Visit Open-E website
Results 1 to 9 of 9

Thread: Cannot resync DSS V6 on AD Domain after a "crash"

  1. #1

    Default Cannot resync DSS V6 on AD Domain after a "crash"

    Hi all,

    After a "crash" of my DSS v6 and XFS_Repair, I have to resync on a AD Domain but always the following error occurs "Database is empty or connection error"

    In the logs I have the following messages for the connection with DC server:

    "connect_to_domain_password_server: unable to open the domain client session to machine SERVER.DC.HOME Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT."

    Do I have to erase the current Samba Database when resync with DC ?

    Any other suggestion ?

    Many thanks in advance.

    Bruno.

  2. #2

    Default

    You dont have to erase the current Samba Database, see if you can connect with PDC to see if you can connect to the ADS server, make sure that you log in as a Domain Admin and verify that in the DSS in the DNS settings you have the ADS server's IP. Also verify correct time on the DSS that matches the ADS servers time.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  3. #3

    Default

    Hi Todd,

    The IP of the DC is OK and we can ping it. The Administrator account and password are OK.
    Also we have checked the DNS IP's (and reachable) and date/time : Everything is OK.

    Any other idea ?

  4. #4

    Default

    Try to use the PDC to see if your able to get the Users and Groups if you can then this means it is connecting and authenticating, then for the ADS see if there is anything blocking it or check the ADS logs.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  5. #5

    Default

    Hi Tood,

    What do you mean by : try to use PDC ?

    Here is the content of ads.log :

    --connection to ads---
    spawn /usr/bin/kinit administrator@BROADCAST.XXX.FR
    Password for administrator@BROADCAST.XXX.FR:
    Mon Nov 11 15:58:18 CET 2013
    Ticket cache: FILE:/tmp/krb5cc_0
    Default principal: administrator@BROADCAST.XXX.FR

    Valid starting Expires Service principal
    11/11/13 15:58:17 11/12/13 01:58:17 krbtgt/BROADCAST.XXX.FR@BROADCAST.XXX.FR
    renew until 11/12/13 15:58:17


    Kerberos 4 ticket cache: /tmp/tkt0
    /usr/sbin/net ads join -U administrator%****
    -----------
    SHORT DOMAIN: BROADCAST
    --------security.conf---------
    security = ADS
    password server = kerberos.server
    realm = BROADCAST.XXX.FR
    allow trusted domains = yes
    --------hosts---------
    10.231.235.103 kerberos.server BROADCAST.XXX.FR TFBROADDC1 TFBROADDC1.BROADCAST.XXX.FR #kerberos.server
    --------krb5.conf---------
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/krb5admin.log

    [libdefaults]
    default_realm = BROADCAST.XXX.FR

    [realms]
    BROADCAST.XXX.FR = {
    kdc = kerberos.server
    admin_server = dss91155613
    default_domain = kerberos.server
    }

    [appdefaults]
    pam = {
    debug = false
    forwardable = false
    krb4_convert = false
    }

    --------net ads info---------
    LDAP server: 10.231.235.102
    LDAP server name: tfbroaddc2.broadcast.xxx.fr
    Realm: BROADCAST.XXX.FR
    Bind Path: dc=BROADCAST,dc=XXX,dc=FR
    LDAP port: 389
    Server time: Mon, 11 Nov 2013 15:58:22 CET
    KDC server: 10.231.235.102
    Server time offset: 0
    --------wbinfo -D domena---------
    Name : BROADCAST
    Alt_Name : broadcast.xxx.fr
    SID : S-1-5-21-719910283-167185162-3801991273
    Active Directory : Yes
    Native : Yes
    Primary : Yes

  6. #6

    Default

    On the DSS select Windows (PDC) NOT ADS.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  7. #7

    Default

    Hi Todd,

    If I try to use PDC what will happen if the AD Server is not working in mixed mode (i.e AD native mode only) ?

    In addition the change of AD to PDC will clear the TDB Database and reassign UID and GID.

    Are you sure we can do it without any trouble ?

    Best regards,

    Bruno.

  8. #8

    Default

    Bruno you can test with our TRIAL version on any system or even a Virtual Machine or send in a support ticket with the logs.
    All the best,

    Todd Maxwell


    Follow the red "E"
    Facebook | Twitter | YouTube

  9. #9

    Default

    Todd,

    At the end customer site, there are two DSS v6 replicated together. One is working properly and is synchronized with the AD domain
    and the other one has this issue after a "crash".

    So the AD domain, DNS and time are all OK.

    I cannot send the logs to the techsupport to analyze further because this DSS v6 has no support contract.

    I don't know now what I can do more.

    Any idea.

    Best regards,

    Bruno

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •