,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: missing backlink attribute 'memberOf' in CN=Cédric De
Mul,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
Not fixing missing backlink memberOf
ERROR: orphaned backlink attribute 'memberOf' in CN=Sabine
Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
CN=cee_outils,OU=AC,OU=MGROUPS,DC=contoso,DC=com
Not removing orphaned backlink memberOf
Please use --fix to fix these errors
Checked 1233 objects (372 errors)

Is there any script or update to fix this issue ?


Thanks.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Hi Samba team and Maxence,

> last week we updated three domain controllers (Sernet Samba) from 4.2 to
> 4.7, typical upgrade path (4.3->4.4->4.5->4.6->4.7), everything was ok.
>
> The next day we got a mail from the Sernet team informing they fixed a
> bug affecting the group memberships.
>
> https://bugzilla.samba.org/show_bug.cgi?id=13095
>
> We've applied the update and few days after the update which should fix
> the bug, we got a database corruption with multiple times the same user
> in a group and the coherency check between all DC was bad.
>
> I tried a dbcheck --cross-ncs --fix --yes, it fixed several errors
> (>2000) but now i still have 372 persistant errors and the dbcheck
> script won't fix them.
>
> The domain is still working great, creating / removing users, edit
> membership, the replication, everything works.
>
> Here's a part of the errors, all of them are "missing backlink" or
> "orphaned backlink".

one of my colleague had the same issue after upgrade to 4.7.0 very
recently. We didn't have much time to look into it, so we just cleaned
up the member and memberof attributes (samba-tool group removemembers +
some ldbmodify) , then add back the users to the groups. It needed some
scripting to automate the stuff but it worked fine and dbcheck is now
happy.

Actually, as that specific domain has seen most upgrades from early 4.0
beta to 4.7, I was not sure if I was stumbling on some rotten entries in
my ldb database, or if it was a more widespread bug :-)

Cheers,

Denis


>
> [root@dc1 ~]# samba-tool dbcheck
> Checking 1233 objects
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_ila,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_insertion,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_report_bud,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_public_commun,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_report,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Gérard
> Dellaval,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_insertion,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_art_60,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_report_bud,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_public_commun,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_energie,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_accueil,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_ss,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Willy
> Gaspard,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_smd,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Marine
> Mathias,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee_03,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> ......
> Not removing orphaned backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Sabine
> Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Sabine
> Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Sabine
> Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Sabine
> Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
> Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
> Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Cédric De
> Mul,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Jean-Paul
> Tistaert,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: missing backlink attribute 'memberOf' in CN=Cédric De
> Mul,OU=CPAS,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cpas_applic,OU=CPAS,OU=MGROUPS,DC=contoso,DC=com
> Not fixing missing backlink memberOf
> ERROR: orphaned backlink attribute 'memberOf' in CN=Sabine
> Dillien,OU=AC,OU=MUSERS,DC=contoso,DC=com for link member in
> CN=cee_outils,OU=AC,OU=MGROUPS,DC=contoso,DC=com
> Not removing orphaned backlink memberOf
> Please use --fix to fix these errors
> Checked 1233 objects (372 errors)
>
> Is there any script or update to fix this issue ?
>
>
> Thanks.
>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
On Thu, 2017-11-02 at 15:56 +0100, Denis Cardon via samba wrote:

> Hi Samba team and Maxence,
>
> > last week we updated three domain controllers (Sernet Samba) from 4.2 to
> > 4.7, typical upgrade path (4.3->4.4->4.5->4.6->4.7), everything was ok.
> >
> > The next day we got a mail from the Sernet team informing they fixed a
> > bug affecting the group memberships.
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=13095
> >
> > We've applied the update and few days after the update which should fix
> > the bug, we got a database corruption with multiple times the same user
> > in a group and the coherency check between all DC was bad.
> >
> > I tried a dbcheck --cross-ncs --fix --yes, it fixed several errors
> > (>2000) but now i still have 372 persistant errors and the dbcheck
> > script won't fix them.
> >
> > The domain is still working great, creating / removing users, edit
> > membership, the replication, everything works.
> >
> > Here's a part of the errors, all of them are "missing backlink" or
> > "orphaned backlink".
>
> one of my colleague had the same issue after upgrade to 4.7.0 very
> recently. We didn't have much time to look into it, so we just cleaned
> up the member and memberof attributes (samba-tool group removemembers +
> some ldbmodify) , then add back the users to the groups. It needed some
> scripting to automate the stuff but it worked fine and dbcheck is now
> happy.
>
> Actually, as that specific domain has seen most upgrades from early 4.0
> beta to 4.7, I was not sure if I was stumbling on some rotten entries in
> my ldb database, or if it was a more widespread bug :-)

