Ein Samba-Prozess wir im Arbeitsspeicher immer größer

Hallo Herr Petersen,

wir sind hier ganz aktuell unterwegs:

root@ucsmaster:~# ucr search version/version version/patchlevel version/erratalevel
version/erratalevel: 95
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed errata updates.

version/patchlevel: 1
 Four types of Univention Configuration Registry updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed patch level release.

version/version: 4.0
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of major and minor update.
 dpkg -l samba
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name                                           Version                      Architektur                  Beschreibung
+++-==============================================-============================-============================-=================================================================================================
ii  samba                                          2:4.2.0~rc2-1.725.2015022311 amd64                        SMB/CIFS file, print, and login server for Unix
root@ucsmaster:~# 
uname -a
Linux ucsmaster 3.16-ucs109-amd64 #1 SMP Debian 3.16.5-1.109.201412161258 (2014-12-16) x86_64 GNU/Linux
root@ucsmaster:~# 

Das Problem entsteht, nachdem man neu startet. Es wird ein Samba-Prozess gestartet, der sich bläht. Wenn man den Prozess killed, arbeitet das System scheinbar störungsfrei weiter. Es entwickelt sich dann auch kein neuer Samba-Proszess, der wächst. Abe so kann es ja nicht bleiben …

Hier der aktuelle Wert aus top:

top - 10:35:04 up 21 days, 22:34,  1 user,  load average: 0,11, 0,15, 0,18
Tasks: 167 total,   1 running, 165 sleeping,   0 stopped,   1 zombie
%Cpu(s):  6,8 us,  4,3 sy,  1,0 ni, 86,9 id,  0,7 wa,  0,0 hi,  0,2 si,  0,2 st
KiB Mem:   6127200 total,  5922592 used,   204608 free,    91556 buffers
KiB Swap:  4121804 total,   892708 used,  3229096 free,   176816 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND                                                                                                                                            
21650 root      22   2 4559m 3,9g  10m S   2,0 67,5 953:05.43 samba                                                                                                                                              
22080 root      20   0 1502m 594m  10m S   1,3  9,9  71:42.19 univention-virt                                                                                                                                    
21647 root      22   2  553m  85m  11m S   2,3  1,4 104:34.33 samba                                                                                                                                              
10228 root      20   0  116m  51m 3104 S   0,0  0,9   0:04.43 /usr/sbin/spamd                                                                                                                                    
10234 root      20   0  116m  49m 1136 S   0,0  0,8   0:00.01 spamd child                                                                                                                                        
10235 root      20   0  116m  49m 1136 S   0,0  0,8   0:00.00 spamd child                                                                                                                                        
21649 root      22   2  512m  48m  13m S   0,0  0,8  45:54.58 samba 
.......               

MFG Volker Hahn

Hallo Herr Hahn,

da sollte natürlich nicht sein.

Sie können mit samba-tool weiter eingrenzen, welcher Samba-Prozess genau leaked indem Sie die PID vergleichen:

[code]root@master:~# samba-tool processes
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Service: PID

dnsupdate 2891
wrepl_server 2883
rpc_server 2882
cldap_server 2885
winbind_server 2892
kdc_server 2886
samba 0
dreplsrv 2887
kccsrv 2890
ldap_server 2884
ldap_server 2884[/code]
Könnten Sie uns das bitte noch nachreichen, damit wir gezielt nachschauen können?

Viele Grüße,
Tim

Hallo Herr Petersen,

besten Dank, dass Sie sich der Sache annehmen … Zwischenzeitlich hat sich der Prozess 21650 selber terminiert und ein neuer samba Prozess ist da und wächst wieder: PID 16446 // Dieser Prozess hat sich mittlerweile ca. 2,1 GB des Speichers genommen:

top - 13:41:59 up 26 days,  1:41,  1 user,  load average: 0,14, 0,14, 0,14
Tasks: 165 total,   2 running, 162 sleeping,   0 stopped,   1 zombie
%Cpu(s):  1,7 us, 16,7 sy,  0,2 ni, 81,1 id,  0,3 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem:   6127200 total,  5921076 used,   206124 free,   190128 buffers
KiB Swap:  4121804 total,  1063228 used,  3058576 free,  1608936 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND                                                               
16446 root      20   0 2638m 2,1g  12m S  15,6 36,3 313:10.45 samba                                                                 
22080 root      20   0 2100m 824m 7164 S   1,7 13,8 112:56.98 univention-virt                                                       
16443 root      20   0  515m  61m  17m S   0,0  1,0  56:52.91 samba                                                                 
 5691 root      20   0  489m  56m  26m S   0,0  0,9   8:56.70 smbd                                                                  
10932 root      20   0  489m  56m  25m S   0,0  0,9   0:26.56 smbd                                                                  
27775 root      20   0  489m  55m  25m S   0,0  0,9   0:04.47 smbd                                                                  
 4357 root      20   0  489m  55m  25m S   0,0  0,9   0:33.68 smbd                                                                  
27275 root      20   0  489m  55m  25m S   0,0  0,9   0:01.21 smbd                                                                  
26282 root      20   0  489m  55m  25m S   0,0  0,9   0:01.92 smbd                                                                  
13552 root      20   0  489m  55m  25m S   0,0  0,9   0:32.28 smbd                                                                  
16659 root      20   0  489m  55m  25m S   0,0  0,9   0:08.82 smbd                                                                  
21319 kuehn3    20   0  489m  55m  25m S   0,0  0,9   0:24.67 smbd                                                                  
12347 root      20   0  489m  55m  25m S   0,0  0,9   2:11.96 smbd                                                                  
 3067 root      20   0  489m  54m  24m S   0,0  0,9   0:01.35 smbd                                                                  
 5833 root      20   0  489m  54m  24m S   0,0  0,9   0:00.25 smbd                                                                  
16441 root      20   0  458m  52m  22m S   0,0  0,9   0:15.95 smbd                                                                  
29722 root      20   0  489m  52m  22m S   0,0  0,9   0:00.28 smbd                                                                  
30220 root      20   0  116m  51m 3764 S   0,0  0,9   0:42.85 /usr/sbin/spamd                                                       
27251 root      20   0  445m  51m  11m S   0,0  0,9   0:32.60 univention-mana                                                       
16449 root      20   0  503m  50m  20m S   0,0  0,9   0:57.53 samba                                                                 
10203 root      20   0  551m  50m  12m S   0,0  0,8   8:23.68 slapd                                                                 
30230 root      20   0  116m  49m 1700 S   0,0  0,8   0:00.10 spamd child                                                           
30231 root      20   0  116m  49m 1496 S   0,0  0,8   0:00.15 spamd child                                                           
29739 root      20   0  485m  48m  18m S   0,0  0,8   0:00.10 smbd                                                                  
19152 root      20   0  485m  48m  18m S   0,0  0,8   0:00.09 smbd                                                                  
16434 root      20   0  499m  48m  18m S   0,0  0,8   0:01.20 samba                                                                 
16455 root      20   0  429m  47m  17m S   0,0  0,8   0:01.74 winbindd                                                              
16440 root      20   0  506m  46m  16m S   0,0  0,8   4:26.15 samba                                                                 
 2891 root      20   0  482m  45m 6604 S   0,0  0,8   1:12.72 python2.7                                                             
16445 root      20   0  505m  45m  15m S   0,7  0,8  25:22.42 samba                                                                 
16444 root      20   0  499m  37m 7740 S   0,0  0,6   0:02.86 samba                                                                 
16448 root      20   0  499m  35m 5392 S   0,0  0,6   0:01.81 samba                                                                 
16442 root      20   0  502m  35m 5384 S   0,0  0,6   0:06.29 samba                                                                 
16450 root      20   0  499m  35m 5208 S   0,0  0,6   0:11.65 samba                                                                 
16457 root      20   0  458m  34m 4348 S   0,0  0,6   0:01.91 smbd                                                                  
16439 root      20   0  499m  33m 3432 S   0,0  0,6   0:00.00 samba                                                                 
16447 root      20   0  499m  33m 3344 S   0,0  0,6   0:00.00 samba                                                                 
 2575 root      20   0  554m  19m 3404 S   1,3  0,3 200:15.15 named                                                                 
27295 root      20   0  732m  15m 4132 S   0,7  0,3  55:49.87 univention-mana                                                       
 2219 root      20   0  150m  12m 7256 S   0,0  0,2   0:16.78 apache2                                                               
16456 root      20   0  256m  10m 9320 S   0,0  0,2   0:01.49 winbindd                                                              

