[Samba] Samba4 Secondary DC Replication Concerns

Paul Littlefield info at paully.co.uk
Thu May 30 10:23:25 MDT 2013

On 30/05/13 16:37, Marc Muehlfeld wrote:
> What exactly do you mean? Machine accounts?

Yes, both Computer accounts...

$ samba-tool group listmembers "Domain Computers" |sort -f

...and user accounts...

$ samba-tool user list |sort -f

However, if I compare the Computers or Users list on both DCs they are not the same.

> If you have multiple DC in your domain, and the directory replication works ('samba-tool drs showrepl'), then every changes made are transfered to each DC (accounts, directory ACLs, etc.)

Ah, I think that's where my setup is going wrong then. I have these errors:

Last attempt @ Thu May 30 17:18:56 2013 BST failed, result 2 (WERR_BADFILE)
2087 consecutive failure(s).
Last success @ Thu May 23 17:31:12 2013 BST

Warning: No NC replicated for Connection!

[2013/05/30 17:18:56,  0] ../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
   ../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation - WERR_BADFILE - extended_ret[0x0]

> Only the SysVol share replication is currently not implemented. You have to find a workaround (like doing it with rsync).

OK, well, I am not sure about that yet.

Here is some info for you...

DC1: Gentoo 3.4.34-gentoo, x86_64, Samba 4.1.0pre1-GIT-8aae8b5
DC2: Ubuntu 3.8.0-19-generic, i686, Samba 4.1.0pre1-GIT-8aae8b5

/etc/resolv.conf on both DCs...

domain xyz.com

kinit and klist all appear to work, as does DNS (but not DNS Replication, I know about this bug).

I just want to know if DC1 goes down, then I can rely on DC2 to let someone log in to their Windows PC :-)



Paul Littlefield

Telephone: 07801 125705
Email: info at paully.co.uk
Web: www.paully.co.uk
Twitter: https://twitter.com/paullittlefield
Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages
Blog: http://www.littlefield.info
Photo: http://gravatar.com/plittlefield
LinkedIn: http://uk.linkedin.com/in/paullittlefield

Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email.

Notebook LENOVO ThinkPad Edge
Intel(R) Core(TM) i3 CPU U 380 @ 1.33GHz
Portage (default/linux/amd64/13.0/desktop, gcc-4.7.2, glibc-2.15-r3, 3.7.9-gentoo x86_64)
Gentoo Base System release 2.1
X.Org X Server 1.14.0

More information about the samba mailing list