Cannot resync DSS V6 on AD Domain after a "crash"

[bzazzera]

Hi Tood,

What do you mean by : try to use PDC ?

Here is the content of ads.log :

--connection to ads---
spawn /usr/bin/kinit administrator@BROADCAST.XXX.FR
Password for administrator@BROADCAST.XXX.FR:
Mon Nov 11 15:58:18 CET 2013
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@BROADCAST.XXX.FR

Valid starting Expires Service principal
11/11/13 15:58:17 11/12/13 01:58:17 krbtgt/BROADCAST.XXX.FR@BROADCAST.XXX.FR
renew until 11/12/13 15:58:17


Kerberos 4 ticket cache: /tmp/tkt0
/usr/sbin/net ads join -U administrator%****
-----------
SHORT DOMAIN: BROADCAST
--------security.conf---------
security = ADS
password server = kerberos.server
realm = BROADCAST.XXX.FR
allow trusted domains = yes
--------hosts---------
10.231.235.103 kerberos.server BROADCAST.XXX.FR TFBROADDC1 TFBROADDC1.BROADCAST.XXX.FR #kerberos.server
--------krb5.conf---------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/krb5admin.log

[libdefaults]
default_realm = BROADCAST.XXX.FR

[realms]
BROADCAST.XXX.FR = {
kdc = kerberos.server
admin_server = dss91155613
default_domain = kerberos.server
}

[appdefaults]
pam = {
debug = false
forwardable = false
krb4_convert = false
}

--------net ads info---------
LDAP server: 10.231.235.102
LDAP server name: tfbroaddc2.broadcast.xxx.fr
Realm: BROADCAST.XXX.FR
Bind Path: dc=BROADCAST,dc=XXX,dc=FR
LDAP port: 389
Server time: Mon, 11 Nov 2013 15:58:22 CET
KDC server: 10.231.235.102
Server time offset: 0
--------wbinfo -D domena---------
Name : BROADCAST
Alt_Name : broadcast.xxx.fr
SID : S-1-5-21-719910283-167185162-3801991273
Active Directory : Yes
Native : Yes
Primary : Yes

[To-M]

On the DSS select Windows (PDC) NOT ADS.

[bzazzera]

Hi Todd,

If I try to use PDC what will happen if the AD Server is not working in mixed mode (i.e AD native mode only) ?

In addition the change of AD to PDC will clear the TDB Database and reassign UID and GID.

Are you sure we can do it without any trouble ?

Best regards,

Bruno.

[To-M]

Bruno you can test with our TRIAL version on any system or even a Virtual Machine or send in a support ticket with the logs.

[bzazzera]

Todd,

At the end customer site, there are two DSS v6 replicated together. One is working properly and is synchronized with the AD domain
and the other one has this issue after a "crash".

So the AD domain, DNS and time are all OK.

I cannot send the logs to the techsupport to analyze further because this DSS v6 has no support contract.

I don't know now what I can do more.

Any idea.

Best regards,

Bruno