Hier kommt die angeforderte Ausgabe des samba tools

root@ucsmaster:~# samba-tool processes
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[IPC$]"
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[2open]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[umg_ordner]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[pvs_vergleich]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[install]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[dokumente]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[entwicklung]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[www-dev]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[profile]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[statistik]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[personal]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
pm_process() returned Yes
 Service:                PID 
-----------------------------
dnsupdate              16450
wrepl_server           16442
rpc_server             16440
rpc_server             16440
cldap_server           16444
winbind_server         16451
kdc_server             16445
samba                      0
dreplsrv               16446
kccsrv                 16449
ldap_server            16443
ldap_server            16443
root@ucsmaster:~# 

MFG hahn

Hallo,

das scheint den dreplsrv zu betreffen - gibt es mehrere Samba 4 DC’s in der Umgebung? Welche Ausgabe gibt:

samba-tool drs showrepl

Viele Grüße,
Tim Petersen

Hallo Herr Petersen,

hier kommt ide Ausgabe:

root@ucsmaster:~# samba-tool drs showrepl
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[IPC$]"
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[2open]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[umg_ordner]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[pvs_vergleich]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[install]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[dokumente]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[entwicklung]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[www-dev]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[profile]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[statistik]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[personal]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ucsmaster.gilching.local[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Mapped to DCERPC endpoint 1024
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Received smb_krb5 packet of length 295
Received smb_krb5 packet of length 1336
Received smb_krb5 packet of length 1326
Received smb_krb5 packet of length 1310
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Received smb_krb5 packet of length 1326
Received smb_krb5 packet of length 1310
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13171 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:11 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:11 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:34 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		36 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:34 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		36 consecutive failure(s).
		Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
	Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
	Enabled        : TRUE
	Server DNS name : DCBACKUP.gilching.local
	Server DN name  : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~# 

Gruß Volker Hahn

Habe mit den neuen Infos hier im Forum einen weitern Beitrag gefunden, der sich mit dem gleichen Problem beschäftigt (aber keine Lösung bietet):

https://help.univention.com/t/samba4-prozess/2000/1

Vielleicht kann man das zusammenlegen.

Gruß Hahn

Hallo,

zuerst würde ich vorschlagen, das Debuglevel herabzusetzen - das scheint mir sehr hoch:

ucr set samba/debug/level=1 /etc/init.d/samba restart
Eventuell ändert das das Verhalten bereits.

Alternativ sollte man sich separat in jedem Fall die DRS-Situation anschauen. Die DRS-Replikation zum DC Backup funktioniert seit dem 17.01., morgens 01:04 nicht mehr.
Eventuell fand dort eine Passwort-Rotation oder Ähnliches statt und Samba konnte nicht neugestartet werden (befindet sich der Backup ggfs. auf einem älteren Versionsstand? Da gab es mal Probleme in der Richtung…):

#Auf dem Backup: /etc/init.d/samba restart ps aux | grep samba less /var/log/univention/server_password_change.log #ggfs. ältere Logdateien, interessant ist der 17.01.

Viele Grüße,
Tim Petersen

Hallo Herr Petersen,

loglevel ist geändert, die samba Daemon sind neu gestartet.
Beide System habe ich heute nochmals geupdated. Die Versionen sind auf beiden Maschinen gleich:

Die momentan installierte Version ist 4.0-1 errata111.
Es sind keine Paket-Aktualisierungen verfügbar.
Informationen zu den Aktualisierungen
Es sind keine App Center-Aktualisierungen verfügbar.

Hier die Prozess - Ausgabe des DCBackup (nachdem der Samba neu gestartet wurde):

root@dcbackup:~# ps aux | grep samba root 2318 0.0 0.0 176 0 ? Ss Feb11 0:00 runsv univention-bind-samba4 root 2450 0.0 1.8 589576 38036 ? Sl Feb11 6:30 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d 0 root 22140 0.0 2.4 508876 51196 ? SNs 15:24 0:00 /usr/sbin/samba -D root 22147 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22148 0.3 2.4 515500 49408 ? SN 15:24 0:03 /usr/sbin/samba -D root 22150 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22151 1.0 2.1 511424 43804 ? SN 15:24 0:09 /usr/sbin/samba -D root 22152 0.0 1.8 508876 38684 ? SN 15:24 0:00 /usr/sbin/samba -D root 22153 0.0 2.2 515084 45356 ? SN 15:24 0:00 /usr/sbin/samba -D root 22154 0.1 2.2 517672 45340 ? SN 15:24 0:01 /usr/sbin/samba -D root 22155 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22156 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22158 0.0 2.5 513028 51472 ? SN 15:24 0:00 /usr/sbin/samba -D root 22159 0.0 1.7 508876 36404 ? SN 15:24 0:00 /usr/sbin/samba -D root 25084 0.0 0.0 4192 552 ? Ss 15:40 0:00 /bin/sh -c /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1 root 25085 0.0 0.1 9232 2168 ? S 15:40 0:00 /bin/bash /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh root 25107 0.0 0.0 9916 1944 pts/0 R+ 15:40 0:00 grep samba root@dcbackup:~#
Und hier kommt noch das server_password_change.log das auch den 17.01. enthält …

