Got it!
Description:
Certain Services (Samba, phpldapadmin, NextcloudâŠ) failed. User could not log in. The Failure occurred exact 20 min after each reboot or reset of dnsmsq
Mode:
LDAP / AD was not reachable due to a secondary domain controller which IP was changed. Samba AD / LDAP database pointed to an unreachable IP. Some script running in the background?
Further symptom.
ping ad.mydomain.tld
gave a wrong IP after 20 min, in the first 20 min it was correct!
Workarrounds (not preferred):
- Use Nethserver AD IP (ldaps://xxx.yyy.zzz.aaa) instead of (Ldaps://ad.mydomain.tld)
- apply
systemctl restart dnsmasq
every 15 min eg. using crontab
Solution:
Remove secondary domain controller from Nethserver AD domain (and rejoin with correct IP, if desired).
Therefefore, jump into the AD Containter (to be done as root):
systemd-run -M nsdc -t /bin/bash
Demote the DC according to https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC. In my case, the DC was offline, so I decided to demote an offline DC according to this here:
samba-tool domain demote --remove-other-dead-server=zentyal-ca.ad.mydomain.tld
leave the container
exit
reboot the system#
reboot
Trails not to reprocess:
Do not use phpldapadmin to remove the server - yes it is removed, but the host-DB within samba is unchanged increasing even the problem or leading to wrong conclusions.
Trails not tried - on my list if previously described solution would have not worked:
Some other remote admin tools such has RSAT, maybe ldapadmin may work, (imo most promissing) admin-tools https://appimage.github.io/admin-tools/âŠ
Best regards
Thorsten
PS.: That business was a Garfields Monday the 13th to me âŠ