[Samba] Replication problems bdc to pdc
Jiří Knotek
jiri.knotek at gemapce.cz
Mon Dec 11 20:59:58 UTC 2017
Hello Rowland,
thank You for a quick response.
On 11. 12. 2017 15:48, Rowland Penny via samba wrote:
> On Mon, 11 Dec 2017 14:33:48 +0100
> Jiří Knotek via samba<samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> Replication from backup Active Directory Domain Controler to primary
>> Active Directory Domain Controler does not work, reporting error '
>> WERR_BADFILE '. The reverse works.
> You do not have a backup AD DC, or a primary AD DC, you just have two
> AD DCs
OK, thank you for correcting the nomenclature
>> * Linux: Raspbian, debian stretch lite
>> * Samba version 4.5.12-Debian
>> * DNS: BIND9_DLZ 9.10.x
>> * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>> samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>
>> root at ry11citdc:~# samba-tool drs replicate_ry11citsdc_ ry11citdc dc=ry11cit,dc=local
>> Replicate from ry11citdc to ry11citsdc was successful.
>> root at ry11citdc:~# samba-tool drs replicate ry11citdc_ry11citsdc_ dc=ry11cit,dc=local
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)
>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
> There is something strange here, you seem to be running the commands on
> the same DC, the first time it works, then it cannot find the command,
> then after you switched the order of the DCs to replicate to & from,
> it throws an error
I copied it badly, I corrected it. The second command demonstrates
malfunctioning replication.
>
>
>> First Active Directory Domain Controler:
>>
>> krb5.conf:
>>
>> [libdefaults]
>> default_realm = RY11CIT.LOCAL
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
> You only need the above
OK, i corrected it.
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
> You haven't set any forwarders.
My network has only 10 stations and can not access the Internet. I just
need Windows domain users. Bind9 I chose for future use.
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITDC
>> realm = RY11CIT.LOCAL
>> workgroup = RY11CIT
>> server role = active directory domain controller
>>
> Why haven't you got a 'server services' line ?
> you should have if you are using Bind9
Because of
"https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they
write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap
cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /".
But according to
"https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC"
here I will add "server services = -dns". It is correct?
>
>
>> Another (Standby) Active Directory Domain Controler:
> What do mean by 'standby' ?
Standby server is an expression using SCADA / HMI SW CitectSCADA. It's a
DC backup, here one DC.
>> krb5.conf:
>>
>> [libdefaults]
>> default_realm = RY11CIT.LOCAL
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
> You only need the above
OK, i corrected it.
>
>
>> [realms]
> named.conf.options:-----------------------
>> options {
>> directory "/var/cache/bind";
>>
>> dnssec-validation auto;
>>
>> auth-nxdomain no; # conform to RFC1035
>> listen-on-v6 { none; };
>> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
> Still no forwarders
My network has only 10 stations and can not access the Internet. I just
need Windows domain users. Bind9 I chose for future use.
>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>> netbios name = RY11CITSDC
>> realm = RY11CIT.LOCAL
>> workgroup = RY11CIT
>>
>> server role = active directory domain controller
>>
> Again there is no 'server services' line
Because of
"https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they
write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap
cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /".
But according to
"https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC"
here I will add "server services = -dns". It is correct?
>
>
> Finally, I see that you are not aware that using '.local' is a bad
> idea.
My network has only 10 stations and can not access the Internet. I
thought that .local is just a name. Do you recommend a different name?
>
> Rowland
>
>
Unfortunately, the changes made did not correct replication from
ry11citsdc to ry11citdc. Do you have any other advice or do you need
more information?
Thanks J.Knotek
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>
More information about the samba
mailing list