[code]root@dcbackup:/var/log/univention# less server_password_change.log.8

Starting server password change (Mon Jan 12 01:03:24 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Tue Jan 13 01:07:27 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Wed Jan 14 01:02:34 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Thu Jan 15 01:09:18 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Fri Jan 16 01:09:46 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Sat Jan 17 01:05:04 CET 2015)
Proceeding with regular server password change scheduled for today
run-parts: executing /usr/lib/univention-server/server_password_change.d/50univention-mail-server prechange
Create mail/postfix/stoppedbyserverpasswordchange
Stopping Postfix Mail Transport Agent: postfix.
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-mail-cyrus prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-s4-connector prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-samba4 prechange
Object modified: cn=dcbackup,cn=dc,cn=computers,dc=gilching,dc=local
Restarting univention-directory-listener daemon.
timeout: finish: univention-directory-listener: (pid 9819) 498833s, normally down
done.
run-parts: executing /usr/lib/univention-server/server_password_change.d/50univention-mail-server postchange
File: /etc/listfilter.secret
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.canonicalsender
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.virtualdomains
Starting Postfix Mail Transport Agent: postfix.
Unsetting mail/postfix/stoppedbyserverpasswordchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap postchange
File: /etc/libnss-ldap.conf
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-mail-cyrus postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd postchange
Restarting Name Service Cache Daemon: nscd.
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-s4-connector postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-samba4 postchange
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Modified 1 records successfully
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Changed password OK
Stopping Samba AD DC daemon: sambaretry #1
Starting Samba AD DC daemon: samba.
done (Sat Jan 17 01:06:15 CET 2015)
Starting server password change (Sun Jan 18 01:09:06 CET 2015)
No server password change scheduled for today, terminating without a change
~
~
~
~
~
~
[/code]

Soweit von uns! Gruß Hahn

Hallo Herr Hahn,

tatsächlich gab es am 17.01. eine Passwortrotation. Ein Problem kann ich dabei aber in der Logdatei nicht erkennen.
Wie hat sich die Speicherverwendung des Samba-Prozesses und die DRS-Replikation in der Zwischenzeit nach Neustart von Samba auf dem DC-Backup entwickelt?
Bei der Kontrolle der DRS-Replikation und der Verwendung bestimmter Analysetools (wie samba-tool drs showrepl) hilft sicher auch SDB-Artikel #1235 Samba 4 Troubleshooting Guide:

# Master samba-tool drs kcc -UAdministrator <fqdn of backup dc> samba-tool drs showrepl tail -20 /var/log/samba/log.samba #Backup samba-tool drs kcc -UAdministrator <fqdn of master dc> samba-tool drs showrepl tail -20 /var/log/samba/log.samba

Da ich dieses Speicherverhalten in anderen aktuellen Umgebungen nicht nachvollziehen kann, gehe ich davon aus, dass es einen Zusammenhang mit der gestörten DRS-Replikation gibt.

Mit freundlichen Grüßen,
Tim Petersen

Hm … Leider ist das Problem nicht gelöst …

[code]top - 18:45:18 up 33 days, 6:45, 1 user, load average: 0,88, 0,40, 0,38
Tasks: 164 total, 2 running, 159 sleeping, 0 stopped, 3 zombie
%Cpu(s): 0,3 us, 23,6 sy, 1,0 ni, 74,4 id, 0,7 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 6127200 total, 5980432 used, 146768 free, 113068 buffers
KiB Swap: 4121804 total, 354848 used, 3766956 free, 354212 cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
21686 root 22 2 3633m 3,1g 11m S 22,3 52,9 611:31.22 samba
23303 root 20 0 1764m 1,2g 14m S 2,7 20,1 69:05.24 univention-virt
21683 root 22 2 538m 74m 12m S 0,0 1,2 86:34.08 samba
27743 root 20 0 402m 64m 12m S 0,3 1,1 0:28.00 univention-mana
15270 root 20 0 485m 53m 13m S 0,0 0,9 1:26.94 python2.7
25799 root 20 0 116m 50m 2760 S 0,0 0,8 0:10.52 /usr/sbin/spamd
25809 root 20 0 116m 49m 1004 S 0,0 0,8 0:00.01 spamd child
25810 root 20 0 116m 49m 1[/code]

