[Samba] samba4 replication issues | sam.ldb inconsistency
mourik jan heupink - merit
heupink at merit.unu.edu
Tue Jul 15 10:00:33 MDT 2014
Hi all,
Despite my first optimism, it seems we're not out of the woods just yet...
> It certainly is. you can join to any DC regardless of roles. You should
> be able to point it to DC2 with --server=DC2
>
I managed to install a new DC3, with --server=DC2:
samba-tool domain join samba.company.com DC -Uadministrator
--realm=samba.company.com --server=DC2
This completes successfully, no errors. However, when I start my DC3, I
receive:
[2014/07/15 17:35:44.891271, 0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: update failed: SERVFAIL
and
[2014/07/15 17:41:08.790679, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:41:08.815799, 0]
../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID
allocation - WERR_DS_DRA_INTERNAL_ERROR - extended_ret[0x0]
Checking dns on my DC2 I learned that dc3.samba.company.com did not
resolve correctly, so I did on DC2:
samba-tool dns add ip.address.dc2 samba.company.com DC3 A ip.address.dc3
-Uadministrator
and now dc3.samba.company.com does resolve correctly. However:
restarting samba things still don't work:
[2014/07/15 17:42:35.027090, 0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
[2014/07/15 17:42:35.027250, 0]
../lib/util/util_runcmd.c:317(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: update failed: SERVFAIL
[2014/07/15 17:42:38.642366, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
DC=ForestDnsZones,DC=samba,DC=company,DC=com
[2014/07/15 17:42:38.816639, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
DC=samba,DC=company,DC=com
[2014/07/15 17:42:38.960894, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:42:39.068958, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:06.580263, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
DC=ForestDnsZones,DC=samba,DC=company,DC=com
[2014/07/15 17:43:06.798779, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.113991, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.372502, 0]
../source4/dsdb/repl/drepl_out_helpers.c:840(dreplsrv_update_refs_done)
UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105
for 9a3d9130-45f3-43b6-bbf4-189c19764bd5._msdcs.samba.company.com
CN=Schema,CN=Configuration,DC=samba,DC=company,DC=com
[2014/07/15 17:43:07.390439, 0]
../source4/dsdb/repl/drepl_ridalloc.c:43(drepl_new_rid_pool_callback)
../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID
allocation - WERR_DS_DRA_INTERNAL_ERROR - extended_ret[0x0]
So... a lot of access denied, plus an internal error to top things of.
Getting more and more nervous. Any tips how to proceed are again very
welcome..?
More information about the samba
mailing list