[Samba] Replication Samba PDC to Samba BDC
Ricky Nance
ricky.nance at gmail.com
Tue Jun 4 07:35:17 MDT 2013
@Giedrius
"Not exactly, as I wrote in my other posts to mailing list, this is glibc's
nss dns resolvers' (libnss_dns.so) issue that is ignoring hostnames with
"_" (*_*msdcs)"
Which OS's does that affect?
@David, Is your nameserver (in /etc/resolv.conf) on dcA ip.to.dc.a and on
dcB ip.to.dc.b if so, what happens when you set them both to A? how about
when you set them both to B? I'd play around with that a bit until you get
a good replication, then restart samba on both DC's and set them properly
(dcA needs ip.to.dc.a and dcB needs ip.to.dc.b) .
Ricky
On Tue, Jun 4, 2013 at 1:59 AM, "David González Herrera - [DGHVoIP]" <
info at dghvoip.com> wrote:
> On 6/4/2013 1:28 AM, Giedrius wrote:
>
>> 2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė:
>>
>>> On 6/3/2013 11:57 PM, Giedrius wrote:
>>>
>>>> Hi,
>>>>
>>>> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]" rašė:
>>>>
>>>>> Hi,
>>>>>
>>>>> Let's see if any of the questions gets answered or at least I get
>>>>> ponte dto something that can help me.
>>>>>
>>>>> I followed this wiki:
>>>>> http://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**
>>>>> domain_as_a_DC#Getting_ready_**for_joining_Samba_as_a_DC_to_**
>>>>> an_existing_domain<http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain>
>>>>>
>>>>> I have my S4 domain running, I compiled and installed another S4 to
>>>>> replicate the first server and joined successfully to the domain but
>>>>> replication seems to be broken.
>>>>>
>>>>> Commandused:
>>>>>
>>>>>
>>>>> root at bdc:~# samba-tool domain join mundo.local DC -Uadministrator
>>>>> --realm=mundo.local --password=Mugr3P0pO --dns-backend=BIND9_DLZ
>>>>> Finding a writeable DC for domain 'mundo.local'
>>>>> Found DC samba.mundo.local
>>>>> workgroup is mundo
>>>>> realm is mundo.local
>>>>> checking sAMAccountName
>>>>> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>>>> Adding
>>>>> CN=BDC,CN=Servers,CN=Default-**First-Site-Name,CN=Sites,CN=**
>>>>> Configuration,DC=mundo,DC=**local
>>>>> Adding CN=NTDS
>>>>> Settings,CN=BDC,CN=Servers,CN=**Default-First-Site-Name,CN=**
>>>>> Sites,CN=Configuration,DC=**mundo,DC=local
>>>>> Adding SPNs to CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
>>>>> Setting account password for BDC$
>>>>> Enabling account
>>>>> Calling bare provision
>>>>> No IPv6 address will be assigned
>>>>> Provision OK for domain DN DC=mundo,DC=local
>>>>> Starting replication
>>>>> Schema-DN[CN=Schema,CN=**Configuration,DC=mundo,DC=**local]
>>>>> objects[402/1550] linked_values[0/0]
>>>>> Schema-DN[CN=Schema,CN=**Configuration,DC=mundo,DC=**local]
>>>>> objects[804/1550] linked_values[0/0]
>>>>> Schema-DN[CN=Schema,CN=**Configuration,DC=mundo,DC=**local]
>>>>> objects[1206/1550] linked_values[0/0]
>>>>> Schema-DN[CN=Schema,CN=**Configuration,DC=mundo,DC=**local]
>>>>> objects[1550/1550] linked_values[0/0]
>>>>> Analyze and apply schema objects
>>>>> Partition[CN=Configuration,DC=**mundo,DC=local] objects[402/1614]
>>>>> linked_values[0/0]
>>>>> Partition[CN=Configuration,DC=**mundo,DC=local] objects[804/1614]
>>>>> linked_values[0/0]
>>>>> Partition[CN=Configuration,DC=**mundo,DC=local] objects[1206/1614]
>>>>> linked_values[0/0]
>>>>> Partition[CN=Configuration,DC=**mundo,DC=local] objects[1608/1614]
>>>>> linked_values[0/0]
>>>>> Partition[CN=Configuration,DC=**mundo,DC=local] objects[1614/1614]
>>>>> linked_values[28/0]
>>>>> Replicating critical objects from the base DN of the domain
>>>>> Partition[DC=mundo,DC=local] objects[98/98] linked_values[31/0]
