[Samba] demote DC

Marc Muehlfeld mmuehlfeld at samba.org
Sat Jul 19 10:13:31 MDT 2014


Hello Fernando,


Am 19.07.2014 12:44, schrieb Fernando Rodriguez:
> Hoorn
> root at hoorn:/home/newhang# samba-tool fsmo show
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
> 
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
> 
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
> 
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local
> 
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=VOLENDAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=solid-optics,DC=local

It's interesting, that hoorn has this in this local AD copy, but still
thinks, that it owns two of the roles.








> root at hoorn:/home/newhang# samba-tool drs showrepl
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
> hoorn.solid-optics.local failed - drsException: DRS connection to
> hoorn.solid-optics.local failed: (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", line
> 39, in drsuapi_connect
>     (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
>   File
> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line
> 54, in drsuapi_connect
>     raise drsException("DRS connection to %s failed: %s" % (server, e))
> root at hoorn:/home/newhang#
> 
> Even thath, hoorn can not ping to the domain, but it finds it on the DNS.
> 
> All DC points the roles to the shame DC, but hoorn is not replicating
> from the other ones.root at hoorn:/home/newhang# ping solid-optics.local
> ping: unknown host solid-optics.local
> root at hoorn:/home/newhang# nslookup solid-optics.local
> Server:         192.168.10.42
> Address:        192.168.10.42#53
> 
> Name:   solid-optics.local
> Address: 192.168.10.42
> Name:   solid-optics.local
> Address: 192.168.10.41
> Name:   solid-optics.local
> Address: 192.168.10.37
> 
> root at hoorn:/home/newhang# cat /etc/resolv.conf
> domain solid-optics.local
> search solid-optics.local
> nameserver 192.168.10.42
> nameserver 192.168.10.41
> nameserver 192.168.10.37


* Can you check, that you can resolve the following DNS names on all
three hosts
<GUID_hoorn>._msdcs.<domain>
<GUID_volendam>._msdcs.<domain>
<GUID_tilburg>._msdcs.<domain>

The GUIDs you see in the showrepl output, or run
# # ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
--cross-ncs objectguid




* Any security stuff (firewall, etc.) on the DCs or between, that could
cause that?




* Can you show the content of hoorns /etc/hosts, please?




* Can you ping the IPs of the other both DC from hoorn?




* Anything interesting in the logs of hoorn? What's the output when you
run 'samba-tool' with a debug level of 3?




* What Samba version do you run on all 3 DCs? Self compiled, SerNet,
distro packages, etc.?





Regards,
Marc


More information about the samba mailing list