[Samba] Problems with W2K8R2 <-> S4 replication&In-Reply-To=<3CAANLkTinI5dNytlNIojooTiaPcD2FPapnsBFo7Mfxuyi9 at mail.gmail.com>
Dmitry A. Khromov
da3m0n at mail.ru
Sun May 23 11:32:07 MDT 2010
Michael Wood <esiotrot at gmail.com> wrote:
>I am not sure if this is the problem, but make sure the time is
>correct on both machines. I got what I think were similar errors when
>my VM decided to get 2 hours out of sync with reality.
Time is synchronized via NTP and kinit works fine, however, I've done
ntpdate with dc0 for sure:
dc1 samba # ntpdate dc0.klin.kifato-mk.com
23 May 20:37:21 ntpdate[28533]: adjust time server 192.168.1.22 offset
-0.016606 sec
Also I've noticed that after successful initial (first run after net
vampire) DNS records update I get the following in my samba.log:
--------------------------------------
dc1 samba # cat var/samba.log | grep -A 2 -B 1 TSIG
[Sun May 23 14:02:18 2010 MSD, 0
../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
/usr/local/samba/sbin/samba_dnsupdate: ; TSIG error with server: tsig
verify failure
[Sun May 23 14:02:18 2010 MSD, 0
../../lib/util/util_runcmd.c:288:samba_runcmd_io_handler()]
/usr/local/samba/sbin/samba_dnsupdate: update failed: REFUSED
----------[output truncated]----------
Also, I've tried to rejoin Samba (by deleting /usr/local/samba entirely,
invoking "metadata cleanup" in ntdsutil, deleting computer object in AD
U&C and cleaning up DNS entries), result is slightly different - the log
still floods with errors (more than 6 hours already). And yes, at least
part of replication is working - I may modify users/computers objects in
AD U&C and the changes will be synchronized in tens of seconds. However
- I still want to try Samba as the only DC in domain (and need to
transfer roles before demoting dc0).
More information about the samba
mailing list