[Samba] Samba DC sync issues - help

Nico De Ranter nico.deranter at esaturnus.com
Mon Jan 18 14:57:25 UTC 2016 

Hi Louis,

Rebooted DC1
Rebooted DC2
Ran "samba-tool drs replicate dc1 dc2 DC=win,DC=office"
Replicate from dc2 to dc1 was successful.

Unfortunately samba-check-db-repl.sh seems to be hanging when doing 'kinit
Administrator ' (if seems ' echo"pwd" | kinit Administrator' doesn't seem
to manage to pass on the password for some reason)
However when I now run an ldapcmp I see success everywhere.  When I update
something via Windows and run ldapcmp afterwards everything is still ok.

So either the reboot of dc1 fixed it (I didn't try that before as it was
the one running my whole network as dc2 was down) or the reverse replicate
fixed it (am I totaly misunderstaning 'samba-tool drs replcate destination
source' or is the manual wrong?)

Thank you very much for your help!

Nico

On Mon, Jan 18, 2016 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:

> Hai,
>
> Reboot both servers first, DC1 and wait until its fully up, then reboot
> DC2, and run the replicate again but now like this :
>
> samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office
>
> report if this worked.
>
> And check with this one, you can run it on any samba DC.
> https://secure.bazuin.nl/scripts/samba-check-db-repl.sh
>
> configure it, and run it, and report back.
> For the configure, NT_ADMIN_USER/PASS is sufficient.
> And set CONFIGURED to yes
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter
> > Verzonden: maandag 18 januari 2016 11:34
> > Aan: samba
> > Onderwerp: [Samba] Samba DC sync issues - help
> >
> > Help, my Samba DC's refuse to sync :-(
> >
> > I have 2 Samba 4.1.17 DC servers.  I made some changes via Active
> > Directory
> > USer and Computers on Windows.  However even after a weekend the changes
> > do
> > not appear on the second DC.
> >
> > If I run
> > samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
> > --filter=msDS-NcType,serverState,subrefs
> >
> > I see:
> >
> > ************************************************************
> >
> > Password for [OFFICE\administrator]:
> >
> > * Comparing [DOMAIN] context...
> >
> > * DN lists have different size: 397 != 396
> >     CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
> >     CN=NICO-VM,CN=Computers,DC=win,DC=office
> >     CN=dcim,CN=Computers,DC=win,DC=office
> >     CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
> >     CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office
> >
> > * Objects to be compared: 394
> > Comparing:
> > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1]
> > 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2]
> >     Difference in attribute values:
> >         homeDirectory =>
> > ['\\\\storage\\virtpc']
> > ['\\\\storage.office\\virtpc']
> >     FAILED
> > ...[snip removed lots of similar errors for all other users]...
> >
> > * Result for [DOMAIN]: FAILURE
> >
> > SUMMARY
> > ---------
> >
> > Attributes with different values:
> >
> >     homeDirectory
> >
> > Attributes found only in ldap://dc2:
> >
> >     description
> >
> > * Comparing [CONFIGURATION] context...
> >
> > * Objects to be compared: 1615
> >
> > * Result for [CONFIGURATION]: SUCCESS
> >
> > * Comparing [SCHEMA] context...
> >
> > * Objects to be compared: 1550
> >
> > * Result for [SCHEMA]: SUCCESS
> >
> > * Comparing [DNSDOMAIN] context...
> >
> > * Objects to be compared: 56
> >
> > * Result for [DNSDOMAIN]: SUCCESS
> >
> > * Comparing [DNSFOREST] context...
> >
> > * Objects to be compared: 18
> >
> > * Result for [DNSFOREST]: SUCCESS
> > ERROR: Compare failed: -1
> >
> > *************************************************************************
> >
> > Running a manual replication seems to work fine:
> > samba-tool drs replicate dc2 dc1 DC=win,DC=office
> > Replicate from dc1 to dc2 was successful.
> >
> > However nothing changes, when I do an ldapcmp I still see the same
> errors.
> > What am I doing wrong? (Note: the clocks are synchronised)  I've been
> > trying to solve this for a week now but I cannot figure out what is going
> > wrong.
> >
> > Nico
> >
> >
>

-- 
Nico De Ranter

Operations Engineer

T. +32 16 40 12 82

M. +32 497 91 53 78


<http://www.esaturnus.com>



eSATURNUS
Romeinse straat 12
3001 Leuven – Belgium

T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com





<http://www.esaturnus.com/>

More information about the samba mailing list