Metze has some patches that should better fix the backlink issue in
dbcheck, and I've proposed some patches to ensure that additional
backlinks don't cause trouble if the object needs to be deleted.

If dbcheck gives any more information when it fails to fix the missing
or orphaned backlink, it would be helpful to see that so we can ensure
we cover all the test cases needed for this.

Thanks,

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Here's my full log of the --fix, no more informations :(

https://pastebin.com/evkR0JiL


On 11/02/2017 04:14 PM, Andrew Bartlett wrote:

> On Thu, 2017-11-02 at 15:56 +0100, Denis Cardon via samba wrote:
>> Hi Samba team and Maxence,
>>
>>> last week we updated three domain controllers (Sernet Samba) from 4.2 to
>>> 4.7, typical upgrade path (4.3->4.4->4.5->4.6->4.7), everything was ok.
>>>
>>> The next day we got a mail from the Sernet team informing they fixed a
>>> bug affecting the group memberships.
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=13095
>>>
>>> We've applied the update and few days after the update which should fix
>>> the bug, we got a database corruption with multiple times the same user
>>> in a group and the coherency check between all DC was bad.
>>>
>>> I tried a dbcheck --cross-ncs --fix --yes, it fixed several errors
>>> (>2000) but now i still have 372 persistant errors and the dbcheck
>>> script won't fix them.
>>>
>>> The domain is still working great, creating / removing users, edit
>>> membership, the replication, everything works.
>>>
>>> Here's a part of the errors, all of them are "missing backlink" or
>>> "orphaned backlink".
>> one of my colleague had the same issue after upgrade to 4.7.0 very
>> recently. We didn't have much time to look into it, so we just cleaned
>> up the member and memberof attributes (samba-tool group removemembers +
>> some ldbmodify) , then add back the users to the groups. It needed some
>> scripting to automate the stuff but it worked fine and dbcheck is now
>> happy.
>>
>> Actually, as that specific domain has seen most upgrades from early 4.0
>> beta to 4.7, I was not sure if I was stumbling on some rotten entries in
>> my ldb database, or if it was a more widespread bug :-)
> Metze has some patches that should better fix the backlink issue in
> dbcheck, and I've proposed some patches to ensure that additional
> backlinks don't cause trouble if the object needs to be deleted.
>
> If dbcheck gives any more information when it fails to fix the missing
> or orphaned backlink, it would be helpful to see that so we can ensure
> we cover all the test cases needed for this.
>
> Thanks,
>
> Andrew Bartlett


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
> Here's my full log of the --fix, no more informations :(
>
> https://pastebin.com/evkR0JiL
>

No worries.

Andrew Bartlett

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Hello,

Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links,
is the fix you talk about planned for a future release ?

Our customer reported me, some users have issues when their logon server
is DC1 but not when it's DC2.

On DC1 some users have access to all shares, some doesn't have any
access at all.



On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
>>
> No worries.
>
> Andrew Bartlett
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Hi Maxence,

> Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links,
> is the fix you talk about planned for a future release ?
>
> Our customer reported me, some users have issues when their logon server
> is DC1 but not when it's DC2.
>
> On DC1 some users have access to all shares, some doesn't have any
> access at all.

actually this last symptom was the one that got us to hack quickly a
solution for the issue with orphaned backlink attribute 'memberOf'.
You'll probably have to do some cleanup as I pointed out in my last mail.