Hier kommen die Abfragen:
samba-tool drs kcc -UAdministrator

root@ucsmaster:~# samba-tool drs kcc -UAdministrator 192.168.100.109 WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Password for [GILCHING\Administrator]: Consistency check on 192.168.100.109 successful. root@ucsmaster:~#
samba-tool drs showrepl:

[code]root@ucsmaster:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:48 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:49 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:49 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14912 consecutive failure(s).
Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:50 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:50 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:42 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:42 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
Enabled : TRUE
Server DNS name : DCBACKUP.gilching.local
Server DN name : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~#
[/code]
tail -20 /var/log/samba/log.samba:

root@ucsmaster:~# tail -20 /var/log/samba/log.samba [2015/03/16 18:50:12.768437, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.170297, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.570928, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.967664, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:14.373396, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:17.761761, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.140489, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.566166, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.977470, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:19.379619, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL root@ucsmaster:~#

Und hier die Abragen auf dem DCBackup …
samba-tool drs kcc -UAdministrator 192.168.100.110

root@dcbackup:~# samba-tool drs kcc -UAdministrator 192.168.100.110 WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Password for [GILCHING\Administrator]: Consistency check on 192.168.100.110 successful. root@dcbackup:~#

[code]root@dcbackup:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\DCBACKUP
DSA Options: 0x00000001
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
DSA invocationId: c1719241-e2d3-4e26-a25c-51fc67bbb6f8

==== INBOUND NEIGHBORS ====

DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:20 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:20 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 15:46:50 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 15:46:50 2015 CET

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:26:02 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:26:02 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:25:58 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:25:58 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:25:58 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:25:58 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:26:03 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:26:03 2015 CET

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 6049103f-f8e2-445b-8d57-4f2008193897
Enabled : TRUE
Server DNS name : ucsmaster.gilching.local
Server DN name : CN=NTDS Settings,CN=UCSMASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@dcbackup:~# [/code]

tail -20 /var/log/samba/log.samba

root@dcbackup:~# tail -20 /var/log/samba/log.samba [2015/03/16 18:54:33.587010, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:33.978876, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:34.326064, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:34.693312, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:35.017927, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:38.578039, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:38.905445, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:39.282656, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:39.710153, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:40.104344, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) root@dcbackup:~#

Das System ist mit dem Update auf 4.0 gefühlt langsamer geworden. Insbesondere, wenn in der Früh die Profile abgeholt werden, dauert es bis zu einer halben Stunde, bis die Workstation normal läuft … MFG Hahn

Hallo Herr Hahn,

es sieht so aus, als gäbe es ein Problem mit der Keytab des DC Backup - in Verbindung mit der Passwortrotation vermute ich, dass die DRS-Replikation wieder in Gang kommt, wenn Sie auf dem Backup den Master als Kerberos-KDC konfigurieren:

#Auf dem DC-Backup ucr set kerberos/kdc=192.168.100.110 invoke-rc.d samba-ad-dc restart

Anschließend bitte auf dem Master:

#Auf dem DC-Master invoke-rc.d samba-ad-dc restart

Anschließend würde ich auf dem DC Backup eine Passwort-Rotation triggern:

#Auf dem DC-Backup ucr set server/password/interval='-1' /usr/lib/univention-server/server_password_change ucr set server/password/interval='21'

Viele Grüße,
Tim Petersen

Hallo Herr Petersen,

wir sind leider noch nicht durch. Es besteht nach wie vor das Problem, dass ein Samba Prozess immer größer wird. Nach ca. 2 Tagen reicht der physische Speicher nicht mehr und das System fängt an, den Swap zu belegen (und wird langsam).

Ich bekomme auch nach wie vor noch den folgenden Fehler:

[code]root@ucsmaster:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:18 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17781 consecutive failure(s).
Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:58 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158064 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:58 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158063 consecutive failure(s).
Last success @ NTTIME(0)

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158061 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158060 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158055 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
Enabled : TRUE
Server DNS name : DCBACKUP.gilching.local
Server DN name : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~#
[/code]

Haben Sie noch eine Idee? Gruß Hahn

Hallo Herr Hahn,

[quote=“versdirekt”]
Haben Sie noch eine Idee? Gruß Hahn[/quote]

ich gehe weiterhin davon aus, dass die DRS-Situation ursächlich für die Leaks ist.
Was die DRS-Replikation in jedem Fall verbessern bzw. wieder instand setzen wird, ist ein Re-Join des DC-Backups.