>>>>> Partition[DC=mundo,DC=local] objects[336/238] linked_values[74/0]
>>>>> Done with always replicated NC (base, config, schema)
>>>>> Replicating DC=DomainDnsZones,DC=mundo,DC=**local
>>>>> Partition[DC=DomainDnsZones,**DC=mundo,DC=local] objects[42/42]
>>>>> linked_values[0/0]
>>>>> Replicating DC=ForestDnsZones,DC=mundo,DC=**local
>>>>> Partition[DC=ForestDnsZones,**DC=mundo,DC=local] objects[18/18]
>>>>> linked_values[0/0]
>>>>> Partition[DC=ForestDnsZones,**DC=mundo,DC=local] objects[36/18]
>>>>> linked_values[0/0]
>>>>> Committing SAM database
>>>>> Sending DsReplicateUpdateRefs for all the replicated partitions
>>>>> Setting isSynchronized and dsServiceName
>>>>> Setting up secrets database
>>>>> Joined domain mundo (SID S-1-5-21-1918558401-**2200574552-2151153235)
>>>>> as
>>>>> a DC
>>>>>
>>>>> Seemed to have succeded, then I radn the recommended tests
>>>>>
>>>>> # ldbsearch -H /usr/local/samba/private/sam.**ldb '(invocationid=*)'
>>>>> --cross-ncs objectguid
>>>>> # record 1
>>>>> dn: CN=NTDS
>>>>> Settings,CN=BDC,CN=Servers,CN=**Default-First-Site-Name,CN=**
>>>>> Sites,CN=Configuration,DC=**mundo,DC=local
>>>>> objectGUID: 7106cbf4-3cf6-4ed9-b019-**dd937035b1e7
>>>>>
>>>>> # record 2
>>>>> dn: CN=NTDS
>>>>> Settings,CN=SAMBA,CN=Servers,**CN=Default-First-Site-Name,CN=**
>>>>> Sites,CN=Configuration,DC=**mundo,DC=local
>>>>> objectGUID: ad828198-a723-44c2-8d7f-**d5f801e2849f
>>>>>
>>>>> # returned 2 records
>>>>> # 2 entries
>>>>> # 0 referrals
>>>>>
>>>>>
>>>>> These testes run from the BDC seem to work.
>>>>>
>>>>> host -t CNAME ad828198-a723-44c2-8d7f-**d5f801e2849f._msdcs.mundo.**
>>>>> local
>>>>> ad828198-a723-44c2-8d7f-**d5f801e2849f._msdcs.mundo.**local is an
>>>>> alias
>>>>> for samba.mundo.local.
>>>>>
>>>>> host -t CNAME 7106cbf4-3cf6-4ed9-b019-**dd937035b1e7._msdcs.mundo.**
>>>>> local
>>>>> 7106cbf4-3cf6-4ed9-b019-**dd937035b1e7._msdcs.mundo.**local is an
>>>>> alias
>>>>> for bdc.mundo.local.
>>>>>
>>>>> root at bdc:~# host -t A bdc.mundo.local.
>>>>> bdc.mundo.local has address 10.10.10.20
>>>>>
>>>>> root at bdc:~# host -t A samba.mundo.local.
>>>>> samba.mundo.local has address 10.10.10.5
>>>>>
>>>>>
>>>>> Error showing up on the BDC
>>>>>
>>>>> dns child failed to find name
>>>>> 'ad828198-a723-44c2-8d7f-**d5f801e2849f._msdcs.mundo.**local' of type
>>>>> A
>>>>> dreplsrv_notify: Failed to send DsReplicaSync to
>>>>> ad828198-a723-44c2-8d7f-**d5f801e2849f._msdcs.mundo.**local for
>>>>> CN=Configuration,DC=mundo,DC=**local - *NT_STATUS_OBJECT_NAME_NOT_**
>>>>> FOUND
>>>>> : WERR_BADFILE *
>>>>>
>>>> Did you AT LEAST search the mailing list???????
>>>> Check if ping (or any program using GLIBC's *NSS* DNS resolver) can
>>>> resolve your 7106cbf4-3cf6-4ed9-b019-**dd937035b1e7._msdcs.mundo.**local
>>>> name
>>>>
>>> Yes I searched the ML with no luck.
>>>
>>> Yes, I did and it works, I had to add
>>> 7106cbf4-3cf6-4ed9-b019-**dd937035b1e7._msdcs.mundo.loca lto /etc/hosts
>>> and it works.
>>>
>>> So I thinks it's a DNS issue.
>>>
>> Not exactly, as I wrote in my other posts to mailing list, this is
>> glibc's nss dns resolvers' (libnss_dns.so) issue that is ignoring
>> hostnames with "_" (*_*msdcs)
>>
> Ok, then we'll have to wait for a patch to glibc, weird thing is that on
> the master PDC with BIND_DLZ as backend there's no problem at all. So
> excuse my ignorance when it comes to that.
>
> Thanks again mate.
>
>> Thanks for your answer.
>>>
>>
>
> --
> David Gonzalez
> DGHVoIP
> USA: +1.213.632.8479
> COL: +57.1.382.6718
> COL: +57.4.247.0985
> URL: www.dghvoip.com
> Skype: davidgonzalezh
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>
>
More information about the samba
mailing list