The bugzilla entry [1] you mentioned and corresponding patch prevents
the problem from happening, but I don't think it fixes it.

Cheers,

Denis

[1] https://bugzilla.samba.org/show_bug.cgi?id=13095

>
>
>
> On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
>> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
>>>
>> No worries.
>>
>> Andrew Bartlett
>>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Hello.

To follow-up this issue, since the upgrade, when i do a named reload it crash, look like there's duplicated zones.

Here's the log when i trigger a reload


nov 05 03:09:02 data.contoso.com named[2807]: received control channel command 'reload'
nov 05 03:09:02 data.contoso.com named[2807]: loading configuration from '/etc/named.conf'
nov 05 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
nov 05 03:09:02 data.contoso.com named[2807]: initializing GeoIP Country (IPv4) (type 1) DB
nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
nov 05 03:09:02 data.contoso.com named[2807]: initializing GeoIP Country (IPv6) (type 12) DB
nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 Copy
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) (type 2) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) (type 6) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 31) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 3) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP ISP (type 4) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Org (type 5) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP AS (type 9) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP NetSpeed (type 10) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: using default UDP/IPv4 port range: [1024, 65535]
nov 05 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port range: [1024, 65535]
nov 05 03:09:02 data.contoso.com named[2807]: sizing zone task pool based on 6 zones
nov 05 03:09:02 data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver dlopen
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: starting configure
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'ratchet.com' from 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone '17.172.in-addr.arpa' from 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'johndoe.com' from 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'contoso.com' from 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone '_msdcs.contoso.com' from 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key for view _default
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 10.IN-ADDR.ARPA
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 16.172.IN-ADDR.ARPA
....
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: main process exited, code=killed, status=6/ABRT
nov 05 03:09:02 data.contoso.com sh[24531]: kill: échec de changement de d'envoi de signal vers 2807: Aucun processus de ce type
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: control process exited, code=exited status=1
nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom> [...]
nov 05 03:09:02 data.contoso.com sh[24537]: Options :
nov 05 03:09:02 data.contoso.com sh[24537]: -a, --all              ne pas restreindre la conversion de nom en PID aux
nov 05 03:09:02 data.contoso.com sh[24537]: processus avec le même UID que le processus actuel
nov 05 03:09:02 data.contoso.com sh[24537]: -s, --signal <sig>     envoyer le signal indiqué
nov 05 03:09:02 data.contoso.com sh[24537]: -q, --queue <sig>      utiliser sigqueue(2) au lieu de kill(2)
nov 05 03:09:02 data.contoso.com sh[24537]: -p, --pid              afficher les PID sans leur envoyer de signal
nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list [=<signal>] afficher les noms de signal, ou en convertir un en nom
nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table            afficher les noms et numéros de signal
nov 05 03:09:02 data.contoso.com sh[24537]: -h, --help     afficher cette aide et quitter
nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version  afficher les informations de version et quitter
nov 05 03:09:02 data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des précisions complémentaires.
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: control process exited, code=exited status=1
nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed for Berkeley Internet Name Domain (DNS).
nov 05 03:09:02 data.contoso.com systemd[1]: Unit named.service entered failed state.
nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.



Is it related to Samba after the same bug ?

If i remove the samba dlz part in the named config, it's fine.

Thanks :)



----- Mail original -----
De: "Denis Cardon" <[hidden email]>
À: "Maxence Sartiaux" <[hidden email]>, "Andrew Bartlett" <[hidden email]>
Cc: [hidden email]
Envoyé: Vendredi 3 Novembre 2017 11:02:18
Objet: Re: [Samba] corrupted db after upgrading to 4.7

Hi Maxence,

> Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links,
> is the fix you talk about planned for a future release ?
>
> Our customer reported me, some users have issues when their logon server
> is DC1 but not when it's DC2.
>
> On DC1 some users have access to all shares, some doesn't have any
> access at all.

actually this last symptom was the one that got us to hack quickly a
solution for the issue with orphaned backlink attribute 'memberOf'.
You'll probably have to do some cleanup as I pointed out in my last mail.

The bugzilla entry [1] you mentioned and corresponding patch prevents
the problem from happening, but I don't think it fixes it.

Cheers,

Denis

[1] https://bugzilla.samba.org/show_bug.cgi?id=13095

>
>
>
> On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
>> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
>>>
>> No worries.
>>
>> Andrew Bartlett
>>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
Hai,

This does not seem right.
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: starting configure
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'ratchet.com' from 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone '17.172.in-addr.arpa' from 'DC=@,DC=17.172.in-

And DC=@ ? Did you remove the hostname or is this "as-is".

Check if in bind9, if there is any configuration done for zones:
ratchet.com and 17.172.in-addr.arpa

Remove/remark, any configuration for that and try again.

I suggest stop bind and samba and start again.
Dont use reload/restart


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Maxence SARTIAUX via samba
> Verzonden: maandag 6 november 2017 11:40
> Aan: Andrew Bartlett
> CC: [hidden email]; Denis Cardon
> Onderwerp: Re: [Samba] corrupted db after upgrading to 4.7
>
> Hello.
>
> To follow-up this issue, since the upgrade, when i do a named
> reload it crash, look like there's duplicated zones.
>
> Here's the log when i trigger a reload
>
>
> nov 05 03:09:02 data.contoso.com named[2807]: received
> control channel command 'reload'
> nov 05 03:09:02 data.contoso.com named[2807]: loading
> configuration from '/etc/named.conf'
> nov 05 03:09:02 data.contoso.com named[2807]: reading
> built-in trusted keys from file '/etc/named.iscdlv.key'
> nov 05 03:09:02 data.contoso.com named[2807]: initializing
> GeoIP Country (IPv4) (type 1) DB
> nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE
> 20160607 Build 1 Copyright (c) 2016 MaxMind
> nov 05 03:09:02 data.contoso.com named[2807]: initializing
> GeoIP Country (IPv6) (type 12) DB
> nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE
> 20160607 Build 1 Copy
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City
> (IPv4) (type 2) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City
> (IPv4) (type 6) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City
> (IPv6) (type 30) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City
> (IPv6) (type 31) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region
> (type 3) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region
> (type 7) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP ISP (type
> 4) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Org (type
> 5) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP AS (type
> 9) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain
> (type 11) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP NetSpeed
> (type 10) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: using default
> UDP/IPv4 port range: [1024, 65535]
> nov 05 03:09:02 data.contoso.com named[2807]: using default
> UDP/IPv6 port range: [1024, 65535]
> nov 05 03:09:02 data.contoso.com named[2807]: sizing zone
> task pool based on 6 zones
> nov 05 03:09:02 data.contoso.com named[2807]: Loading 'AD DNS
> Zone' using driver dlopen
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> starting configure
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> Ignoring duplicate zone 'ratchet.com' from
> 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=cont
> oso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> Ignoring duplicate zone '17.172.in-addr.arpa' from
> 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones
> ,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> Ignoring duplicate zone 'johndoe.com' from
> 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=cont
> oso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> Ignoring duplicate zone 'contoso.com' from
> 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=cont
> oso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> Ignoring duplicate zone '_msdcs.contoso.com' from
