[Samba] Replication Samba PDC to Samba BDC
Giedrius
giedrius+samba at su.lt
Tue Jun 4 09:47:02 MDT 2013
Hi,
2013.06.04 16:35, Ricky Nance rašė:
> @Giedrius
> "Not exactly, as I wrote in my other posts to mailing list, this
> is glibc's nss dns resolvers' (libnss_dns.so) issue that is
> ignoring hostnames with "_" (*_*msdcs)"
>
> Which OS's does that affect?
I personally tested this on openSUSE 12.2 and 12.3 (bug report:
https://bugzilla.novell.com/show_bug.cgi?id=822414)
>From the mailing list - seems this bug is much more wildspread
>
> @David, Is your nameserver (in /etc/resolv.conf) on dcA ip.to.dc.a and
> on dcB ip.to.dc.b if so, what happens when you set them both to A? how
> about when you set them both to B? I'd play around with that a bit
> until you get a good replication, then restart samba on both DC's and
> set them properly (dcA needs ip.to.dc.a and dcB needs ip.to.dc.b) .
I doubt this would change anything, given there is a working DNS,
allow-query / firewall setup..... but this is easily checked with host /
dig / nslookup commands.
And for that matter - his DNS setup is working: host / dig tests are not
failing
The problem is with the RESOLVER LIBRARY failing(at least in my case) to
return replies from DNS , so changing DNS servers address will not in
any way fix the problem.
It simply will not be returned to the program through the system calls
(at lease for me, tcpdump shown DNS *is* replying)
Better solution is to fix that damn bug in glibc (or use /etc/hosts |
mdns | whatever) and specify BOTH dcA AND dcB in resolv.conf.
So that if one of them fails - the other replies.
>
> Ricky
>
>
> On Tue, Jun 4, 2013 at 1:59 AM, "David González Herrera - [DGHVoIP]"
> <info at dghvoip.com <mailto:info at dghvoip.com>> wrote:
>
> On 6/4/2013 1:28 AM, Giedrius wrote:
>
> 2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė:
>
> On 6/3/2013 11:57 PM, Giedrius wrote:
>
> Hi,
>
> 2013.06.04 04:16, "David González Herrera - [DGHVoIP]"
> rašė:
>
> Hi,
>
> Let's see if any of the questions gets answered or
> at least I get
> ponte dto something that can help me.
>
> I followed this wiki:
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain
>
> I have my S4 domain running, I compiled and
> installed another S4 to
> replicate the first server and joined successfully
> to the domain but
> replication seems to be broken.
>
> Commandused:
>
>
> root at bdc:~# samba-tool domain join mundo.local DC
> -Uadministrator
> --realm=mundo.local --password=Mugr3P0pO
> --dns-backend=BIND9_DLZ
> Finding a writeable DC for domain 'mundo.local'
> Found DC samba.mundo.local
> workgroup is mundo
> realm is mundo.local
> checking sAMAccountName
> Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
> Adding
> CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
> Adding CN=NTDS
> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
> Adding SPNs to CN=BDC,OU=Domain
> Controllers,DC=mundo,DC=local
> Setting account password for BDC$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Provision OK for domain DN DC=mundo,DC=local
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=mundo,DC=local]
> objects[402/1614]
> linked_values[0/0]
> Partition[CN=Configuration,DC=mundo,DC=local]
> objects[804/1614]
> linked_values[0/0]
> Partition[CN=Configuration,DC=mundo,DC=local]
> objects[1206/1614]
> linked_values[0/0]
> Partition[CN=Configuration,DC=mundo,DC=local]
> objects[1608/1614]
> linked_values[0/0]
> Partition[CN=Configuration,DC=mundo,DC=local]
> objects[1614/1614]
> linked_values[28/0]
> Replicating critical objects from the base DN of
> the domain
> Partition[DC=mundo,DC=local] objects[98/98]
> linked_values[31/0]
> Partition[DC=mundo,DC=local] objects[336/238]
> linked_values[74/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=mundo,DC=local
> Partition[DC=DomainDnsZones,DC=mundo,DC=local]
> objects[42/42]
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=mundo,DC=local
> Partition[DC=ForestDnsZones,DC=mundo,DC=local]
> objects[18/18]
> linked_values[0/0]
> Partition[DC=ForestDnsZones,DC=mundo,DC=local]
> objects[36/18]
> linked_values[0/0]
> Committing SAM database
> Sending DsReplicateUpdateRefs for all the
> replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> Joined domain mundo (SID
> S-1-5-21-1918558401-2200574552-2151153235) as
> a DC
>
> Seemed to have succeded, then I radn the
> recommended tests
>
> # ldbsearch -H /usr/local/samba/private/sam.ldb
> '(invocationid=*)'
> --cross-ncs objectguid
> # record 1
> dn: CN=NTDS
> Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
> objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7
>
> # record 2
> dn: CN=NTDS
> Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
> objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f
>
> # returned 2 records
> # 2 entries
> # 0 referrals
>
>
> These testes run from the BDC seem to work.
>
> host -t CNAME
> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
> is an alias
> for samba.mundo.local.
>
> host -t CNAME
> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
> is an alias
> for bdc.mundo.local.
>
> root at bdc:~# host -t A bdc.mundo.local.
> bdc.mundo.local has address 10.10.10.20
>
> root at bdc:~# host -t A samba.mundo.local.
> samba.mundo.local has address 10.10.10.5
>
>
> Error showing up on the BDC
>
> dns child failed to find name
> 'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local'
> of type A
> dreplsrv_notify: Failed to send DsReplicaSync to
> ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
> for
> CN=Configuration,DC=mundo,DC=local -
> *NT_STATUS_OBJECT_NAME_NOT_FOUND
> : WERR_BADFILE *
>
> Did you AT LEAST search the mailing list???????
> Check if ping (or any program using GLIBC's *NSS* DNS
> resolver) can
> resolve your
> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name
>
> Yes I searched the ML with no luck.
>
> Yes, I did and it works, I had to add
> 7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto
> /etc/hosts
> and it works.
>
> So I thinks it's a DNS issue.
>
> Not exactly, as I wrote in my other posts to mailing list, this is
> glibc's nss dns resolvers' (libnss_dns.so) issue that is ignoring
> hostnames with "_" (*_*msdcs)
>
> Ok, then we'll have to wait for a patch to glibc, weird thing is
> that on the master PDC with BIND_DLZ as backend there's no problem
> at all. So excuse my ignorance when it comes to that.
>
> Thanks again mate.
>
> Thanks for your answer.
>
>
>
> --
> David Gonzalez
> DGHVoIP
> USA: +1.213.632.8479
> COL: +57.1.382.6718
> COL: +57.4.247.0985
> URL: www.dghvoip.com <http://www.dghvoip.com>
> Skype: davidgonzalezh
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list