status of credential replication on RODC
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Fri Mar 21 11:47:04 MDT 2014
Hi everyone,
I was wondering what was the status of the prelod of credentials on
RODC. I did a test setup with a clean 4.1.6 srvads install and a clean
4.1.6 srvrodc install, replication and DNS are working fine on the RODC.
However when trying to preload an account on the DC, I had the following
error.
[root at srvrodc.dcard ~]# samba-tool rodc preload administrator
--server=srvrodc.dcardon.local -U Administrator
Password for [DCARDON\Administrator]:
Replicating DN CN=Administrator,CN=Users,DC=dcardon,DC=local
ERROR(<type 'exceptions.TypeError'>): uncaught exception - __init__()
takes exactly 6 arguments (5 given)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/rodc.py",
line 94, in run
repl = drs_Replicate("ncacn_ip_tcp:%s[seal,print]" % server, lp,
creds, local_samdb)
A transaction is still active in ldb context [0x95039b8] on
tdb:///usr/local/samba/private/sam.ldb
Searching the mailing list, there was a patch from Michael Brown
https://lists.samba.org/archive/samba-technical/2013-November/096322.html .
That patch seems to correct the python missing parameter error, however
I have a WERR_DS_DRA_SOURCE_DISABLED error afteward :
[root at srvrodc.dcard ~]# samba-tool rodc preload ykarmouta
--server=srvrodc.dcardon.local -U administrator
Password for [DCARDON\administrator]:
Replicating DN CN=ykarmouta,CN=Users,DC=dcardon,DC=local
ERROR(runtime): Error replicating DN
CN=ykarmouta,CN=Users,DC=dcardon,DC=local - (8456,
'WERR_DS_DRA_SOURCE_DISABLED')
However samba-tool tells me replications is ok on the main DC
[root at srvads.dcard ~]# samba-tool drs options
Current DSA options: IS_GC
[root at srvrodc.dcard ~]# samba-tool drs options
Current DSA options: IS_GC, DISABLE_OUTBOUND_REPL
Both servers are in version 4.1.6
[root at srvrodc.dcard ~]# samba --version
Version 4.1.6
As per
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Joining_a_domain_as_a_RODC_.28Status_for_a_work_in_progress.29
I added the user to the "Allowed RODC Password Replication Group" and
added the accounts in the "Password Replication Policy" tab of the RODC
property windows.
Pushing the sync throught RSAT doesn't work either and fail.
There are people on the list that seems to have been able to make it
works, I just wanted to know if there are other things that I should be
aware of to get it working.
Thanks, and carry on the great work!
Denis and Yvan
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba-technical
mailing list