> 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,
> DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: using built-in
> DLV key for view _default
> nov 05 03:09:02 data.contoso.com named[2807]: automatic empty
> zone: 10.IN-ADDR.ARPA
> nov 05 03:09:02 data.contoso.com named[2807]: automatic empty
> zone: 16.172.IN-ADDR.ARPA
> ....
> nov 05 03:09:02 data.contoso.com named[2807]: automatic empty
> zone: 110.100.IN-ADDR.ARPA
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service:
> main process exited, code=killed, status=6/ABRT
> nov 05 03:09:02 data.contoso.com sh[24531]: kill: échec de
> changement de d'envoi de signal vers 2807: Aucun processus de ce type
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service:
> control process exited, code=exited status=1
> nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
> nov 05 03:09:02 data.contoso.com sh[24537]: kill [options]
> <pid|nom> [...]
> nov 05 03:09:02 data.contoso.com sh[24537]: Options :
> nov 05 03:09:02 data.contoso.com sh[24537]: -a, --all        
>      ne pas restreindre la conversion de nom en PID aux
> nov 05 03:09:02 data.contoso.com sh[24537]: processus avec le
> même UID que le processus actuel
> nov 05 03:09:02 data.contoso.com sh[24537]: -s, --signal
> <sig>     envoyer le signal indiqué
> nov 05 03:09:02 data.contoso.com sh[24537]: -q, --queue <sig>
>      utiliser sigqueue(2) au lieu de kill(2)
> nov 05 03:09:02 data.contoso.com sh[24537]: -p, --pid        
>      afficher les PID sans leur envoyer de signal
> nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list
> [=<signal>] afficher les noms de signal, ou en convertir un en nom
> nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table      
>      afficher les noms et numéros de signal
> nov 05 03:09:02 data.contoso.com sh[24537]: -h, --help    
> afficher cette aide et quitter
> nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version  
> afficher les informations de version et quitter
> nov 05 03:09:02 data.contoso.com sh[24537]: Consultez kill(1)
> pour obtenir des précisions complémentaires.
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service:
> control process exited, code=exited status=1
> nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed
> for Berkeley Internet Name Domain (DNS).
> nov 05 03:09:02 data.contoso.com systemd[1]: Unit
> named.service entered failed state.
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.
>
>
>
> Is it related to Samba after the same bug ?
>
> If i remove the samba dlz part in the named config, it's fine.
>
> Thanks :)
>
>
>
> ----- Mail original -----
> De: "Denis Cardon" <[hidden email]>
> À: "Maxence Sartiaux" <[hidden email]>, "Andrew
> Bartlett" <[hidden email]>
> Cc: [hidden email]
> Envoyé: Vendredi 3 Novembre 2017 11:02:18
> Objet: Re: [Samba] corrupted db after upgrading to 4.7
>
> Hi Maxence,
>
> > Fyi, i've updated to 4.7.1, the dbcheck still not fix the
> broken links,
> > is the fix you talk about planned for a future release ?
> >
> > Our customer reported me, some users have issues when their
> logon server
> > is DC1 but not when it's DC2.
> >
> > On DC1 some users have access to all shares, some doesn't have any
> > access at all.
>
> actually this last symptom was the one that got us to hack quickly a
> solution for the issue with orphaned backlink attribute 'memberOf'.
> You'll probably have to do some cleanup as I pointed out in
> my last mail.
>
> The bugzilla entry [1] you mentioned and corresponding patch prevents
> the problem from happening, but I don't think it fixes it.
>
> Cheers,
>
> Denis
>
> [1] https://bugzilla.samba.org/show_bug.cgi?id=13095
>
> >
> >
> >
> > On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
> >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via
> samba wrote:
> >>>
> >> No worries.
> >>
> >> Andrew Bartlett
> >>
> >
>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 6 Nov 2017 11:39:50 +0100 (CET)
Maxence SARTIAUX via samba <[hidden email]> wrote:

