[Samba] Samba4 and SiteLinkBridges

Achim Gottinger achim at ag-web.biz
Sun Nov 3 08:58:39 MST 2013 

Am 03.11.2013 16:34, schrieb Achim Gottinger:
> Am 03.11.2013 16:30, schrieb Achim Gottinger:
>> Am 22.10.2013 08:20, schrieb Achim Gottinger:
>>> Hi,
>>>
>>> Having an test environment here with four sites, sites 2-4 are 
>>> connected to site 1 via vpn. No vpn tunnels between sites 2-4, so 
>>> the sites 2-4 can only communicate with site 1.
>>> Each site has it's samba4 AD DC server and they are all part of the 
>>> same domain.
>>> Did abit of reading and found that i must use so called SiteLinks to 
>>> replicate the site objects between sites 2-4 via site 1.
>>> Created three SiteLinks (sl12:1,2 sl13:1,3 sl14:1,4) and three 
>>> SiteLinkBridges(slb23:sl12,sl13 slb24: sl12,sl14 slb34: sl13,sl14). 
>>> Had to remove the DEFAULTSITELINK entry to reassign the sites.
>>> So far so good, restarted all servers and waiter for an while but 
>>> still on sites 2-3 only site 1 objects get replicated, others still 
>>> show errors like this
>>>
>>> CN=Schema,CN=Configuration,DC=domain,DC=local
>>>         site2\server2 via RPC
>>>                 DSA object GUID: b61417b8-acb0-48ea-acf7-d8b739e3aa23
>>>                 Last attempt @ Tue Oct 22 08:13:07 2013 CEST failed, 
>>> result 1232 (WERR_HOST_UNREACHABLE)
>>>                 125 consecutive failure(s).
>>>                 Last success @ NTTIME(0)
>>>
>>> Are SiteLinkBridges supposed to work with samba4?
>>>
>>> Thanks in advance,
>>> Achim Gottinger
>> Skimmed over the code in samba_kcc. I can see that SiteLink's are 
>> read in load_all_sitelinks but the. Looking into ADSI the 
>> SiteLinkBridges also reside in CN=Inter-Site Transports,CN=Sites but 
>> have an objectClass of SiteLinkBridge instead of SiteLink. So I 
>> assume SiteLinkBridges are ignored right now. I'd expect that in 
>> above configuration site 2-4 should not try to contact each other 
>> because there are no SiteLink objects defined between them, however 
>> the log at for example site2 still shows errors trying to connet to 
>> sites 3-4.
>>
>> [2013/11/03 16:28:00.671751,  0] 
>> ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect)
>>   Failed to connect host [server at site 3 ip] on port 135 - 
>> NT_STATUS_HOST_UNREACHABLE
>> [2013/11/03 16:28:00.672221,  0] 
>> ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket)
>>   Failed to connect host [server at site 3 ip] 
>> (ded885f4-5178-41d5-9274-e1f7268ca2e8._msdcs.fot.local) on port 135 - 
>> NT_STATUS_HOST_UNREACHABLE
> My setup uses debian wheezy 64bit with sernet's samba 4 packages vers 
> 4.0.10-8 atm.
>
Filed an enhancement request in the bug database 
https://bugzilla.samba.org/show_bug.cgi?id=10243, meanwhile i'll add a 
few more vpn tunnels.

More information about the samba mailing list