Viele Grüße,
Tim Petersen

Hallo Herr Petersen,

da scheint der Hase im Pfeffer zu liegen …

Der Re-Join läuft nicht durch. Der Samba - Join bleibt hängen. Die Fehlermeldung ist allerdings recht kryptisch:

[code]RUNNING 97univention-s4-connector.inst
2015-03-30 17:35:00.315850812+02:00 (in joinscript_init)
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
Object exists: cn=gPLink,cn=custom attributes,cn=univention,dc=gilching,dc=local
Object exists: cn=Builtin,dc=gilching,dc=local
Object exists: cn=System,dc=gilching,dc=local
Object exists: cn=Policies,cn=System,dc=gilching,dc=local
Object exists: ou=Domain Controllers,dc=gilching,dc=local
Object exists: cn=WMIPolicy,cn=System,dc=gilching,dc=local
Object exists: cn=SOM,cn=WMIPolicy,cn=System,dc=gilching,dc=local
Object exists: cn=ldapschema,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object mswmi.
Object exists: cn=udm_module,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object container/msgpo.
Object modified: cn=msgpo,cn=ldapschema,cn=univention,dc=gilching,dc=local

Object modified: cn=mswmi,cn=ldapschema,cn=univention,dc=gilching,dc=local

Object modified: cn=container/msgpo,cn=udm_module,cn=univention,dc=gilching,dc=local

Waiting for activation of the extension object msgpo:…OK
Waiting for activation of the extension object mswmi: OK
Waiting for activation of the extension object container/msgpo: OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/container/msgpo.py: OK
Terminating running univention-cli-server processes.
Object exists: cn=udm_module,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object settings/mswmifilter.
Object modified: cn=settings/mswmifilter,cn=udm_module,cn=univention,dc=gilching,dc=local

Waiting for activation of the extension object settings/mswmifilter: OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/settings/mswmifilter.py: OK
Terminating running univention-cli-server processes.
Stopping univention-s4-connector daemon.
done.
Not updating connector/s4/autostart
Create connector/s4/listener/disabled
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 5224) 0s, normally down
done.
2015-03-30 17:35:49.604587397+02:00 (in joinscript_save_current_version)
EXITCODE=0
RUNNING 98univention-pkgdb-tools.inst
2015-03-30 17:35:49.621761593+02:00 (in joinscript_init)
Cannot find service-record of _pkgdb._tcp.
No DB-Server-Name found.
2015-03-30 17:35:49.732835127+02:00 (in joinscript_save_current_version)
EXITCODE=0
RUNNING 98univention-samba4-dns.inst
2015-03-30 17:35:49.751184335+02:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Mo 30. Mär 17:35:50 CEST 2015
univention-run-join-scripts finished

univention-run-join-scripts started
Mo 30. Mär 17:40:00 CEST 2015

RUNNING 96univention-samba4.inst
2015-03-30 17:40:00.230344292+02:00 (in joinscript_init)
Not updating samba4/role
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=gilching,dc=local
WARNING: cannot append cn=dcbackup,cn=dc,cn=computers,dc=gilching,dc=local to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=gilching,dc=local
Object exists: (group) : Service
ldap_modify: No such object (32)
matched DN: cn=Builtin,dc=gilching,dc=local
modifying entry “cn=Service,cn=Builtin,dc=gilching,dc=local”

Stopping Samba AD DC daemon: samba.
Samba is configured as AD DC, service smbd is controlled by the main samba daemon.
Stopping NetBIOS name server: nmbd.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Check database: …done.
Starting ldap server(s): slapd …done.
Not updating windows/wins-support
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Forest : gilching.local
Domain : gilching.local
Netbios domain : GILCHING
DC name : ucsmaster.gilching.local
DC netbios name : UCSMASTER
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Finding a writeable DC for domain ‘gilching.local’
Found DC ucsmaster.gilching.local
workgroup is GILCHING
realm is gilching.local
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <Entry CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local already exists> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 620, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1190, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1093, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 562, in join_add_objects
ctx.samdb.add(rec)
checking sAMAccountName
Adding CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Adding CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
Join failed - cleaning up
checking sAMAccountName
removing samaccount: CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Deleted CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Failed to join the domain gilching.local.
EXITCODE=1
RUNNING 98univention-samba4-dns.inst
2015-03-30 17:40:10.605031309+02:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Mo 30. Mär 17:40:10 CEST 2015
univention-run-join-scripts finished

root@dcbackup:~# [/code]

Hallo Herr Hahn,
Das ist leider etwas undurchsichtig - haben Sie hier tatsächlich einen re-join durchgeführt (und nicht nur einzelnde Joinskripte)?
Einen Re-Join führen Sie so durch:

univention-join

Bitte hängen Sie anschließend einmal die komplette join.log an.

Hallo Herr Petersen,

Gestern habe ich über die UMC / Domaine den ReJoin angestossen. Es sind Meldungen gekommen, dass der Join in zwei Punkten nicht geklappt hat. Danach habe ich die einzelnen Joinscripte nochmals (erfolglos) gestartet.

Heute habe ich auf der Konsole den Join nochmals angestossen:

[code]root@dcbackup:~# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2015 Univention GmbH, Germany

Enter DC Master Account : administrator
Enter DC Master Password:

Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Stop Samba 4 Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-notifier daemon: done
Stopping univention-directory-listener daemon: … done
Sync ldap.secret: done
Sync ldap-backup.secret: done
Sync SSL directory: done
Check TLS connection: done
Download host certificate: done
Sync SSL settings: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst done
Configure 04univention-ldap-client.inst done
Configure 05univention-bind.inst done
Configure 08univention-apache.inst done
Configure 10univention-ldap-server.inst done
Configure 11univention-heimdal-init.inst done
Configure 11univention-pam.inst done
Configure 15univention-directory-notifier-post.inst done
Configure 15univention-heimdal-kdc.inst done
Configure 18python-univention-directory-manager.inst done
Configure 20univention-directory-policy.inst done
Configure 20univention-join.inst done
Configure 26univention-nagios-common.inst done
Configure 30univention-nagios-client.inst done
Configure 34univention-management-console-server.inst done
Configure 34univention-management-console-web-server.inst done
Configure 35univention-management-console-module-appcenter.done
Configure 35univention-management-console-module-diagnosticdonet
Configure 35univention-management-console-module-ipchange.idone
Configure 35univention-management-console-module-join.inst done
Configure 35univention-management-console-module-lib.inst done
Configure 35univention-management-console-module-mrtg.inst done
Configure 35univention-management-console-module-passwordchdone.inst
Configure 35univention-management-console-module-quota.instdone
Configure 35univention-management-console-module-reboot.insdone
Configure 35univention-management-console-module-services.idone
Configure 35univention-management-console-module-setup.instdone
Configure 35univention-management-console-module-sysinfo.indone
Configure 35univention-management-console-module-top.inst done
Configure 35univention-management-console-module-ucr.inst done
Configure 35univention-management-console-module-udm.inst done
Configure 35univention-management-console-module-updater.indone
Configure 36univention-management-console-module-apps.inst done
Configure 40univention-virtual-machine-manager-schema.inst done
Configure 67univention-mail-server.inst done
Configure 81univention-mail-cyrus.inst done
Configure 81univention-nfs-server.inst done
Configure 90univention-bind-post.inst done
Configure 92univention-fetchmail-schema.inst done
Configure 92univention-fetchmail.inst done
Configure 96univention-samba4.inst failed


  • Join failed! *
  • Contact your system administrator *

  • Message: FAILED: 96univention-samba4.inst

root@dcbackup:~#
[/code]

Die Logdatei sollte im Anhang sein …
Übrigens: Das ursprüngliche Problem schein gelöst zu sein. Der samba Prozsess ist heute nicht mehr gewachsen.

MFG Hahn
join.log (321 KB)

Hallo Herr Hahn,

Sehr schön, dann lag ich meiner Vermutung ja richtig :slight_smile:

Ich würde nun folgendermaßen vorgehen:

# Auf dem Master /usr/share/univention-samba4/scripts/purge_s4_computer.py --computername=DCBACKUP samba-tool dbcheck --cross-ncs --fix #Auf dem Backup univention-join

das bereinigt gegebenenfalls Altlasten auf dem Master und startet den Joinvorgang erneut.