> Hello.
>
> To follow-up this issue, since the upgrade, when i do a named reload
> it crash, look like there's duplicated zones.
>
> Here's the log when i trigger a reload
>
>
> nov 05 03:09:02 data.contoso.com named[2807]: received control
> channel command 'reload' nov 05 03:09:02 data.contoso.com
> named[2807]: loading configuration from '/etc/named.conf' nov 05
> 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys
> from file '/etc/named.iscdlv.key' nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv4) (type 1) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copyright (c) 2016 MaxMind nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv6) (type 12) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copy nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4)
> (type 2) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP City (IPv4) (type 6) DB not available nov 05
> 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> City (IPv6) (type 31) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP Region (type 3) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7)
> DB not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> ISP (type 4) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP Org (type 5) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP AS (type 9) DB not available nov
> 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> NetSpeed (type 10) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: using default UDP/IPv4 port range: [1024, 65535] nov 05
> 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port
> range: [1024, 65535] nov 05 03:09:02 data.contoso.com named[2807]:
> sizing zone task pool based on 6 zones nov 05 03:09:02
> data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver
> dlopen nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> starting configure nov 05 03:09:02 data.contoso.com named[2807]:
> samba_dlz: Ignoring duplicate zone 'ratchet.com' from
> 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '17.172.in-addr.arpa' from
> 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'johndoe.com' from
> 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'contoso.com' from
> 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '_msdcs.contoso.com' from
> 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key
> for view _default nov 05 03:09:02 data.contoso.com named[2807]:
> automatic empty zone: 10.IN-ADDR.ARPA nov 05 03:09:02
> data.contoso.com named[2807]: automatic empty zone:
> 16.172.IN-ADDR.ARPA .... nov 05 03:09:02 data.contoso.com
> named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA nov 05
> 03:09:02 data.contoso.com systemd[1]: named.service: main process
> exited, code=killed, status=6/ABRT nov 05 03:09:02 data.contoso.com
> sh[24531]: kill: échec de changement de d'envoi de signal vers 2807:
> Aucun processus de ce type nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
> nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom>
> [...] nov 05 03:09:02 data.contoso.com sh[24537]: Options : nov 05
> 03:09:02 data.contoso.com sh[24537]: -a, --all              ne pas
> restreindre la conversion de nom en PID aux nov 05 03:09:02
> data.contoso.com sh[24537]: processus avec le même UID que le
> processus actuel nov 05 03:09:02 data.contoso.com sh[24537]: -s,
> --signal <sig>     envoyer le signal indiqué nov 05 03:09:02
> data.contoso.com sh[24537]: -q, --queue <sig>      utiliser
> sigqueue(2) au lieu de kill(2) nov 05 03:09:02 data.contoso.com
> sh[24537]: -p, --pid              afficher les PID sans leur envoyer
> de signal nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list
> [=<signal>] afficher les noms de signal, ou en convertir un en nom
> nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table
> afficher les noms et numéros de signal nov 05 03:09:02
> data.contoso.com sh[24537]: -h, --help     afficher cette aide et
> quitter nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version
> afficher les informations de version et quitter nov 05 03:09:02
> data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des
> précisions complémentaires. nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed
> for Berkeley Internet Name Domain (DNS). nov 05 03:09:02
> data.contoso.com systemd[1]: Unit named.service entered failed state.
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.
>
>
>
> Is it related to Samba after the same bug ?
>
> If i remove the samba dlz part in the named config, it's fine.
>
> Thanks :)
>
>
>
> ----- Mail original -----
> De: "Denis Cardon" <[hidden email]>
> À: "Maxence Sartiaux" <[hidden email]>, "Andrew Bartlett"
> <[hidden email]> Cc: [hidden email]
> Envoyé: Vendredi 3 Novembre 2017 11:02:18
> Objet: Re: [Samba] corrupted db after upgrading to 4.7
>
> Hi Maxence,
>
> > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken
> > links, is the fix you talk about planned for a future release ?
> >
> > Our customer reported me, some users have issues when their logon
> > server is DC1 but not when it's DC2.
> >
> > On DC1 some users have access to all shares, some doesn't have any
> > access at all.
>
> actually this last symptom was the one that got us to hack quickly a
> solution for the issue with orphaned backlink attribute 'memberOf'.
> You'll probably have to do some cleanup as I pointed out in my last
> mail.
>
> The bugzilla entry [1] you mentioned and corresponding patch prevents
> the problem from happening, but I don't think it fixes it.
>
> Cheers,
>
> Denis
>
> [1] https://bugzilla.samba.org/show_bug.cgi?id=13095
>
> >
> >
> >
> > On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
> >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba
> >> wrote:
> >>>
> >> No worries.
> >>
> >> Andrew Bartlett
> >>
> >
>

