[Samba-it] problemi di replica WERR_DS_DRA_ACCESS_DENIED
Giuseppe Arvati
giuseppe.arvati at gmail.com
Fri Nov 23 13:47:27 UTC 2018
Il 23/11/2018 11:14, Daniele Piccoli ha scritto:
> Il 23/11/2018 10:59, Giuseppe Arvati ha scritto:
>>>
>>> _______________________________________________
>>> samba-it mailing list
>>> samba-it at lists.samba.org
>>> http://lists.samba.org/cgi-bin/mailman/listinfo/samba-it
>>>
>>
>> sembra tutto ok
>>
>>
>> [root at dc1ucp ~]# host -t A dc1ucp.apam-ad.apam.it.
>> dc1ucp.apam-ad.apam.it has address 10.2.2.12
>> [root at dc1ucp ~]# host -t A dc1piopp.apam-ad.apam.it.
>> dc1piopp.apam-ad.apam.it has address 10.1.1.4
>> [root at dc1ucp ~]# host -t A apamfs2.apam-ad.apam.it.
>> apamfs2.apam-ad.apam.it has address 10.1.1.2
>> [root at dc1ucp ~]# ldbsearch -H /usr/local/samba/private/sam.ldb
>> '(invocationId=*)
>> ' --cross-ncs objectguid
>> schema_fsmo_init: we are master[no] updates allowed[no]
>> # record 1
>> dn: CN=NTDS
>> Settings,CN=DC1UCP,CN=Servers,CN=uff-ucp-mn,CN=Sites,CN=Configuratio
>>
>> n,DC=apam-ad,DC=apam,DC=it
>> objectGUID: 3d8598b8-1c3d-4509-b775-d7e1d33c2546
>>
>> # record 2
>> dn: CN=NTDS
>> Settings,CN=DC1PIOPP,CN=Servers,CN=apamsede,CN=Sites,CN=Configuratio
>>
>> n,DC=apam-ad,DC=apam,DC=it
>> objectGUID: 1abf9afd-8882-48a0-8be1-1bd6ebd63898
>>
>> # record 3
>> dn: CN=NTDS
>> Settings,CN=APAMFS2,CN=Servers,CN=apamsede,CN=Sites,CN=Configuration
>>
>> ,DC=apam-ad,DC=apam,DC=it
>> objectGUID: fa93022c-b204-4f74-bc44-176ab767cf54
>>
>> # returned 3 records
>> # 3 entries
>> # 0 referrals
>> [root at dc1ucp ~]# host -t CNAME
>> fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it.
>> fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it is an alias
>> for apamfs2.apam-ad.apam.it.
>> [root at dc1ucp ~]# host -t CNAME
>> 1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it.
>> 1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it is an alias
>> for dc1piopp.apam-ad.apam.it.
>> [root at dc1ucp ~]# host -t CNAME
>> 3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it.
>> 3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it is an alias
>> for DC1UCP.apam-ad.apam.it.
>
> Ok, hai fatto le stesse verifiche anche sui DC del sito 1?
>
no !!
fatto subito il controllo sul sito1 e sembra tutto ok
sito1 ( apamsede)
dc1piopp
[root at dc1piopp ~]# ldbsearch -H /usr/local/samba/private/sam.ldb
'(invocationId
=*)
' --cross-n
cs objectguid
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=NTDS
Settings,CN=DC1UCP,CN=Servers,CN=uff-ucp-mn,CN=Sites,CN=Configuratio
n,DC=apam-ad,DC=apam,DC=it
objectGUID: 3d8598b8-1c3d-4509-b775-d7e1d33c2546
# record 2
dn: CN=NTDS
Settings,CN=DC1PIOPP,CN=Servers,CN=apamsede,CN=Sites,CN=Configuratio
n,DC=apam-ad,DC=apam,DC=it
objectGUID: 1abf9afd-8882-48a0-8be1-1bd6ebd63898
# record 3
dn: CN=NTDS
Settings,CN=APAMFS2,CN=Servers,CN=apamsede,CN=Sites,CN=Configuration
,DC=apam-ad,DC=apam,DC=it
objectGUID: fa93022c-b204-4f74-bc44-176ab767cf54
# returned 3 records
# 3 entries
# 0 referrals
[root at dc1piopp ~]# host -t CNAME
fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it.
fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it is an alias
for apamfs2.apam-ad.apam.it.
[root at dc1piopp ~]# host -t CNAME
1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it.
1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it is an alias
for dc1piopp.apam-ad.apam.it.
[root at dc1piopp ~]# host -t CNAME
3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it.
3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it is an alias
for DC1UCP.apam-ad.apam.it.
[root at dc1piopp ~]# host -t A dc1ucp.apam-ad.apam.it.
dc1ucp.apam-ad.apam.it has address 10.2.2.12
[root at dc1piopp ~]# host -t A dc1piopp.apam-ad.apam.it.
dc1piopp.apam-ad.apam.it has address 10.1.1.4
[root at dc1piopp ~]# host -t A apamfs2.apam-ad.apam.it.
apamfs2.apam-ad.apam.it has address 10.1.1.2
apamfs2
[root at apamfs2 ~]# host -t A dc1ucp.apam-ad.apam.it.
dc1ucp.apam-ad.apam.it has address 10.2.2.12
[root at apamfs2 ~]# host -t A dc1piopp.apam-ad.apam.it.
dc1piopp.apam-ad.apam.it has address 10.1.1.4
[root at apamfs2 ~]# host -t A apamfs2.apam-ad.apam.it.
apamfs2.apam-ad.apam.it has address 10.1.1.2
[root at apamfs2 ~]# ldbsearch -H /usr/local/samba/private/sam.ldb
'(invocationId=*)
' --cross-ncs objectguid
# record 1
dn: CN=NTDS
Settings,CN=DC1UCP,CN=Servers,CN=uff-ucp-mn,CN=Sites,CN=Configuration,DC=apam-ad,DC=apam,DC=it
objectGUID: 3d8598b8-1c3d-4509-b775-d7e1d33c2546
# record 2
dn: CN=NTDS
Settings,CN=DC1PIOPP,CN=Servers,CN=apamsede,CN=Sites,CN=Configuration,DC=apam-ad,DC=apam,DC=it
objectGUID: 1abf9afd-8882-48a0-8be1-1bd6ebd63898
# record 3
dn: CN=NTDS
Settings,CN=APAMFS2,CN=Servers,CN=apamsede,CN=Sites,CN=Configuration,DC=apam-ad,DC=apam,DC=it
objectGUID: fa93022c-b204-4f74-bc44-176ab767cf54
# returned 3 records
# 3 entries
# 0 referrals
[root at apamfs2 ~]# host -t CNAME
fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it.
fa93022c-b204-4f74-bc44-176ab767cf54._msdcs.apam-ad.apam.it is an alias
for apamfs2.apam-ad.apam.it.
[root at apamfs2 ~]# host -t CNAME
1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it.
1abf9afd-8882-48a0-8be1-1bd6ebd63898._msdcs.apam-ad.apam.it is an alias
for dc1piopp.apam-ad.apam.it.
[root at apamfs2 ~]# host -t CNAME
3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it.
3d8598b8-1c3d-4509-b775-d7e1d33c2546._msdcs.apam-ad.apam.it is an alias
for DC1UCP.apam-ad.apam.it.
[root at apamfs2 ~]# ^C
Sembra tutto ok come nel sito 2
Giuseppe
More information about the samba-it
mailing list