Samba4 BDC with Samba4 PDC
Mike Howard
mike at dewberryfields.co.uk
Fri Jun 8 10:03:01 MDT 2012
On 05/06/2012 21:39, Daniele Dario wrote:
> On Tue, 2012-06-05 at 13:20 +0100, Mike Howard wrote:
>> On 04/06/2012 19:44, Christian Huldt wrote:
>>> Hi Mike
>>>
>>> On 2012-06-04 09:44, Mike Howard wrote:
>>>> I'll start again today and report all steps and outputs upto the
>>>> point of failure. I know there are others (thread Re: redundant DNS
>>>> setup with bind_dlz possible ?) who are trying to get a similar setup
>>>> so maybe we can get there in the end.
>>>>
>>>> Btw, I did try without a samba DNS backend but, as you implied, it
>>>> was not good.
>>> I have an alpha17 installation that I'm going to upgrade and add a
>>> bdc, so your notes to the mailing list are most appreciated. The
>>> alpha17 installation never got automatic dns updates working...
>>>
<snip>
>> 12. On PDC ran;
>> samba-tool drs showrepl
>> Default-First-Site-Name\NS
>> DSA Options: 0x00000001
>> DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
>> DSA invocationId: 4d9f874b-965e-4e14-afe2-a440e106895e
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:26:15 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 5 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:26:16 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 5 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:26:16 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 5 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:29:22 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 303 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:29:22 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 302 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=mydomain,DC=co,DC=uk
>> Default-First-Site-Name\SHEEVA via RPC
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> Last attempt @ Mon Jun 4 09:29:23 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 302 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: 9d6192cb-3382-42b7-be9a-6c1b1aaa00d9
>> Enabled : TRUE
>> Server DNS name : ns.mydomain.co.uk
>> Server DN name : CN=NTDS
>> Settings,CN=SHEEVA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=co,DC=uk
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> 13. On BDC ran;
>> samba-tool drs showrepl
>> ldb_wrap open of secrets.ldb
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'sasl-DIGEST-MD5' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:sheeva.dewberryfields.co.uk[,seal]
>> Server ldap/SHEEVA.DEWBERRYFIELDS.CO.UK at DEWBERRYFIELDS.CO.UK is not
>> registered with our KDC: Miscellaneous failure (see text): Server
>> (ldap/SHEEVA.DEWBERRYFIELDS.CO.UK at DEWBERRYFIELDS.CO.UK) unknown
>> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
>> NT_STATUS_INVALID_PARAMETER
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x60898235
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x60088235
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x60088235
>> Server ldap/sheeva.dewberryfields.co.uk at DEWBERRYFIELDS.CO.UK is not
>> registered with our KDC: Miscellaneous failure (see text): Server
>> (ldap/sheeva.dewberryfields.co.uk at DEWBERRYFIELDS.CO.UK) unknown
>> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
>> NT_STATUS_INVALID_PARAMETER
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x60898205
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x60088205
>> Default-First-Site-Name\SHEEVA
>> DSA Options: 0x00000001
>> DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
>> DSA invocationId: 35659ded-1952-4064-b73d-d83f58f01be1
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> CN=Configuration,DC=dewberryfields,DC=co,DC=uk
>> Default-First-Site-Name\NS via RPC
>> DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
>> Last attempt @ Mon Jun 4 09:26:43 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 6 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
>> Default-First-Site-Name\NS via RPC
>> DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
>> Last attempt @ Mon Jun 4 09:26:43 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 6 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> DC=dewberryfields,DC=co,DC=uk
>> Default-First-Site-Name\NS via RPC
>> DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
>> Last attempt @ Mon Jun 4 09:26:44 2012 BST failed,
>> result 2 (WERR_BADFILE)
>> 5 consecutive failure(s).
>> Last success @ NTTIME(0)
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>> Connection name: c5b916a7-3c82-410b-b3b8-e85233c1c27a
>> Enabled : TRUE
>> Server DNS name : SHEEVA.dewberryfields.co.uk
>> Server DN name : CN=NTDS
>> Settings,CN=NS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
>> TransportType: RPC
>> options: 0x00000001
>> Warning: No NC replicated for Connection!
<snip>
> Hi Mike,
> I've seen that in points 12 and 13 you have errors in replication of
> basic partitions:
> - DC=dewberryfields,DC=co,DC=uk
> - CN=Configuration,DC=dewberryfields,DC=co,DC=uk
> - CN=Schema,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
>
> As said in other threads by Amitay and A. Bartlett, first thing to
> succeed is to have basic replication working.
>
>
Hi Daniele,
Just so I'm absolutely clear, I now have what appears to me, correct
output from 'showrepl', as below;
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:centos.dewberryfields.co.uk[,seal]
interpret_interface: using netmask value 8 from config file on interface lo
interpret_interface: using netmask value 8 from config file on interface lo
interpret_interface: using netmask value 8 from config file on interface lo
interpret_interface: using netmask value 8 from config file on interface lo
interpret_interface: using netmask value 8 from config file on interface lo
interpret_interface: using netmask value 8 from config file on interface lo
Default-First-Site-Name\CENTOS
DSA Options: 0x00000001
DSA object GUID: 0d93a7a7-ce08-44f2-8506-daee3a257541
DSA invocationId: af255b41-1553-45a0-a021-8c240584e52c
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ Fri Jun 8 16:50:57 2012 BST was successful
0 consecutive failure(s).
Last success @ Fri Jun 8 16:50:57 2012 BST
CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ Fri Jun 8 16:50:58 2012 BST was successful
0 consecutive failure(s).
Last success @ Fri Jun 8 16:50:58 2012 BST
DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ Fri Jun 8 16:50:59 2012 BST was successful
0 consecutive failure(s).
Last success @ Fri Jun 8 16:50:59 2012 BST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 16745f47-cd94-4550-aa0c-1ee59c0acdf8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 6f6589f2-79cc-4fe0-adf9-3e4627c00a14
Enabled : TRUE
Server DNS name : CENTOS.dewberryfields.co.uk
Server DN name : CN=NTDS
Settings,CN=SHEEVA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
So, from the above it appears to me that basic replication is working.
Is that fair to say?
Cheers,
Mike.
--
More information about the samba-technical
mailing list