Ein Samba-Prozess wir im Arbeitsspeicher immer größer

german

#1

Hallo Forum,

seit dem Update auf Version 4 habe wir hier ein merkwürdiges Arbeitsspeicher - Leck.

Einer der Samba - Prozesse bläht sich immer weiter auf:

[code]top - 09:56:15 up 18 days, 21:56, 1 user, load average: 0,09, 0,21, 0,38
Tasks: 161 total, 1 running, 159 sleeping, 0 stopped, 1 zombie
%Cpu(s): 0,7 us, 19,8 sy, 1,2 ni, 78,2 id, 0,2 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 6127200 total, 5916016 used, 211184 free, 382252 buffers
KiB Swap: 4121804 total, 146532 used, 3975272 free, 1546904 cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
21650 root 22 2 2755m 2,2g 12m S 18,3 38,3 345:37.47 samba
22080 root 20 0 1118m 681m 18m S 0,0 11,4 40:36.91 univention-virt
21647 root 22 2 521m 61m 16m S 0,0 1,0 59:17.01 samba
3421 root 22 2 489m 56m 25m S 0,0 0,9 0:05.65 smbd
32334 lorenz2 22 2 489m 56m 25m S 0,0 0,9 0:06.10 smbd
28848 root 22 2 489m 55m 25m S 0,0 0,9 0:54.62 smbd
10443 root 22 2 489m 55m 25m S 0,0 0,9 0:02.01 smbd
3438 root 22 2 489m 55m 25m S 0,0 0,9 0:11.90 smbd
4850 root 22 2 489m 55m 25m S 0,0 0,9 0:04.81 smbd
11385 root 22 2 489m 55m 25m S 0,0 0,9 0:01.97 smbd
1787 root 22 2 489m 54m 24m S 0,0 0,9 0:00.90 smbd
32604 root 22 2 489m 54m 24m S 0,0 0,9 0:00.67 smbd
9509 root 22 2 489m 53m 23m S 0,0 0,9 0:00.16 smbd
21645 root 22 2 458m 52m 22m S 0,0 0,9 0:16.15 smbd
27251 root 20 0 387m 52m 15m S 0,0 0,9 0:06.86 univention-mana
8297 root 20 0 116m 52m 3956 S 0,0 0,9 0:03.72 /usr/sbin/spamd
8305 root 20 0 116m 49m 1432 S 0,0 0,8 0:00.00 spamd child
8306 root 20 0 116m 49m 1432 S 0,0 0,8 0:00.00 spamd child
32335 root 22 2 485m 49m 19m S 0,0 0,8 0:00.06 smbd
11460 root 22 2 482m 48m 18m S 0,0 0,8 0:00.06 smbd
21660 root 22 2 429m 47m 17m S 0,0 0,8 0:02.35 winbindd
24497 root 20 0 482m 46m 7576 S 0,0 0,8 1:04.45 python2.7
24440 listener 20 0 385m 42m 17m S 0,0 0,7 0:00.98 univention-dire
21649 root 22 2 505m 40m 15m S 0,7 0,7 27:28.23 samba
27295 root 20 0 731m 37m 5368 S 0,3 0,6 19:59.41 univention-mana
21653 root 22 2 503m 35m 18m S 0,0 0,6 1:00.71 samba
21688 root 22 2 458m 34m 4616 S 0,0 0,6 0:02.57 smbd
21644 root 22 2 506m 30m 12m S 0,0 0,5 4:43.51 samba
21638 root 22 2 499m 29m 18m S 0,0 0,5 0:01.19 samba
2520 root 20 0 607m 28m 8848 S 0,0 0,5 61:00.54 slapd
21648 root 22 2 499m 22m 7600 S 0,0 0,4 0:03.18 samba
2575 root 20 0 554m 21m 4136 S 1,0 0,4 127:52.98 named
21652 root 22 2 499m 19m 5844 S 0,0 0,3 0:02.67 samba
21654 root 22 2 499m 19m 5196 S 0,0 0,3 0:12.88 samba
27376 root 20 0 150m 17m 11m S 0,0 0,3 0:54.86 apache2
21646 root 22 2 502m 17m 5420 S 0,0 0,3 0:06.19 samba
21643 root 22 2 499m 14m 3448 S 0,0 0,2 0:00.00 samba
21651 root 22 2 499m 14m 3384 S 0,0 0,2 0:00.00 samba
23773 www-data 20 0 153m 12m 5084 S 0,0 0,2 0:03.02 apache2
6087 www-data 20 0 153m 11m 5084 S 0,0 0,2 0:00.02 apache2
6090 www-data 20 0 153m 11m 5084 S 0,0 0,2 0:00.01 apache2
6086 www-data 20 0 153m 11m 5084 S 0,0 0,2 0:00.01 apache2
23774 www-data 20 0 153m 11m 4916 S 0,0 0,2 0:00.04 apache2
21658 root 22 2 255m 11m 10m S 0,0 0,2 0:03.46 winbindd
6103 www-data 20 0 153m 11m 4916 S 0,0 0,2 0:00.04 apache2
23777 www-data 20 0 153m 11m 4916 S 0,0 0,2 0:00.00 apache2
23776 www-data 20 0 153m 11m 4916 S 0,0 0,2 0:00.00 apache2
21685 root 22 2 256m 11m 9984 S 0,0 0,2 0:02.70 winbindd
21656 root 22 2 248m 11m 9764 S 0,0 0,2 0:01.07 winbindd
6144 www-data 20 0 153m 10m 4136 S 0,0 0,2 0:00.00 apache2
6322 www-data 20 0 153m 10m 4136 S 0,0 0,2 0:00.00 apache2
12326 root 20 0 119m 8172 7108 S 0,0 0,1 0:00.04 sshd
21602 root 22 2 205m 7560 6912 S 0,0 0,1 0:42.30 nmbd
2991 mysql 20 0 423m 6296 1576 S 0,0 0,1 39:35.86 mysqld
2410 root 20 0 118m 5088 520 S 0,0 0,1 1:21.63 rsyslogd
12342 root 20 0 13072 4976 2652 S 0,0 0,1 0:00.12 bash
27550 postfix 20 0 44144 4184 3636 S 0,0 0,1 0:00.08 tlsmgr
25905 postfix 20 0 42184 3840 3240 S 0,0 0,1 0:00.10 qmgr
5843 postfix 20 0 42016 3796 3256 S 0,0 0,1 0:00.00 pickup
21035 root 20 0 193m 3304 2672 S 0,3 0,1 9:46.92 nscd
[/code]

