[Samba] 4th DC Unable to Replicate - WERR_DS_DRA_ACCESS_DENIED
Rowland Penny
rowlandpenny241155 at gmail.com
Mon Oct 5 09:26:23 UTC 2015
On 05/10/15 10:07, L.P.H. van Belle wrote:
> Ai...
>
> This is very dangerous..
> If you accedently install a DC with the same name as your DC with FSMO roles, your big F..d..
>
> Is it an option to add an extra parameter to samba-tool, with something like --override-dc=yes
> So that if this happens exit with an error message your trying to override a existing host and you need to use the extra parameter.
>
> As far as i know, in a pure windows domain, these settings are not deleted when joined, but correcte me if im wrong here.
>
> Greetz,
>
> Louis
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan
>> heupink
>> Verzonden: maandag 5 oktober 2015 10:49
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] 4th DC Unable to Replicate -
>> WERR_DS_DRA_ACCESS_DENIED
>>
>> Dear Marc,
>>
>>
>> On 10/05/2015 10:29 AM, Marc Muehlfeld wrote:
>>
>>> If the DC has the same name, it should be no problem. samba-tool check
>>> for existing entries and removes them before re-adding. Looks like this
>>> then: https://cpaste.org/p2t5huhmm (Line 8-14).
>> I did not know this. I always thought that we cannot simply re-add a new
>> dc using an old (previously used) name. Is this new functionality?
>>
>> MJ
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
I don't think this is a good idea, what if sysadmin 'a' joins a DC
called 'DC2' and then sometime later, sysadmin 'b' comes along, doesn't
know about 'DC2' (and doesn't check) and joins another DC called 'DC2'.
According to what Marc posted, the DC join would just add the new DC
replacing the old one. Surely the join should fail with a big error
'This DC name is already in use'
Rowland
More information about the samba
mailing list