Univention Bugzilla – Bug 50226
univention-s4connector-list-rejected IOError: [Errno 2] No such file or directory
Last modified: 2019-10-01 14:14:57 CEST
I got an email from nagios: -------------------- Samba DRS CRITICAL: DRS connection to mail.____.de failed -------------------- So I logged in and wanted to see the rejected, but: root@mail:~# univention-s4connector-list-rejected Traceback (most recent call last): File "/usr/sbin/univention-s4connector-list-rejected", line 73, in <module> mapping = imp.load_source('mapping', '/etc/univention/%s/s4/mapping.py' % CONFIGBASENAME) IOError: [Errno 2] No such file or directory ============================================================= root@mail:~# ls -la /etc/univention/*/s4/mapping.py ls: Zugriff auf '/etc/univention/*/s4/mapping.py' nicht möglich: Datei oder Verzeichnis nicht gefunden ============================================================= root@mail:~# univention-app info UCS: 4.4-1 errata287 Installed: letsencrypt=1.2.2-8 mailserver=12.0 oxseforucs=7.10.2-ucs1 samba4=4.10 ucsschool=4.4 v3 4.3/collabora=4.0.3.1 4.3/dudle=1.2.0-1 4.1/nextcloud=15.0.8-0 ============================================================= root@mail:~# ucr search role samba4/role: DC server/role: domaincontroller_slave ============================================================= root@mail:~# dpkg -l '*samba*' Gewünscht=Unbekannt/Installieren/R=Entfernen/P=Vollständi | Status=Nicht/Installiert/Config/U=Entpackt/halb konFigu Halb installiert/Trigger erWartet/Trigger anhäng |/ Fehler?=(kein)/R=Neuinstallation notwendig (Status, Fe ||/ Name Version Architektur +++-=======================-================-============ ii python-samba 2:4.10.1-1A~4.4. amd64 un python2.7-samba <keine> <keine> ii samba 2:4.10.1-1A~4.4. amd64 un samba-ad-dc <keine> <keine> un samba-client <keine> <keine> ii samba-common 2:4.10.1-1A~4.4. all ii samba-common-bin 2:4.10.1-1A~4.4. amd64 ii samba-dsdb-modules 2:4.10.1-1A~4.4. amd64 ii samba-libs:amd64 2:4.10.1-1A~4.4. amd64 un samba-testsuite <keine> <keine> ii samba-vfs-modules 2:4.10.1-1A~4.4. amd64 ii univention-nagios-samba 4.0.1-1A~4.4.0.2 amd64 un univention-samba <keine> <keine> ii univention-samba-local- 13.0.0-7A~4.4.0. all ii univention-samba4 8.0.0-27A~4.4.0. amd64 ii univention-samba4-sysvo 8.0.0-27A~4.4.0. all ============================================================= root@mail:~# ps ax | grep samba 1725 ? Ss 0:00 /bin/sh -c /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1 1726 ? S 0:00 /bin/bash /usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh 1968 pts/0 S+ 0:00 grep samba 21375 ? Ssl 0:00 /usr/sbin/named -c /etc/bind/named.conf.samba4 -f -d 0 22573 ? Ss 0:00 samba: root process 22601 ? S 0:00 samba: task[s3fs_parent] 22602 ? S 0:00 samba: task[dcesrv] 22603 ? S 0:00 samba: tfork waiter process 22604 ? S 0:00 samba: task[wrepl] 22606 ? S 0:00 samba: task[ldapsrv] 22612 ? S 0:00 samba: task[cldapd] 22614 ? S 0:00 samba: conn[kdc_tcp] c[ipv4:127.0.0.1:33616] s[ipv4:127.0.0.1:88] server_id[22614.42] 22619 ? S 0:00 samba: task[dreplsrv] 22620 ? S 0:00 samba: task[winbindd_parent] 22621 ? S 0:00 samba: task[ntp_signd] 22622 ? S 0:00 samba: tfork waiter process 22623 ? S 0:00 samba: task[kccsrv] 22626 ? S 0:00 samba: task[dnsupdate] ============================================================= Now I cannot handle the failed DRS replication on a production system.
I think this happens when the S4-Connector has never been started before.
The server has been running for years with the 'samba4' app installed. Entry in oldest dpkg.log for 'univention-samba4' is from 2018-09-01. It is a central slave in a UCS@school multiserver setup with Samba installed on all server roles. Why would Nagios start sending alarm message "Samba DRS CRITICAL" now, and never before?
"samba-tool drs showrepl" is the primary tool to use here, not univention-s4connector-list-rejected. Resetting "will affect most installed domains" to "will affect very few installed domains", because there is not even a single ticket or link to a forum report linked to at this bug report. I think we require more information about the circumstances from the support case (or forum report) in question.