Can you post your named conf files.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list

options {
        listen-on port 53 { 127.0.0.1; 172.17.2.187; };
        //listen-on-v6 port 53 { ::1; };
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 172.17.0.0/16; };
        allow-transfer { localhost; 172.17.2.188; 172.17.1.188; };

        forwarders { 195.238.2.21; 195.238.2.22; };

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
        recursion yes;

        dnssec-enable yes;
        dnssec-validation no;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/var/lib/samba/private/named.conf";






----- Mail original -----
De: "Rowland Penny" <[hidden email]>
À: "samba" <[hidden email]>
Cc: "Maxence SARTIAUX" <[hidden email]>
Envoyé: Lundi 6 Novembre 2017 11:51:02
Objet: Re: [Samba] corrupted db after upgrading to 4.7

On Mon, 6 Nov 2017 11:39:50 +0100 (CET)
Maxence SARTIAUX via samba <[hidden email]> wrote:

> Hello.
>
> To follow-up this issue, since the upgrade, when i do a named reload
> it crash, look like there's duplicated zones.
>
> Here's the log when i trigger a reload
>
>
> nov 05 03:09:02 data.contoso.com named[2807]: received control
> channel command 'reload' nov 05 03:09:02 data.contoso.com
> named[2807]: loading configuration from '/etc/named.conf' nov 05
> 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys
> from file '/etc/named.iscdlv.key' nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv4) (type 1) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copyright (c) 2016 MaxMind nov 05 03:09:02 data.contoso.com
> named[2807]: initializing GeoIP Country (IPv6) (type 12) DB nov 05
> 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1
> Copy nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4)
> (type 2) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP City (IPv4) (type 6) DB not available nov 05
> 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> City (IPv6) (type 31) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP Region (type 3) DB not available
> nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7)
> DB not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> ISP (type 4) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: GeoIP Org (type 5) DB not available nov 05 03:09:02
> data.contoso.com named[2807]: GeoIP AS (type 9) DB not available nov
> 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB
> not available nov 05 03:09:02 data.contoso.com named[2807]: GeoIP
> NetSpeed (type 10) DB not available nov 05 03:09:02 data.contoso.com
> named[2807]: using default UDP/IPv4 port range: [1024, 65535] nov 05
> 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port
> range: [1024, 65535] nov 05 03:09:02 data.contoso.com named[2807]:
> sizing zone task pool based on 6 zones nov 05 03:09:02
> data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver
> dlopen nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz:
> starting configure nov 05 03:09:02 data.contoso.com named[2807]:
> samba_dlz: Ignoring duplicate zone 'ratchet.com' from
> 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '17.172.in-addr.arpa' from
> 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'johndoe.com' from
> 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone 'contoso.com' from
> 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring
> duplicate zone '_msdcs.contoso.com' from
> 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com'
> nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key
> for view _default nov 05 03:09:02 data.contoso.com named[2807]:
> automatic empty zone: 10.IN-ADDR.ARPA nov 05 03:09:02
> data.contoso.com named[2807]: automatic empty zone:
> 16.172.IN-ADDR.ARPA .... nov 05 03:09:02 data.contoso.com
> named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA nov 05
> 03:09:02 data.contoso.com systemd[1]: named.service: main process
> exited, code=killed, status=6/ABRT nov 05 03:09:02 data.contoso.com
> sh[24531]: kill: échec de changement de d'envoi de signal vers 2807:
> Aucun processus de ce type nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
> nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom>
> [...] nov 05 03:09:02 data.contoso.com sh[24537]: Options : nov 05
> 03:09:02 data.contoso.com sh[24537]: -a, --all              ne pas
> restreindre la conversion de nom en PID aux nov 05 03:09:02
> data.contoso.com sh[24537]: processus avec le même UID que le
> processus actuel nov 05 03:09:02 data.contoso.com sh[24537]: -s,
> --signal <sig>     envoyer le signal indiqué nov 05 03:09:02
> data.contoso.com sh[24537]: -q, --queue <sig>      utiliser
> sigqueue(2) au lieu de kill(2) nov 05 03:09:02 data.contoso.com
> sh[24537]: -p, --pid              afficher les PID sans leur envoyer
> de signal nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list
> [=<signal>] afficher les noms de signal, ou en convertir un en nom
> nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table
> afficher les noms et numéros de signal nov 05 03:09:02
> data.contoso.com sh[24537]: -h, --help     afficher cette aide et
> quitter nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version
> afficher les informations de version et quitter nov 05 03:09:02
> data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des
> précisions complémentaires. nov 05 03:09:02 data.contoso.com
> systemd[1]: named.service: control process exited, code=exited
> status=1 nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed
> for Berkeley Internet Name Domain (DNS). nov 05 03:09:02
> data.contoso.com systemd[1]: Unit named.service entered failed state.
> nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.
>
>
>
> Is it related to Samba after the same bug ?
>
> If i remove the samba dlz part in the named config, it's fine.
>
> Thanks :)
>
>
>
> ----- Mail original -----
> De: "Denis Cardon" <[hidden email]>
> À: "Maxence Sartiaux" <[hidden email]>, "Andrew Bartlett"
> <[hidden email]> Cc: [hidden email]
> Envoyé: Vendredi 3 Novembre 2017 11:02:18
> Objet: Re: [Samba] corrupted db after upgrading to 4.7
>
> Hi Maxence,
>
> > Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken
> > links, is the fix you talk about planned for a future release ?
> >
> > Our customer reported me, some users have issues when their logon
> > server is DC1 but not when it's DC2.
> >
> > On DC1 some users have access to all shares, some doesn't have any
> > access at all.
>
> actually this last symptom was the one that got us to hack quickly a
> solution for the issue with orphaned backlink attribute 'memberOf'.
> You'll probably have to do some cleanup as I pointed out in my last
> mail.
>
> The bugzilla entry [1] you mentioned and corresponding patch prevents
> the problem from happening, but I don't think it fixes it.
>
> Cheers,
>
> Denis
>
> [1] https://bugzilla.samba.org/show_bug.cgi?id=13095
>
> >
> >
> >
> > On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
> >> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba
> >> wrote:
> >>>
> >> No worries.
> >>
> >> Andrew Bartlett
> >>
> >
>

