[Samba] Replication Samba PDC to Samba BDC

"David González Herrera - [DGHVoIP]" info at dghvoip.com
Tue Jun 4 00:10:58 MDT 2013


On 6/3/2013 11:57 PM, Giedrius wrote:
> Hi,
>
> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė:
>> Hi,
>>
>> Let's see if any of the questions gets answered or at least I get
>> ponte dto something that can help me.
>>
>> I followed this wiki:
>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain
>>
>> I have my S4 domain running, I compiled and installed another S4 to
>> replicate the first server and joined successfully to the domain but
>> replication seems to be broken.
>>
>> Commandused:
>>
>>
>> root at bdc:~# samba-tool domain join mundo.local DC -Uadministrator
>> --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ
>> Finding a writeable DC for domain 'mundo.local'
>> Found DC samba.mundo.local
>> workgroup is mundo
>> realm is mundo.local
>> checking sAMAccountName
>> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>> Adding
>> CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>> Adding CN=NTDS
>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>> Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>> Setting account password for BDC$
>> Enabling account
>> Calling bare provision
>> No IPv6 address will be assigned
>> Provision OK for domain DN DC=mundo,DC=local
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>> objects[402/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>> objects[804/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>> objects[1206/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>> objects[1550/1550] linked_values[0/0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614]
>> linked_values[28/0]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0]
>> Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=mundo,DC=local
>> Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42]
>> linked_values[0/0]
>> Replicating DC=ForestDnsZones,DC=mundo,DC=local
>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18]
>> linked_values[0/0]
>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18]
>> linked_values[0/0]
>> Committing SAM database
>> Sending DsReplicateUpdateRefs for all the replicated partitions
>> Setting isSynchronized and dsServiceName
>> Setting up secrets database
>> Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as
>> a DC
>>
>> Seemed to have succeded, then I radn the recommended tests
>>
>> # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
>> --cross-ncs objectguid
>> # record 1
>> dn: CN=NTDS
>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>> objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>>
>> # record 2
>> dn: CN=NTDS
>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>> objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>
>> # returned 2 records
>> # 2 entries
>> # 0 referrals
>>
>>
>> These testes run from the BDC seem to work.
>>
>> host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias
>> for samba.mundo.local.
>>
>> host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
>> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias
>> for bdc.mundo.local.
>>
>> root at bdc:~# host -t A bdc.mundo.local.
>> bdc.mundo.local has address 10.10.10.20
>>
>> root at bdc:~# host -t A samba.mundo.local.
>> samba.mundo.local has address 10.10.10.5
>>
>>
>> Error showing up on the BDC
>>
>> dns child failed to find name
>> 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A
>> dreplsrv_notify: Failed to send DsReplicaSync to
>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for
>> CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND
>> : WERR_BADFILE *
> Did you AT LEAST search the mailing list???????
> Check if ping (or any program using GLIBC's *NSS* DNS resolver) can
> resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name
Yes I searched the ML with no luck.

Yes, I did and it works, I had to add 
7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto /etc/hosts 
and it works.

So I thinks it's a DNS issue.

Thanks for your answer.
>> I tried to check replication status but this error shows
>>
>> root at bdc:~# samba-tool drs showrepl
>> Default-First-Site-Name\BDC
>> DSA Options: 0x00000001
>> DSA object GUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>> DSA invocationId: 609fd8be-7e0c-49ca-a5f5-1a68237ef03f
>>
>> ==== INBOUND NEIGHBORS ====
>>
>> DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:43 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  8 consecutive failure(s).
>>                  Last success @ Mon Jun  3 20:35:43 2013 EDT
>>
>> CN=Schema,CN=Configuration,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:43 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  8 consecutive failure(s).
>>                  Last success @ Mon Jun  3 20:35:38 2013 EDT
>>
>> DC=ForestDnsZones,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:42 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  8 consecutive failure(s).
>>                  Last success @ Mon Jun  3 20:35:44 2013 EDT
>>
>> DC=DomainDnsZones,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:42 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  8 consecutive failure(s).
>>                  Last success @ Mon Jun  3 20:35:43 2013 EDT
>>
>> CN=Configuration,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:44 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  9 consecutive failure(s).
>>                  Last success @ Mon Jun  3 20:35:42 2013 EDT
>>
>> ==== OUTBOUND NEIGHBORS ====
>>
>> DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ NTTIME(0) was successful
>>                  0 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>> CN=Schema,CN=Configuration,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:53 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  15 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>> DC=ForestDnsZones,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:53 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  1 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>> DC=DomainDnsZones,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:53 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  1 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>> CN=Configuration,DC=mundo,DC=local
>> Default-First-Site-Name\SAMBA via RPC
>>                  DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>                  Last attempt @ Mon Jun  3 20:58:53 2013 EDT failed,
>> result 2 (WERR_BADFILE)
>>                  15 consecutive failure(s).
>>                  Last success @ NTTIME(0)
>>
>> ==== KCC CONNECTION OBJECTS ====
>>
>> Connection --
>>          Connection name: 6092a1a0-3ad4-495d-a46c-f66e5409cea4
>>          Enabled        : TRUE
>>          Server DNS name : samba.mundo.local
>>          Server DN name  : CN=NTDS
>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>> TransportType: RPC
>>                  options: 0x00000001
>> Warning: No NC replicated for Connection!
>>
>> I would really appreciate AT LEAST some pointer AT LEAST an
>> answerbecause many questions asked here at least by me get ignored so
>> comeon people.
>>
>> Thanks
>>


-- 
David Gonzalez
DGHVoIP
USA: +1.213.632.8479
COL: +57.1.382.6718
COL: +57.4.247.0985
URL: www.dghvoip.com
Skype: davidgonzalezh


More information about the samba mailing list