[Samba] Replication Samba PDC to Samba BDC
Giedrius
giedrius+samba at su.lt
Tue Jun 4 00:28:45 MDT 2013
2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė:
> On 6/3/2013 11:57 PM, Giedrius wrote:
>> Hi,
>>
>> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė:
>>> Hi,
>>>
>>> Let's see if any of the questions gets answered or at least I get
>>> ponte dto something that can help me.
>>>
>>> I followed this wiki:
>>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain
>>>
>>> I have my S4 domain running, I compiled and installed another S4 to
>>> replicate the first server and joined successfully to the domain but
>>> replication seems to be broken.
>>>
>>> Commandused:
>>>
>>>
>>> root at bdc:~# samba-tool domain join mundo.local DC -Uadministrator
>>> --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ
>>> Finding a writeable DC for domain 'mundo.local'
>>> Found DC samba.mundo.local
>>> workgroup is mundo
>>> realm is mundo.local
>>> checking sAMAccountName
>>> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>> Adding
>>> CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>> Adding CN=NTDS
>>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>> Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>> Setting account password for BDC$
>>> Enabling account
>>> Calling bare provision
>>> No IPv6 address will be assigned
>>> Provision OK for domain DN DC=mundo,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>> objects[402/1550] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>> objects[804/1550] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>> objects[1206/1550] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>> objects[1550/1550] linked_values[0/0]
>>> Analyze and apply schema objects
>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614]
>>> linked_values[0/0]
>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614]
>>> linked_values[0/0]
>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614]
>>> linked_values[0/0]
>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614]
>>> linked_values[0/0]
>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614]
>>> linked_values[28/0]
>>> Replicating critical objects from the base DN of the domain
>>> Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0]
>>> Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0]
>>> Done with always replicated NC (base, config, schema)
>>> Replicating DC=DomainDnsZones,DC=mundo,DC=local
>>> Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42]
>>> linked_values[0/0]
>>> Replicating DC=ForestDnsZones,DC=mundo,DC=local
>>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18]
>>> linked_values[0/0]
>>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18]
>>> linked_values[0/0]
>>> Committing SAM database
>>> Sending DsReplicateUpdateRefs for all the replicated partitions
>>> Setting isSynchronized and dsServiceName
>>> Setting up secrets database
>>> Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as
>>> a DC
>>>
>>> Seemed to have succeded, then I radn the recommended tests
>>>
>>> # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
>>> --cross-ncs objectguid
>>> # record 1
>>> dn: CN=NTDS
>>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>> objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>>>
>>> # record 2
>>> dn: CN=NTDS
>>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>> objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>>
>>> # returned 2 records
>>> # 2 entries
>>> # 0 referrals
>>>
>>>
>>> These testes run from the BDC seem to work.
>>>
>>> host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
>>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias
>>> for samba.mundo.local.
>>>
>>> host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
>>> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias
>>> for bdc.mundo.local.
>>>
>>> root at bdc:~# host -t A bdc.mundo.local.
>>> bdc.mundo.local has address 10.10.10.20
>>>
>>> root at bdc:~# host -t A samba.mundo.local.
>>> samba.mundo.local has address 10.10.10.5
>>>
>>>
>>> Error showing up on the BDC
>>>
>>> dns child failed to find name
>>> 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A
>>> dreplsrv_notify: Failed to send DsReplicaSync to
>>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for
>>> CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND
>>> : WERR_BADFILE *
>> Did you AT LEAST search the mailing list???????
>> Check if ping (or any program using GLIBC's *NSS* DNS resolver) can
>> resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name
> Yes I searched the ML with no luck.
>
> Yes, I did and it works, I had to add
> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto /etc/hosts
> and it works.
>
> So I thinks it's a DNS issue.
Not exactly, as I wrote in my other posts to mailing list, this is
glibc's nss dns resolvers' (libnss_dns.so) issue that is ignoring
hostnames with "_" (*_*msdcs)
>
> Thanks for your answer.
>>> I tried to check replication status but this error shows
>>>
>>> root at bdc:~# samba-tool drs showrepl
>>> Default-First-Site-Name\BDC
>>> DSA Options: 0x00000001
>>> DSA object GUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>>> DSA invocationId: 609fd8be-7e0c-49ca-a5f5-1a68237ef03f
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:43 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 8 consecutive failure(s).
>>> Last success @ Mon Jun 3 20:35:43 2013 EDT
>>>
>>> CN=Schema,CN=Configuration,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:43 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 8 consecutive failure(s).
>>> Last success @ Mon Jun 3 20:35:38 2013 EDT
>>>
>>> DC=ForestDnsZones,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:42 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 8 consecutive failure(s).
>>> Last success @ Mon Jun 3 20:35:44 2013 EDT
>>>
>>> DC=DomainDnsZones,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:42 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 8 consecutive failure(s).
>>> Last success @ Mon Jun 3 20:35:43 2013 EDT
>>>
>>> CN=Configuration,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:44 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 9 consecutive failure(s).
>>> Last success @ Mon Jun 3 20:35:42 2013 EDT
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:53 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 15 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=ForestDnsZones,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:53 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 1 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:53 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 1 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=mundo,DC=local
>>> Default-First-Site-Name\SAMBA via RPC
>>> DSA object GUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>> Last attempt @ Mon Jun 3 20:58:53 2013 EDT failed,
>>> result 2 (WERR_BADFILE)
>>> 15 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Connection --
>>> Connection name: 6092a1a0-3ad4-495d-a46c-f66e5409cea4
>>> Enabled : TRUE
>>> Server DNS name : samba.mundo.local
>>> Server DN name : CN=NTDS
>>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>> TransportType: RPC
>>> options: 0x00000001
>>> Warning: No NC replicated for Connection!
>>>
>>> I would really appreciate AT LEAST some pointer AT LEAST an
>>> answerbecause many questions asked here at least by me get ignored so
>>> comeon people.
>>>
>>> Thanks
>>>
>
>
> --
> David Gonzalez
> DGHVoIP
> USA: +1.213.632.8479
> COL: +57.1.382.6718
> COL: +57.4.247.0985
> URL: www.dghvoip.com
> Skype: davidgonzalezh
More information about the samba
mailing list