[Samba] Samab DC's not syncing

Nico De Ranter nico.deranter at esaturnus.com
Fri Jan 15 07:47:54 UTC 2016 

Turned out at least part of the problem was due to the missing sysvol
replication.  Apparently I missed that this is important when using GPO's
:-)

However, when I now do a samba-tool ldapcmp I see there is still a
difference in the DOMAIN section altough it is shown as 'SUCCESS'.  Why
would that be?

root at dc2:~# samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
--filter=msDS-NcType,serverState,subrefs
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
added interface ens160 ip=192.168.2.6 bcast=192.168.7.255
netmask=255.255.248.0
added interface ens160 ip=192.168.2.6 bcast=192.168.7.255
netmask=255.255.248.0
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [OFFICE\administrator]:
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection
added interface ens160 ip=192.168.2.6 bcast=192.168.7.255
netmask=255.255.248.0
added interface ens160 ip=192.168.2.6 bcast=192.168.7.255
netmask=255.255.248.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection

* Comparing [DOMAIN] context...

* DN lists have different size: 400 != 399
    CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
    CN=NICO-VM,CN=Computers,DC=win,DC=office
    CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office

* Objects to be compared: 398

* Result for [DOMAIN]: SUCCESS

* Comparing [CONFIGURATION] context...

* Objects to be compared: 1615

* Result for [CONFIGURATION]: SUCCESS

* Comparing [SCHEMA] context...

* Objects to be compared: 1550

* Result for [SCHEMA]: SUCCESS

* Comparing [DNSDOMAIN] context...

* Objects to be compared: 56

* Result for [DNSDOMAIN]: SUCCESS

* Comparing [DNSFOREST] context...

* Objects to be compared: 18

* Result for [DNSFOREST]: SUCCESS


On Thu, Jan 14, 2016 at 4:46 PM, Nico De Ranter <nico.deranter at esaturnus.com
> wrote:

>
> Hi,
>
> I am running a Windows Domain based on 2 Samba AD servers.  The setup is
> running mostly fine but I have the impression that the 2 DC's are not
> syncing their information. For instance:
> - I added a Windows pc to the domain last week, when I started 'Active
> directory users and computers' today on a windows pc I could not see that
> pc, after rebooting one of the DC's the pc suddenly appeared
> - I configured a group policy (using RSAT on a Windows pc).  When I force
> a group policy update on another windows pc after more than 1 hour,
> gpupdate complains it can't access some files. Again rebooting one of the
> DC's fixed this.
>
> I tried running:
>
>   samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
> --filter=msDS-NcType,serverState,subrefs
>
> But it doesn't show any issues (but I did that after the reboot).
>
> Is there any way to force an update between 2 samba dc's?
>
> Nico
>
>
> --
> Nico De Ranter
>
> Operations Engineer
>
> T. +32 16 40 12 82
>
> M. +32 497 91 53 78
>
>
> <http://www.esaturnus.com>
>
> eSATURNUS
> Romeinse straat 12
> 3001 Leuven – Belgium
>
> T. +32 16 40 12 82
> F. +32 16 40 84 77
> www.esaturnus.com
>
>
>
>
>
> <http://www.esaturnus.com/>
>



-- 
Nico De Ranter

Operations Engineer

T. +32 16 40 12 82

M. +32 497 91 53 78


<http://www.esaturnus.com>



eSATURNUS
Romeinse straat 12
3001 Leuven – Belgium

T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com





<http://www.esaturnus.com/>

More information about the samba mailing list