[Samba] Global Catalog replication error to win 2008

Matthieu Patou mat at samba.org
Mon Apr 29 22:27:58 MDT 2013 

On 04/29/2013 04:30 PM, Fred Geo wrote:
> Hi all,
>
> Running Samba 4.0.0apha18 with good results but getting an error when I attempt to replicate the Global Catalog to a Windows 2008 Machine.
>
> Samba machine = DC1
> Windows 2008 machine = DC0
>
> samba-tool Showrepl result:
>
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 05c3c860-0a0d-4672-a39e-a212ccb0ce9c
> DSA invocationId: abb0cab3-13d3-456c-8a16-e65a4855a2df
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:53 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:53 2013 MDT
>
> DC=DomainDnsZones,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:54 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:54 2013 MDT
>
> DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:54 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:54 2013 MDT
>
> CN=Schema,CN=Configuration,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:55 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:55 2013 MDT
>
> CN=Configuration,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:55 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:55 2013 MDT
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:34 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:34 2013 MDT
>
> DC=DomainDnsZones,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:15:34 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:15:34 2013 MDT
>
> DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 17:02:31 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 17:02:31 2013 MDT
>
> CN=Schema,CN=Configuration,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 15:45:34 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 15:45:34 2013 MDT
>
> CN=Configuration,DC=mydomain,DC=local
>          Default-First-Site-Name\DC0 via RPC
>                  DSA object GUID: 2f9a5ed0-165e-4e2f-a1e4-9814baaea7cb
>                  Last attempt @ Mon Apr 29 15:45:34 2013 MDT was successful
>                  0 consecutive failure(s).
>                  Last success @ Mon Apr 29 15:45:34 2013 MDT
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
>          Connection name: adcd1e5f-3336-42b5-acfb-2b308c9a83bc
>          Enabled        : TRUE
>          Server DNS name : DC1.mydomain.local
>          Server DN name  : CN=NTDS Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local
>                  TransportType: RPC
>                  options: 0x00000001
> Warning: No NC replicated for Connection!

Pay more attention to the 0 consecutive failure, the last error is not 
really one, it's just because we don't set some bits still it *should* 
be harmless
>
>
> samba-tool drs replicate DC0 DC1 returns:
>
> Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -  <00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1772> <>
> Failed to connect to 'ldap://DC0' with backend 'ldap': (null)
> ERROR(ldb): LDAP connection to DC0 failed - None
You have to specify an account for doing this, use -U administrator for 
instance


> Very much a newbie,  and I jumped in with both feet any help you could provide is very much appreciated!!
>
> Thanks!
> - Fred

Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list