Can you post your named conf files.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
On Mon, 6 Nov 2017 11:53:32 +0100 (CET)
Maxence SARTIAUX <[hidden email]> wrote:

I use Devuan and these are my named.conf files:

/etc/bind/named.conf                            

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";


nano /etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};


nano /etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";

nano /etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

Try using them as base for yours, you have quite a few settings not
required by Samba, then restart Bind and see what happens.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: corrupted db after upgrading to 4.7

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hello everyone.

So i also tried to removemembers & ldbmodify/ldbedit to remove the duplicate link but unfortunately it's not working

"objectclass_attrs: attribute 'memberOf' on entry 'CN=Gerard Vraux,OU=CPAS,OU=MUSERS,DC=contoso,DC=com" must not be modified directly, it is a linked attribute"

So even if i want to fix everything manually, i can't.

Do you have any solutions/scripts to fix the situation ?

Have a good day.

Thanks.

----- Mail original -----
De: "Denis Cardon" <[hidden email]>
À: "Maxence Sartiaux" <[hidden email]>, "Andrew Bartlett" <[hidden email]>
Cc: "samba" <[hidden email]>
Envoyé: Vendredi 3 Novembre 2017 11:02:18
Objet: Re: [Samba] corrupted db after upgrading to 4.7

Hi Maxence,

> Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links,
> is the fix you talk about planned for a future release ?
>
> Our customer reported me, some users have issues when their logon server
> is DC1 but not when it's DC2.
>
> On DC1 some users have access to all shares, some doesn't have any
> access at all.

actually this last symptom was the one that got us to hack quickly a
solution for the issue with orphaned backlink attribute 'memberOf'.
You'll probably have to do some cleanup as I pointed out in my last mail.

The bugzilla entry [1] you mentioned and corresponding patch prevents
the problem from happening, but I don't think it fixes it.

Cheers,

Denis

[1] https://bugzilla.samba.org/show_bug.cgi?id=13095

>
>
>
> On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
>> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
>>>
>> No worries.
>>
>> Andrew Bartlett
>>
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba