Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - AxxelH

Pages: [1]
1
For some time (at least 9 months) I've been running Zentyal with two domain controllers, one as "Domain Controller" (DC) and the other as "Addtional Domain Controller" (ADC) in a homelab environment. The DC's served a mix of Mac and Linux clients without issue. Both servers are running Zentyal 7.0, and are up-to-date.

Sometime in the last few weeks, I've noticed that login operations have become problematic. Examples:
- Some Mac clients will login to a user session, but once the screensaver locks the password is refused.
- File server operations from other Samba servers bound to the domain will sometimes hang for extended periods until some timeout expires, after which the operation completes.

During debugging I've tried shutting down each DC, with unexpected effects:

- If the main DC is on and the ADC is off everything seems to run reasonably:
  - Mac login operations succeed.
  - There are occasional delays in some file server operations, but they are rare.

My presumption is in this state that while the DNS entries for the ADC are still present in this state, attempts to use the ADC time out rapidly and switch to the main DC.

- If the main DC is off and the ADC is on:
  - Mac logins fail, as does screensaver unlock.
  - File servers operations fail, or prompt for passwords which are then rejected.
  - Direct SMB commands ('smbclient //server/netlogon -U diradmin -c 'ls') run on the ADC work, but take exceptionally long (40-60s).

This obviously means that any failover benefits I might get from the ADC aren't in effect.

I'm unsure how to debug this, as I let Zentyal set this up, and I don't really know the underlying Samba stack. What I know:

- 'samba-tool drs showrepl' shows replication is running without errors when both servers are up.

- 'samba-tool fsmo show' has all FSMO roles assigned to the DC (where I would expect them).

- There are no obvious errors in the ADC logs (but maybe I have a different expection of "obvious").


Any suggestions? My current thinking is to just force remove the offline ADC from Samba using something like 'samba-tool domain demote --remove-other-dead-server' but its not clear to me that's safe in Zentyal, or if I'm creating other problems.


 

2
I was able to confirm this is because the 6.2 upgrade process creates /var/lib/zentyal/.license_type. Removing this file allows the development edition to operate normally.

However, I assume the creation of this file during the upgrade is a bug.

3
Running Zentyal 6.1 development/community edition in a homelab. After following the upgrade documentation to upgrade to 6.2:

https://doc.zentyal.org/en/upgrade.html

Logging into the 6.2 instance results in prompt for an activation key. I restored from backups and attempted a commandline upgrade to similar effect (/usr/share/zentyal/release-upgrade).

Is this a known issue?

4
RSAT tools were not previously required, this appears to be a new bug in 6.1, though we don't know the cause.

5
I'm seeing the exact same issue, records added after 6.1 upgrade do not resolve.

In my case the expected entries in /var/lib/bind/db.* are present and the reverse lookups work. Forward lookups fail (NXDOMAIN).

I was able to rollback to 6.0.1 from a backup and things are working again. There is no obvious difference in content between /var/lib/bind/db.* in 6.0.1 vs 6.1.

I'm a little concerned that your problem has seen no response, so I wanted to be sure to mention its not a one-off.

Pages: [1]