Ist das normal? Wird für Version 4 signifikant mehr Speicher verwendet? Wir haben hier bei ca. 20 Clients 6 GB zugeteilt. Vor dem Update haben 2GB gereicht …

MFG Volker Hahn


#2

Der Samba - Prozess ist mittlerweile bei 62 % Speicher … Hat keiner eine Idee?

[code]top - 18:03:26 up 21 days, 6:03, 1 user, load average: 1,31, 0,83, 0,55
Tasks: 159 total, 2 running, 156 sleeping, 0 stopped, 1 zombie
%Cpu(s): 0,2 us, 9,7 sy, 0,3 ni, 89,7 id, 0,2 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 6127200 total, 5966664 used, 160536 free, 75532 buffers
KiB Swap: 4121804 total, 662848 used, 3458956 free, 533636 cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
21650 root 22 2 4182m 3,6g 11m R 10,0 61,6 814:56.92 samba
22080 root 20 0 1425m 632m 12m S 0,3 10,6 65:21.94 univention-virt
21647 root 22 2 546m 85m 15m S 0,0 1,4 94:04.76 samba
24497 root 20 0 495m 61m 10m S 0,0 1,0 3:18.43 python2.7
27251 root 20 0 433m 54m 11m S 0,0 0,9 0:21.55 univention-mana
1681 root 20 0 116m 51m 3796 S 0,0 0,9 0:09.34 /usr/sbin/spamd
1693 root 20 0 116m 49m 1464 S 0,0 0,8 0:00.01 spamd child
1694 root 20 0 116m 49m 1464 S 0,0 0,8 0:00.03 spamd child
21649 root 22 2 509m 46m 14m S 0,0 0,8 42:30.93 samba

[/code]


#3

Hallo Herr Hahn,

in aktuellen UCS-Versionen ist mir kein memory leak im Samba-Umfeld bekannt. Wurde das System nach dem Update neugestartet? Auf welche UCS Version wurde genau aktualisiert?

root@master:~# ucr search version/version version/patchlevel version/erratalevel root@master:~# dpkg -l samba root@master:~# uname -a

Mit freundlichen Grüßen,
Tim Petersen


#4

Hallo Herr Petersen,

wir sind hier ganz aktuell unterwegs:

root@ucsmaster:~# ucr search version/version version/patchlevel version/erratalevel
version/erratalevel: 95
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed errata updates.

version/patchlevel: 1
 Four types of Univention Configuration Registry updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of the installed patch level release.

version/version: 4.0
 Four types of UCS updates are differentiated: Major releases (released approximately every four years, may introduce bigger changes), minor releases (released approximately every 6-8 months, error corrections and new functions), patch level releases (released every 2-3 months, less changes compared to a minor release, focus on bugfixes) and errata updates (timely bugfixes for security problems and critical bugs). This variable is set automatically during updates and contains the version of major and minor update.
 dpkg -l samba
Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständig Löschen/Halten
| Status=Nicht/Installiert/Config/U=Entpackt/halb konFiguriert/
         Halb installiert/Trigger erWartet/Trigger anhängig
|/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fehler: GROSS=schlecht)
||/ Name                                           Version                      Architektur                  Beschreibung
+++-==============================================-============================-============================-=================================================================================================
ii  samba                                          2:4.2.0~rc2-1.725.2015022311 amd64                        SMB/CIFS file, print, and login server for Unix
root@ucsmaster:~# 
uname -a
Linux ucsmaster 3.16-ucs109-amd64 #1 SMP Debian 3.16.5-1.109.201412161258 (2014-12-16) x86_64 GNU/Linux
root@ucsmaster:~# 

Das Problem entsteht, nachdem man neu startet. Es wird ein Samba-Prozess gestartet, der sich bläht. Wenn man den Prozess killed, arbeitet das System scheinbar störungsfrei weiter. Es entwickelt sich dann auch kein neuer Samba-Proszess, der wächst. Abe so kann es ja nicht bleiben …

Hier der aktuelle Wert aus top:

top - 10:35:04 up 21 days, 22:34,  1 user,  load average: 0,11, 0,15, 0,18
Tasks: 167 total,   1 running, 165 sleeping,   0 stopped,   1 zombie
%Cpu(s):  6,8 us,  4,3 sy,  1,0 ni, 86,9 id,  0,7 wa,  0,0 hi,  0,2 si,  0,2 st
KiB Mem:   6127200 total,  5922592 used,   204608 free,    91556 buffers
KiB Swap:  4121804 total,   892708 used,  3229096 free,   176816 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND                                                                                                                                            
21650 root      22   2 4559m 3,9g  10m S   2,0 67,5 953:05.43 samba                                                                                                                                              
22080 root      20   0 1502m 594m  10m S   1,3  9,9  71:42.19 univention-virt                                                                                                                                    
21647 root      22   2  553m  85m  11m S   2,3  1,4 104:34.33 samba                                                                                                                                              
10228 root      20   0  116m  51m 3104 S   0,0  0,9   0:04.43 /usr/sbin/spamd                                                                                                                                    
10234 root      20   0  116m  49m 1136 S   0,0  0,8   0:00.01 spamd child                                                                                                                                        
10235 root      20   0  116m  49m 1136 S   0,0  0,8   0:00.00 spamd child                                                                                                                                        
21649 root      22   2  512m  48m  13m S   0,0  0,8  45:54.58 samba 
.......               

MFG Volker Hahn


#5

Hallo Herr Hahn,

da sollte natürlich nicht sein.

Sie können mit samba-tool weiter eingrenzen, welcher Samba-Prozess genau leaked indem Sie die PID vergleichen:

[code]root@master:~# samba-tool processes
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Service: PID

dnsupdate 2891
wrepl_server 2883
rpc_server 2882
cldap_server 2885
winbind_server 2892
kdc_server 2886
samba 0
dreplsrv 2887
kccsrv 2890
ldap_server 2884
ldap_server 2884[/code]
Könnten Sie uns das bitte noch nachreichen, damit wir gezielt nachschauen können?

Viele Grüße,
Tim


#6

Hallo Herr Petersen,

besten Dank, dass Sie sich der Sache annehmen … Zwischenzeitlich hat sich der Prozess 21650 selber terminiert und ein neuer samba Prozess ist da und wächst wieder: PID 16446 // Dieser Prozess hat sich mittlerweile ca. 2,1 GB des Speichers genommen:

top - 13:41:59 up 26 days,  1:41,  1 user,  load average: 0,14, 0,14, 0,14
Tasks: 165 total,   2 running, 162 sleeping,   0 stopped,   1 zombie
%Cpu(s):  1,7 us, 16,7 sy,  0,2 ni, 81,1 id,  0,3 wa,  0,0 hi,  0,0 si,  0,0 st
KiB Mem:   6127200 total,  5921076 used,   206124 free,   190128 buffers
KiB Swap:  4121804 total,  1063228 used,  3058576 free,  1608936 cached

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND                                                               
16446 root      20   0 2638m 2,1g  12m S  15,6 36,3 313:10.45 samba                                                                 
22080 root      20   0 2100m 824m 7164 S   1,7 13,8 112:56.98 univention-virt                                                       
16443 root      20   0  515m  61m  17m S   0,0  1,0  56:52.91 samba                                                                 
 5691 root      20   0  489m  56m  26m S   0,0  0,9   8:56.70 smbd                                                                  
10932 root      20   0  489m  56m  25m S   0,0  0,9   0:26.56 smbd                                                                  
27775 root      20   0  489m  55m  25m S   0,0  0,9   0:04.47 smbd                                                                  
 4357 root      20   0  489m  55m  25m S   0,0  0,9   0:33.68 smbd                                                                  
27275 root      20   0  489m  55m  25m S   0,0  0,9   0:01.21 smbd                                                                  
26282 root      20   0  489m  55m  25m S   0,0  0,9   0:01.92 smbd                                                                  
13552 root      20   0  489m  55m  25m S   0,0  0,9   0:32.28 smbd                                                                  
16659 root      20   0  489m  55m  25m S   0,0  0,9   0:08.82 smbd                                                                  
21319 kuehn3    20   0  489m  55m  25m S   0,0  0,9   0:24.67 smbd                                                                  
12347 root      20   0  489m  55m  25m S   0,0  0,9   2:11.96 smbd                                                                  
 3067 root      20   0  489m  54m  24m S   0,0  0,9   0:01.35 smbd                                                                  
 5833 root      20   0  489m  54m  24m S   0,0  0,9   0:00.25 smbd                                                                  
16441 root      20   0  458m  52m  22m S   0,0  0,9   0:15.95 smbd                                                                  
29722 root      20   0  489m  52m  22m S   0,0  0,9   0:00.28 smbd                                                                  
30220 root      20   0  116m  51m 3764 S   0,0  0,9   0:42.85 /usr/sbin/spamd                                                       
27251 root      20   0  445m  51m  11m S   0,0  0,9   0:32.60 univention-mana                                                       
16449 root      20   0  503m  50m  20m S   0,0  0,9   0:57.53 samba                                                                 
10203 root      20   0  551m  50m  12m S   0,0  0,8   8:23.68 slapd                                                                 
30230 root      20   0  116m  49m 1700 S   0,0  0,8   0:00.10 spamd child                                                           
30231 root      20   0  116m  49m 1496 S   0,0  0,8   0:00.15 spamd child                                                           
29739 root      20   0  485m  48m  18m S   0,0  0,8   0:00.10 smbd                                                                  
19152 root      20   0  485m  48m  18m S   0,0  0,8   0:00.09 smbd                                                                  
16434 root      20   0  499m  48m  18m S   0,0  0,8   0:01.20 samba                                                                 
16455 root      20   0  429m  47m  17m S   0,0  0,8   0:01.74 winbindd                                                              
16440 root      20   0  506m  46m  16m S   0,0  0,8   4:26.15 samba                                                                 
 2891 root      20   0  482m  45m 6604 S   0,0  0,8   1:12.72 python2.7                                                             
16445 root      20   0  505m  45m  15m S   0,7  0,8  25:22.42 samba                                                                 
16444 root      20   0  499m  37m 7740 S   0,0  0,6   0:02.86 samba                                                                 
16448 root      20   0  499m  35m 5392 S   0,0  0,6   0:01.81 samba                                                                 
16442 root      20   0  502m  35m 5384 S   0,0  0,6   0:06.29 samba                                                                 
16450 root      20   0  499m  35m 5208 S   0,0  0,6   0:11.65 samba                                                                 
16457 root      20   0  458m  34m 4348 S   0,0  0,6   0:01.91 smbd                                                                  
16439 root      20   0  499m  33m 3432 S   0,0  0,6   0:00.00 samba                                                                 
16447 root      20   0  499m  33m 3344 S   0,0  0,6   0:00.00 samba                                                                 
 2575 root      20   0  554m  19m 3404 S   1,3  0,3 200:15.15 named                                                                 
27295 root      20   0  732m  15m 4132 S   0,7  0,3  55:49.87 univention-mana                                                       
 2219 root      20   0  150m  12m 7256 S   0,0  0,2   0:16.78 apache2                                                               
16456 root      20   0  256m  10m 9320 S   0,0  0,2   0:01.49 winbindd                                                              

Hier kommt die angeforderte Ausgabe des samba tools

root@ucsmaster:~# samba-tool processes
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[IPC$]"
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[2open]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[umg_ordner]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[pvs_vergleich]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[install]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[dokumente]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[entwicklung]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[www-dev]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[profile]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[statistik]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[personal]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
pm_process() returned Yes
 Service:                PID 
-----------------------------
dnsupdate              16450
wrepl_server           16442
rpc_server             16440
rpc_server             16440
cldap_server           16444
winbind_server         16451
kdc_server             16445
samba                      0
dreplsrv               16446
kccsrv                 16449
ldap_server            16443
ldap_server            16443
root@ucsmaster:~# 

MFG hahn


#7

Hallo,

das scheint den dreplsrv zu betreffen - gibt es mehrere Samba 4 DC’s in der Umgebung? Welche Ausgabe gibt:

samba-tool drs showrepl

Viele Grüße,
Tim Petersen


#8

Hallo Herr Petersen,

hier kommt ide Ausgabe:

root@ucsmaster:~# samba-tool drs showrepl
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[IPC$]"
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[2open]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[umg_ordner]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[pvs_vergleich]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[install]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[dokumente]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[entwicklung]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[www-dev]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[profile]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[statistik]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
Processing section "[personal]"
Unknown parameter encountered: "security mask"
Ignoring unknown parameter "security mask"
Unknown parameter encountered: "directory security mask"
Ignoring unknown parameter "directory security mask"
Unknown parameter encountered: "force security mode"
Ignoring unknown parameter "force security mode"
Unknown parameter encountered: "force directory security mode"
Ignoring unknown parameter "force directory security mode"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ucsmaster.gilching.local[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Mapped to DCERPC endpoint 1024
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Received smb_krb5 packet of length 295
Received smb_krb5 packet of length 1336
Received smb_krb5 packet of length 1326
Received smb_krb5 packet of length 1310
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
added interface eth0 ip=192.168.100.110 bcast=192.168.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ucsmaster.gilching.local<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
Received smb_krb5 packet of length 1326
Received smb_krb5 packet of length 1310
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:10 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13171 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:11 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:46:11 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		13144 consecutive failure(s).
		Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:33 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		35 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:34 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		36 consecutive failure(s).
		Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
	Default-First-Site-Name\DCBACKUP via RPC
		DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
		Last attempt @ Tue Mar 10 18:47:34 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
		36 consecutive failure(s).
		Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
	Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
	Enabled        : TRUE
	Server DNS name : DCBACKUP.gilching.local
	Server DN name  : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
		TransportType: RPC
		options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~# 

Gruß Volker Hahn


#9

Habe mit den neuen Infos hier im Forum einen weitern Beitrag gefunden, der sich mit dem gleichen Problem beschäftigt (aber keine Lösung bietet):

https://help.univention.com/t/samba4-prozess/2000/1

Vielleicht kann man das zusammenlegen.

Gruß Hahn


#10

Hallo,

zuerst würde ich vorschlagen, das Debuglevel herabzusetzen - das scheint mir sehr hoch:

ucr set samba/debug/level=1 /etc/init.d/samba restart
Eventuell ändert das das Verhalten bereits.

Alternativ sollte man sich separat in jedem Fall die DRS-Situation anschauen. Die DRS-Replikation zum DC Backup funktioniert seit dem 17.01., morgens 01:04 nicht mehr.
Eventuell fand dort eine Passwort-Rotation oder Ähnliches statt und Samba konnte nicht neugestartet werden (befindet sich der Backup ggfs. auf einem älteren Versionsstand? Da gab es mal Probleme in der Richtung…):

#Auf dem Backup: /etc/init.d/samba restart ps aux | grep samba less /var/log/univention/server_password_change.log #ggfs. ältere Logdateien, interessant ist der 17.01.

Viele Grüße,
Tim Petersen


#11

Hallo Herr Petersen,

loglevel ist geändert, die samba Daemon sind neu gestartet.
Beide System habe ich heute nochmals geupdated. Die Versionen sind auf beiden Maschinen gleich:

Die momentan installierte Version ist 4.0-1 errata111.
Es sind keine Paket-Aktualisierungen verfügbar.
Informationen zu den Aktualisierungen
Es sind keine App Center-Aktualisierungen verfügbar.

Hier die Prozess - Ausgabe des DCBackup (nachdem der Samba neu gestartet wurde):

root@dcbackup:~# ps aux | grep samba root 2318 0.0 0.0 176 0 ? Ss Feb11 0:00 runsv univention-bind-samba4 root 2450 0.0 1.8 589576 38036 ? Sl Feb11 6:30 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d 0 root 22140 0.0 2.4 508876 51196 ? SNs 15:24 0:00 /usr/sbin/samba -D root 22147 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22148 0.3 2.4 515500 49408 ? SN 15:24 0:03 /usr/sbin/samba -D root 22150 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22151 1.0 2.1 511424 43804 ? SN 15:24 0:09 /usr/sbin/samba -D root 22152 0.0 1.8 508876 38684 ? SN 15:24 0:00 /usr/sbin/samba -D root 22153 0.0 2.2 515084 45356 ? SN 15:24 0:00 /usr/sbin/samba -D root 22154 0.1 2.2 517672 45340 ? SN 15:24 0:01 /usr/sbin/samba -D root 22155 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22156 0.0 1.6 508876 34412 ? SN 15:24 0:00 /usr/sbin/samba -D root 22158 0.0 2.5 513028 51472 ? SN 15:24 0:00 /usr/sbin/samba -D root 22159 0.0 1.7 508876 36404 ? SN 15:24 0:00 /usr/sbin/samba -D root 25084 0.0 0.0 4192 552 ? Ss 15:40 0:00 /bin/sh -c /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1 root 25085 0.0 0.1 9232 2168 ? S 15:40 0:00 /bin/bash /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh root 25107 0.0 0.0 9916 1944 pts/0 R+ 15:40 0:00 grep samba root@dcbackup:~#
Und hier kommt noch das server_password_change.log das auch den 17.01. enthält …

[code]root@dcbackup:/var/log/univention# less server_password_change.log.8

Starting server password change (Mon Jan 12 01:03:24 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Tue Jan 13 01:07:27 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Wed Jan 14 01:02:34 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Thu Jan 15 01:09:18 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Fri Jan 16 01:09:46 CET 2015)
No server password change scheduled for today, terminating without a change
Starting server password change (Sat Jan 17 01:05:04 CET 2015)
Proceeding with regular server password change scheduled for today
run-parts: executing /usr/lib/univention-server/server_password_change.d/50univention-mail-server prechange
Create mail/postfix/stoppedbyserverpasswordchange
Stopping Postfix Mail Transport Agent: postfix.
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-mail-cyrus prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-s4-connector prechange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-samba4 prechange
Object modified: cn=dcbackup,cn=dc,cn=computers,dc=gilching,dc=local
Restarting univention-directory-listener daemon.
timeout: finish: univention-directory-listener: (pid 9819) 498833s, normally down
done.
run-parts: executing /usr/lib/univention-server/server_password_change.d/50univention-mail-server postchange
File: /etc/listfilter.secret
Multifile: /etc/postfix/ldap.distlist
Multifile: /etc/postfix/ldap.groups
Multifile: /etc/postfix/ldap.canonicalsender
Multifile: /etc/postfix/ldap.sharedfolderlocal
Multifile: /etc/postfix/ldap.virtualwithcanonical
Multifile: /etc/postfix/ldap.sharedfolderremote
Multifile: /etc/postfix/ldap.virtual
Multifile: /etc/postfix/ldap.canonicalrecipient
Multifile: /etc/postfix/ldap.transport
Multifile: /etc/postfix/ldap.virtualdomains
Starting Postfix Mail Transport Agent: postfix.
Unsetting mail/postfix/stoppedbyserverpasswordchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-bind postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap postchange
File: /etc/libnss-ldap.conf
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-mail-cyrus postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd postchange
Restarting Name Service Cache Daemon: nscd.
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-s4-connector postchange
run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-samba4 postchange
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Modified 1 records successfully
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Changed password OK
Stopping Samba AD DC daemon: sambaretry #1
Starting Samba AD DC daemon: samba.
done (Sat Jan 17 01:06:15 CET 2015)
Starting server password change (Sun Jan 18 01:09:06 CET 2015)
No server password change scheduled for today, terminating without a change
~
~
~
~
~
~
[/code]

Soweit von uns! Gruß Hahn


#12

Hallo Herr Hahn,

tatsächlich gab es am 17.01. eine Passwortrotation. Ein Problem kann ich dabei aber in der Logdatei nicht erkennen.
Wie hat sich die Speicherverwendung des Samba-Prozesses und die DRS-Replikation in der Zwischenzeit nach Neustart von Samba auf dem DC-Backup entwickelt?
Bei der Kontrolle der DRS-Replikation und der Verwendung bestimmter Analysetools (wie samba-tool drs showrepl) hilft sicher auch SDB-Artikel #1235 Samba 4 Troubleshooting Guide:

# Master samba-tool drs kcc -UAdministrator <fqdn of backup dc> samba-tool drs showrepl tail -20 /var/log/samba/log.samba #Backup samba-tool drs kcc -UAdministrator <fqdn of master dc> samba-tool drs showrepl tail -20 /var/log/samba/log.samba

Da ich dieses Speicherverhalten in anderen aktuellen Umgebungen nicht nachvollziehen kann, gehe ich davon aus, dass es einen Zusammenhang mit der gestörten DRS-Replikation gibt.

Mit freundlichen Grüßen,
Tim Petersen


#13

Hm … Leider ist das Problem nicht gelöst …

[code]top - 18:45:18 up 33 days, 6:45, 1 user, load average: 0,88, 0,40, 0,38
Tasks: 164 total, 2 running, 159 sleeping, 0 stopped, 3 zombie
%Cpu(s): 0,3 us, 23,6 sy, 1,0 ni, 74,4 id, 0,7 wa, 0,0 hi, 0,0 si, 0,0 st
KiB Mem: 6127200 total, 5980432 used, 146768 free, 113068 buffers
KiB Swap: 4121804 total, 354848 used, 3766956 free, 354212 cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
21686 root 22 2 3633m 3,1g 11m S 22,3 52,9 611:31.22 samba
23303 root 20 0 1764m 1,2g 14m S 2,7 20,1 69:05.24 univention-virt
21683 root 22 2 538m 74m 12m S 0,0 1,2 86:34.08 samba
27743 root 20 0 402m 64m 12m S 0,3 1,1 0:28.00 univention-mana
15270 root 20 0 485m 53m 13m S 0,0 0,9 1:26.94 python2.7
25799 root 20 0 116m 50m 2760 S 0,0 0,8 0:10.52 /usr/sbin/spamd
25809 root 20 0 116m 49m 1004 S 0,0 0,8 0:00.01 spamd child
25810 root 20 0 116m 49m 1[/code]

Hier kommen die Abfragen:
samba-tool drs kcc -UAdministrator

root@ucsmaster:~# samba-tool drs kcc -UAdministrator 192.168.100.109 WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Password for [GILCHING\Administrator]: Consistency check on 192.168.100.109 successful. root@ucsmaster:~#
samba-tool drs showrepl:

[code]root@ucsmaster:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:48 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:49 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:49 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14912 consecutive failure(s).
Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:50 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:46:50 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
14874 consecutive failure(s).
Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:42 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:42 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Mon Mar 16 18:47:43 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
29 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
Enabled : TRUE
Server DNS name : DCBACKUP.gilching.local
Server DN name : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~#
[/code]
tail -20 /var/log/samba/log.samba:

root@ucsmaster:~# tail -20 /var/log/samba/log.samba [2015/03/16 18:50:12.768437, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.170297, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.570928, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:13.967664, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:14.373396, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:17.761761, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.140489, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.566166, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:18.977470, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL [2015/03/16 18:50:19.379619, 0, pid=21686] ../source4/librpc/rpc/dcerpc_util.c:729(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:192.168.100.109[1024,seal,krb5,target_hostname=75601e54-1852-4088-9334-da8c1390d2f6._msdcs.gilching.local,target_principal=GC/DCBACKUP.gilching.local/gilching.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.100.110] NT_STATUS_UNSUCCESSFUL root@ucsmaster:~#

Und hier die Abragen auf dem DCBackup …
samba-tool drs kcc -UAdministrator 192.168.100.110

root@dcbackup:~# samba-tool drs kcc -UAdministrator 192.168.100.110 WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Password for [GILCHING\Administrator]: Consistency check on 192.168.100.110 successful. root@dcbackup:~#

[code]root@dcbackup:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\DCBACKUP
DSA Options: 0x00000001
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
DSA invocationId: c1719241-e2d3-4e26-a25c-51fc67bbb6f8

==== INBOUND NEIGHBORS ====

DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:20 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:20 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 18:50:21 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 18:50:21 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Mon Mar 16 15:46:50 2015 CET was successful
0 consecutive failure(s).
Last success @ Mon Mar 16 15:46:50 2015 CET

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:26:02 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:26:02 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:25:58 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:25:58 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:25:58 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:25:58 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\UCSMASTER via RPC
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
Last attempt @ Wed Mar 11 15:26:03 2015 CET was successful
0 consecutive failure(s).
Last success @ Wed Mar 11 15:26:03 2015 CET

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 6049103f-f8e2-445b-8d57-4f2008193897
Enabled : TRUE
Server DNS name : ucsmaster.gilching.local
Server DN name : CN=NTDS Settings,CN=UCSMASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@dcbackup:~# [/code]

tail -20 /var/log/samba/log.samba

root@dcbackup:~# tail -20 /var/log/samba/log.samba [2015/03/16 18:54:33.587010, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:33.978876, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:34.326064, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:34.693312, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:35.017927, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:38.578039, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:38.905445, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:39.282656, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:39.710153, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) [2015/03/16 18:54:40.104344, 1, pid=22148] ../source4/auth/gensec/gensec_gssapi.c:650(gensec_gssapi_update) GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see text): Failed to find DCBACKUP$@GILCHING.LOCAL(kvno 13) in keytab FILE:/etc/krb5.keytab (arcfour-hmac-md5) root@dcbackup:~#

Das System ist mit dem Update auf 4.0 gefühlt langsamer geworden. Insbesondere, wenn in der Früh die Profile abgeholt werden, dauert es bis zu einer halben Stunde, bis die Workstation normal läuft … MFG Hahn


#14

Hallo Herr Hahn,

es sieht so aus, als gäbe es ein Problem mit der Keytab des DC Backup - in Verbindung mit der Passwortrotation vermute ich, dass die DRS-Replikation wieder in Gang kommt, wenn Sie auf dem Backup den Master als Kerberos-KDC konfigurieren:

#Auf dem DC-Backup ucr set kerberos/kdc=192.168.100.110 invoke-rc.d samba-ad-dc restart

Anschließend bitte auf dem Master:

#Auf dem DC-Master invoke-rc.d samba-ad-dc restart

Anschließend würde ich auf dem DC Backup eine Passwort-Rotation triggern:

#Auf dem DC-Backup ucr set server/password/interval='-1' /usr/lib/univention-server/server_password_change ucr set server/password/interval='21'

Viele Grüße,
Tim Petersen


#15

Hallo Herr Petersen,

wir sind leider noch nicht durch. Es besteht nach wie vor das Problem, dass ein Samba Prozess immer größer wird. Nach ca. 2 Tagen reicht der physische Speicher nicht mehr und das System fängt an, den Swap zu belegen (und wird langsam).

Ich bekomme auch nach wie vor noch den folgenden Fehler:

[code]root@ucsmaster:~# samba-tool drs showrepl
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Default-First-Site-Name\UCSMASTER
DSA Options: 0x00000001
DSA object GUID: 73beff4c-0e5f-47c2-9dac-13399f11d4f7
DSA invocationId: dbe8111e-164e-413d-86f6-96503553afe5

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:18 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:38 2015 CET

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:39 2015 CET

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17781 consecutive failure(s).
Last success @ Sat Jan 17 01:04:40 2015 CET

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:43 2015 CET

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:19 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
17743 consecutive failure(s).
Last success @ Sat Jan 17 01:04:45 2015 CET

==== OUTBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:58 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158064 consecutive failure(s).
Last success @ NTTIME(0)

DC=ForestDnsZones,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:58 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158063 consecutive failure(s).
Last success @ NTTIME(0)

DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158061 consecutive failure(s).
Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158060 consecutive failure(s).
Last success @ NTTIME(0)

CN=Configuration,DC=gilching,DC=local
Default-First-Site-Name\DCBACKUP via RPC
DSA object GUID: 75601e54-1852-4088-9334-da8c1390d2f6
Last attempt @ Thu Mar 26 17:44:59 2015 CET failed, result 31 (WERR_GENERAL_FAILURE)
158055 consecutive failure(s).
Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection –
Connection name: 4ae098b1-dedc-410a-88d3-fed52834879e
Enabled : TRUE
Server DNS name : DCBACKUP.gilching.local
Server DN name : CN=NTDS Settings,CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root@ucsmaster:~#
[/code]

Haben Sie noch eine Idee? Gruß Hahn


#16

Hallo Herr Hahn,

[quote=“versdirekt”]
Haben Sie noch eine Idee? Gruß Hahn[/quote]

ich gehe weiterhin davon aus, dass die DRS-Situation ursächlich für die Leaks ist.
Was die DRS-Replikation in jedem Fall verbessern bzw. wieder instand setzen wird, ist ein Re-Join des DC-Backups.

Viele Grüße,
Tim Petersen


#17

Hallo Herr Petersen,

da scheint der Hase im Pfeffer zu liegen …

Der Re-Join läuft nicht durch. Der Samba - Join bleibt hängen. Die Fehlermeldung ist allerdings recht kryptisch:

[code]RUNNING 97univention-s4-connector.inst
2015-03-30 17:35:00.315850812+02:00 (in joinscript_init)
Not updating connector/s4/ldap/host
Not updating connector/s4/ldap/base
Not updating connector/s4/ldap/ssl
Not updating connector/s4/mapping/group/language
Not updating connector/s4/ldap/protocol
Not updating connector/s4/ldap/socket
Object exists: cn=gPLink,cn=custom attributes,cn=univention,dc=gilching,dc=local
Object exists: cn=Builtin,dc=gilching,dc=local
Object exists: cn=System,dc=gilching,dc=local
Object exists: cn=Policies,cn=System,dc=gilching,dc=local
Object exists: ou=Domain Controllers,dc=gilching,dc=local
Object exists: cn=WMIPolicy,cn=System,dc=gilching,dc=local
Object exists: cn=SOM,cn=WMIPolicy,cn=System,dc=gilching,dc=local
Object exists: cn=ldapschema,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object mswmi.
Object exists: cn=udm_module,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object container/msgpo.
Object modified: cn=msgpo,cn=ldapschema,cn=univention,dc=gilching,dc=local

Object modified: cn=mswmi,cn=ldapschema,cn=univention,dc=gilching,dc=local

Object modified: cn=container/msgpo,cn=udm_module,cn=univention,dc=gilching,dc=local

Waiting for activation of the extension object msgpo:…OK
Waiting for activation of the extension object mswmi: OK
Waiting for activation of the extension object container/msgpo: OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/container/msgpo.py: OK
Terminating running univention-cli-server processes.
Object exists: cn=udm_module,cn=univention,dc=gilching,dc=local
INFO: No change of core data of object settings/mswmifilter.
Object modified: cn=settings/mswmifilter,cn=udm_module,cn=univention,dc=gilching,dc=local

Waiting for activation of the extension object settings/mswmifilter: OK
Waiting for file /usr/share/pyshared/univention/admin/handlers/settings/mswmifilter.py: OK
Terminating running univention-cli-server processes.
Stopping univention-s4-connector daemon.
done.
Not updating connector/s4/autostart
Create connector/s4/listener/disabled
Restarting univention-directory-listener daemon.
ok: run: univention-directory-listener: (pid 5224) 0s, normally down
done.
2015-03-30 17:35:49.604587397+02:00 (in joinscript_save_current_version)
EXITCODE=0
RUNNING 98univention-pkgdb-tools.inst
2015-03-30 17:35:49.621761593+02:00 (in joinscript_init)
Cannot find service-record of _pkgdb._tcp.
No DB-Server-Name found.
2015-03-30 17:35:49.732835127+02:00 (in joinscript_save_current_version)
EXITCODE=0
RUNNING 98univention-samba4-dns.inst
2015-03-30 17:35:49.751184335+02:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Mo 30. Mär 17:35:50 CEST 2015
univention-run-join-scripts finished

univention-run-join-scripts started
Mo 30. Mär 17:40:00 CEST 2015

RUNNING 96univention-samba4.inst
2015-03-30 17:40:00.230344292+02:00 (in joinscript_init)
Not updating samba4/role
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=gilching,dc=local
WARNING: cannot append cn=dcbackup,cn=dc,cn=computers,dc=gilching,dc=local to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=gilching,dc=local
Object exists: (group) : Service
ldap_modify: No such object (32)
matched DN: cn=Builtin,dc=gilching,dc=local
modifying entry “cn=Service,cn=Builtin,dc=gilching,dc=local”

Stopping Samba AD DC daemon: samba.
Samba is configured as AD DC, service smbd is controlled by the main samba daemon.
Stopping NetBIOS name server: nmbd.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Multifile: /etc/ldap/slapd.conf
Restarting ldap server(s).
Stopping ldap server(s): slapd …done.
Check database: …done.
Starting ldap server(s): slapd …done.
Not updating windows/wins-support
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Forest : gilching.local
Domain : gilching.local
Netbios domain : GILCHING
DC name : ucsmaster.gilching.local
DC netbios name : UCSMASTER
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.
Finding a writeable DC for domain ‘gilching.local’
Found DC ucsmaster.gilching.local
workgroup is GILCHING
realm is gilching.local
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <Entry CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local already exists> <>
File “/usr/lib/python2.7/dist-packages/samba/netcmd/init.py”, line 175, in _run
return self.run(*args, **kwargs)
File “/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py”, line 620, in run
keep_existing=keep_existing)
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1190, in join_DC
ctx.do_join()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 1093, in do_join
ctx.join_add_objects()
File “/usr/lib/python2.7/dist-packages/samba/join.py”, line 562, in join_add_objects
ctx.samdb.add(rec)
checking sAMAccountName
Adding CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Adding CN=DCBACKUP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gilching,DC=local
Join failed - cleaning up
checking sAMAccountName
removing samaccount: CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Deleted CN=DCBACKUP,OU=Domain Controllers,DC=gilching,DC=local
Failed to join the domain gilching.local.
EXITCODE=1
RUNNING 98univention-samba4-dns.inst
2015-03-30 17:40:10.605031309+02:00 (in joinscript_init)
Samba4 backend database not available yet, exiting joinscript 98univention-samba4-dns.
EXITCODE=1

Mo 30. Mär 17:40:10 CEST 2015
univention-run-join-scripts finished

root@dcbackup:~# [/code]


#18

Hallo Herr Hahn,
Das ist leider etwas undurchsichtig - haben Sie hier tatsächlich einen re-join durchgeführt (und nicht nur einzelnde Joinskripte)?
Einen Re-Join führen Sie so durch:

univention-join

Bitte hängen Sie anschließend einmal die komplette join.log an.


#19

Hallo Herr Petersen,

Gestern habe ich über die UMC / Domaine den ReJoin angestossen. Es sind Meldungen gekommen, dass der Join in zwei Punkten nicht geklappt hat. Danach habe ich die einzelnen Joinscripte nochmals (erfolglos) gestartet.

Heute habe ich auf der Konsole den Join nochmals angestossen:

[code]root@dcbackup:~# univention-join
univention-join: joins a computer to an ucs domain
copyright © 2001-2015 Univention GmbH, Germany

Enter DC Master Account : administrator
Enter DC Master Password:

Search DC Master: done
Check DC Master: done
Stop LDAP Server: done
Stop Samba 4 Server: done
Search ldap/base done
Start LDAP Server: done
Search LDAP binddn done
Sync time: done
Join Computer Account: done
Stopping univention-directory-notifier daemon: done
Stopping univention-directory-listener daemon: … done
Sync ldap.secret: done
Sync ldap-backup.secret: done
Sync SSL directory: done
Check TLS connection: done
Download host certificate: done
Sync SSL settings: done
Restart LDAP Server: done
Sync Kerberos settings: done
Not updating kerberos/adminserver
Configure 01univention-ldap-server-init.inst done
Configure 02univention-directory-notifier.inst done
Configure 03univention-directory-listener.inst done
Configure 04univention-ldap-client.inst done
Configure 05univention-bind.inst done
Configure 08univention-apache.inst done
Configure 10univention-ldap-server.inst done
Configure 11univention-heimdal-init.inst done
Configure 11univention-pam.inst done
Configure 15univention-directory-notifier-post.inst done
Configure 15univention-heimdal-kdc.inst done
Configure 18python-univention-directory-manager.inst done
Configure 20univention-directory-policy.inst done
Configure 20univention-join.inst done
Configure 26univention-nagios-common.inst done
Configure 30univention-nagios-client.inst done
Configure 34univention-management-console-server.inst done
Configure 34univention-management-console-web-server.inst done
Configure 35univention-management-console-module-appcenter.done
Configure 35univention-management-console-module-diagnosticdonet
Configure 35univention-management-console-module-ipchange.idone
Configure 35univention-management-console-module-join.inst done
Configure 35univention-management-console-module-lib.inst done
Configure 35univention-management-console-module-mrtg.inst done
Configure 35univention-management-console-module-passwordchdone.inst
Configure 35univention-management-console-module-quota.instdone
Configure 35univention-management-console-module-reboot.insdone
Configure 35univention-management-console-module-services.idone
Configure 35univention-management-console-module-setup.instdone
Configure 35univention-management-console-module-sysinfo.indone
Configure 35univention-management-console-module-top.inst done
Configure 35univention-management-console-module-ucr.inst done
Configure 35univention-management-console-module-udm.inst done
Configure 35univention-management-console-module-updater.indone
Configure 36univention-management-console-module-apps.inst done
Configure 40univention-virtual-machine-manager-schema.inst done
Configure 67univention-mail-server.inst done
Configure 81univention-mail-cyrus.inst done
Configure 81univention-nfs-server.inst done
Configure 90univention-bind-post.inst done
Configure 92univention-fetchmail-schema.inst done
Configure 92univention-fetchmail.inst done
Configure 96univention-samba4.inst failed


  • Join failed! *
  • Contact your system administrator *

  • Message: FAILED: 96univention-samba4.inst

root@dcbackup:~#
[/code]

Die Logdatei sollte im Anhang sein …
Übrigens: Das ursprüngliche Problem schein gelöst zu sein. Der samba Prozsess ist heute nicht mehr gewachsen.

MFG Hahn
join.log (321 KB)


#20

Hallo Herr Hahn,

Sehr schön, dann lag ich meiner Vermutung ja richtig :slight_smile:

Ich würde nun folgendermaßen vorgehen:

# Auf dem Master /usr/share/univention-samba4/scripts/purge_s4_computer.py --computername=DCBACKUP samba-tool dbcheck --cross-ncs --fix #Auf dem Backup univention-join

das bereinigt gegebenenfalls Altlasten auf dem Master und startet den Joinvorgang erneut.

Viele Grüße,
Tim Petersen