Viele Grüße,
Tim Petersen

Hallo Herr Petersen,

der Hostname wird nicht gefunden:

root@ucsmaster:~# /usr/share/univention-samba4/scripts/purge_s4_computer.py --computername=DCBACKUP WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Samba 4 computer account 'DCBACKUP' not found. root@ucsmaster:~#

habe es auch mit “dcbackup” versucht … Der DBCheck hat dann keinen Fehler gefunden:

oot@ucsmaster:~# samba-tool dbcheck --cross-ncs --fix WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Checking 3640 objects Checked 3640 objects (0 errors)

und der Join ist beim samba wieder ausgestiegen:

[code]Configure 67univention-mail-server.inst done
Configure 81univention-mail-cyrus.inst done
Configure 81univention-nfs-server.inst done
Configure 90univention-bind-post.inst done
Configure 92univention-fetchmail-schema.inst done
Configure 92univention-fetchmail.inst done
Configure 96univention-samba4.inst failed


  • Join failed! *
  • Contact your system administrator *

  • Message: FAILED: 96univention-samba4.inst

root@dcbackup:~# hostname
dcbackup
root@dcbackup:~#
[/code]

Wird der Eintrag auf dem Master oder Backup noch gefunden:

univention-s4search CN=DCBACKUP univention-ldapsearch cn=dcbackup

Wenn ja, dann bitte die Einträge löschen und den Join erneut versuchen. Hier gibt es noch weitere Infos: sdb.univention.de/1235

Ja, die Einträge werden gefunden:

[code]root@ucsmaster:~# univention-s4search CN=DCBACKUP
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.

Referral

ref: ldap://gilching.local/CN=Configuration,DC=gilching,DC=local

Referral

ref: ldap://gilching.local/DC=DomainDnsZones,DC=gilching,DC=local

Referral

ref: ldap://gilching.local/DC=ForestDnsZones,DC=gilching,DC=local

returned 3 records

0 entries

3 referrals

[/code]

[code]root@ucsmaster:~#
root@ucsmaster:~# univention-ldapsearch cn=dcbackup

extended LDIF

LDAPv3

base <dc=gilching,dc=local> (default) with scope subtree

filter: cn=dcbackup

requesting: ALL

dcbackup, dc, computers, gilching.local

dn: cn=dcbackup,cn=dc,cn=computers,dc=gilching,dc=local
cn: dcbackup
krb5PrincipalName: host/dcbackup.gilching.local@GILCHING.LOCAL
objectClass: top
objectClass: person
objectClass: univentionHost
objectClass: univentionDomainController
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: univentionVirtualMachineHostOC
objectClass: univentionObject
objectClass: univentionNagiosHostClass
sambaAcctFlags: [S ]
sambaPrimaryGroupSID: S-1-5-21-3567068594-2640580168-1605038393-1110
krb5MaxLife: 86400
uid: dcbackup$
univentionService: LDAP
univentionService: SMTP
univentionService: IMAP
univentionService: NFS
univentionService: DNS
univentionService: Samba 4
univentionService: Fetchmail
krb5MaxRenew: 604800
univentionNagiosEnabled: 1
uidNumber: 2086
univentionOperatingSystem: Univention Corporate Server
aRecord: 192.168.100.109
loginShell: /bin/sh
univentionObjectType: computers/domaincontroller_backup
krb5KDCFlags: 126
univentionServerRole: backup
displayName: dcbackup
associatedDomain: gilching.local
gidNumber: 5005
sn: dcbackup
homeDirectory: /dev/null
univentionOperatingSystemVersion: 3.1
macAddress: 52:54:00:33:82:a6
shadowLastChange: 16520
shadowMax: 50000
krb5PasswordEnd: 21520216000000Z
sambaPwdLastSet: 1427388155
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5Key:: ######### gelöscht
krb5KeyVersionNumber: 21
userPassword:: ######### gelöscht
sambaNTPassword: ######### gelöscht
sambaLMPassword: ######### gelöscht
sambaSID: S-1-5-21-3567068594-2640580168-1605038393-3612

search result

search: 3
result: 0 Success

numResponses: 2

numEntries: 1

root@ucsmaster:~#

[/code]

Leider steht auch unter dem Artkikel “http://sdb.univention.de/1235” nicht wie man Einträge aus dem LDAP löscht. Eine Googlesuche ergab indifferente Ergebnisse. So die Frage: wie lösche ich LDAP Datenbank-Einträge ohne etwas kaputt zu machen. Kann ich auf der UMC unter “Geräte” / “Rechner” einfach den Rechner löschen?

Mastodon