[Samba] Replication Samba PDC to Samba BDC

Tue Jun 4 00:59:09 MDT 2013

On 6/4/2013 1:28 AM, Giedrius wrote:
> 2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė:
>> On 6/3/2013 11:57 PM, Giedrius wrote:
>>> Hi,
>>>
>>> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė:
>>>> Hi,
>>>>
>>>> Let's see if any of the questions gets answered or at least I get
>>>> ponte dto something that can help me.
>>>>
>>>> I followed this wiki:
>>>> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain
>>>>
>>>> I have my S4 domain running, I compiled and installed another S4 to
>>>> replicate the first server and joined successfully to the domain but
>>>> replication seems to be broken.
>>>>
>>>> Commandused:
>>>>
>>>>
>>>> root at bdc:~# samba-tool domain join mundo.local DC -Uadministrator
>>>> --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ
>>>> Finding a writeable DC for domain 'mundo.local'
>>>> Found DC samba.mundo.local
>>>> workgroup is mundo
>>>> realm is mundo.local
>>>> checking sAMAccountName
>>>> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>>> Adding
>>>> CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>>> Adding CN=NTDS
>>>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>>> Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>>> Setting account password for BDC$
>>>> Enabling account
>>>> Calling bare provision
>>>> No IPv6 address will be assigned
>>>> Provision OK for domain DN DC=mundo,DC=local
>>>> Starting replication
>>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>>> objects[402/1550] linked_values[0/0]
>>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>>> objects[804/1550] linked_values[0/0]
>>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>>> objects[1206/1550] linked_values[0/0]
>>>> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
>>>> objects[1550/1550] linked_values[0/0]
>>>> Analyze and apply schema objects
>>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[402/1614]
>>>> linked_values[0/0]
>>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[804/1614]
>>>> linked_values[0/0]
>>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1206/1614]
>>>> linked_values[0/0]
>>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1608/1614]
>>>> linked_values[0/0]
>>>> Partition[CN=Configuration,DC=mundo,DC=local] objects[1614/1614]
>>>> linked_values[28/0]
>>>> Replicating critical objects from the base DN of the domain
>>>> Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0]
>>>> Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0]
>>>> Done with always replicated NC (base, config, schema)
>>>> Replicating DC=DomainDnsZones,DC=mundo,DC=local
>>>> Partition[DC=DomainDnsZones,DC=mundo,DC=local] objects[42/42]
>>>> linked_values[0/0]
>>>> Replicating DC=ForestDnsZones,DC=mundo,DC=local
>>>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[18/18]
>>>> linked_values[0/0]
>>>> Partition[DC=ForestDnsZones,DC=mundo,DC=local] objects[36/18]
>>>> linked_values[0/0]
>>>> Committing SAM database
>>>> Sending DsReplicateUpdateRefs for all the replicated partitions
>>>> Setting isSynchronized and dsServiceName
>>>> Setting up secrets database
>>>> Joined domain mundo (SID S-1-5-21-1918558401-2200574552-2151153235) as
>>>> a DC
>>>>
>>>> Seemed to have succeded, then I radn the recommended tests
>>>>
>>>> # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
>>>> --cross-ncs objectguid
>>>> # record 1
>>>> dn: CN=NTDS
>>>> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>>> objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>>>>
>>>> # record 2
>>>> dn: CN=NTDS
>>>> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
>>>> objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>>>>
>>>> # returned 2 records
>>>> # 2 entries
>>>> # 0 referrals
>>>>
>>>>
>>>> These testes run from the BDC seem to work.
>>>>
>>>> host -t CNAME ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
>>>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local is an alias
>>>> for samba.mundo.local.
>>>>
>>>> host -t CNAME 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
>>>> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local is an alias
>>>> for bdc.mundo.local.
>>>>
>>>> root at bdc:~# host -t A bdc.mundo.local.
>>>> bdc.mundo.local has address 10.10.10.20
>>>>
>>>> root at bdc:~# host -t A samba.mundo.local.
>>>> samba.mundo.local has address 10.10.10.5
>>>>
>>>>
>>>> Error showing up on the BDC
>>>>
>>>> dns child failed to find name
>>>> 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local' of type A
>>>> dreplsrv_notify: Failed to send DsReplicaSync to
>>>> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local for
>>>> CN=Configuration,DC=mundo,DC=local - *NT_STATUS_OBJECT_NAME_NOT_FOUND
>>>> : WERR_BADFILE *
>>> Did you AT LEAST search the mailing list???????
>>> Check if ping (or any program using GLIBC's *NSS* DNS resolver) can
>>> resolve your 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name
>> Yes I searched the ML with no luck.
>>
>> Yes, I did and it works, I had to add
>> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto /etc/hosts
>> and it works.
>>
>> So I thinks it's a DNS issue.
> Not exactly, as I wrote in my other posts to mailing list, this is
> glibc's nss dns resolvers'  (libnss_dns.so) issue that is ignoring
> hostnames with "_" (*_*msdcs)
Ok, then we'll have to wait for a patch to glibc, weird thing is that on 
the master PDC with BIND_DLZ as backend there's no problem at all. So 
excuse my ignorance when it comes to that.

Thanks again mate.
>> Thanks for your answer.


-- 
David Gonzalez
DGHVoIP
USA: +1.213.632.8479
COL: +57.1.382.6718
COL: +57.4.247.0985
URL: www.dghvoip.com
Skype: davidgonzalezh