Univention Bugzilla – Bug 41167
100% CPU for samba (dreplsrv) due to UCS@school Slave accounts left over in Master Samba/AD
Last modified: 2019-12-03 09:51:33 CET
Ticket#2016042721000409 reported 100% CPU consumed samba (dreplsrv) due to Slave accounts left over in the Samba/AD account database on the UCS@school Master. I guess this is a common issue to all UCS@school Multiserver setups with Samba4 on the Master which used the UCS@school wizard to setup School DCs. To do this, the DC Slave needs to be joined already. If univention-samba4 has already been installed on the DC Slave during installation time, then it also joins into the Master Samba/AD *and* is recognized by the DC Master as a partner for DRS replication. This is not disabled during installation of ucs-school-slave and secondary join of the Slave. In the case of the given ticket we did this on the Master: ============================================ ldbrename -H /var/lib/samba/private/sam.ldb \ 'CN=S01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=base' \ 'CN=S01,CN=Servers,CN=S01,CN=Sites,CN=Configuration,DC=base' ldbdel -H /var/lib/samba/private/sam.ldb \ 'CN=NTDS Settings,CN=S01,CN=Servers,CN=S01,CN=Sites,CN=Configuration,DC=base' \ --recursive samba-tool drs kcc ============================================ After that samba (dreplsrc) stopped torturing the Master. The first step is purely cosmetic. Probably we could have simply done this: ============================================ ldbdel -H /var/lib/samba/private/sam.ldb \ 'CN=S01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=base' \ --recursive ldbdel -H /var/lib/samba/private/sam.ldb \ CN=S01,OU=Domain Controllers,DC=base \ --recursive samba-tool drs kcc ============================================
Will be fixed due to Bug #41168. *** This bug has been marked as a duplicate of bug 41168 ***
ok