[Samba] joined DC but replication fails
Günter Kukkukk
linux at kukkukk.com
Wed Jun 18 09:47:01 MDT 2014
Am 18.06.2014 10:09, schrieb steve:
> On Wed, 2014-06-18 at 02:36 +0200, Günter Kukkukk wrote:
>> Am 17.06.2014 19:35, schrieb steve:
>>> On Tue, 2014-06-17 at 19:01 +0200, steve wrote:
>>>> ubuntu 14.04 DCs
>>>>
>>>> DC1 with fsmo
>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>> 51755e44-0a78-4ab8-8206-b4ae8a09c172._msdcs.altea.site<0x20>
>>>> dns child failed to find name
>>>> '51755e44-0a78-4ab8-8206-b4ae8a09c172._msdcs.altea.site' of type A
>>>>
>>>> DC2
>>>> /usr/local/samba/sbin/samba_dnsupdate: update failed: NOTAUTH
>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>> 37cb1209-7eef-4671-b38b-2a71c231a40b._msdcs.altea.site<0x20>
>>>>
>>>> What's missing?
>>>> Thanks,
>>>> Steve
>>>>
>>>>
>>>
>>> Left it for a bit and now that's working. However, still no replication.
>>> I add a user on DC2 and nothing appears on DC1
>>>
>>> DC1
>>> ./samba-tool drs showrepl
>>> Default-First-Site-Name\PALMERA
>>> DSA Options: 0x00000001
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> DSA invocationId: 93fa0553-a972-4107-ab83-4b60790660f9
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> DC=ForestDnsZones,DC=altea,DC=site
>>> Default-First-Site-Name\GERANIO via RPC
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=DomainDnsZones,DC=altea,DC=site
>>> Default-First-Site-Name\GERANIO via RPC
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> DC=altea,DC=site
>>> Default-First-Site-Name\GERANIO via RPC
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Schema,CN=Configuration,DC=altea,DC=site
>>> Default-First-Site-Name\GERANIO via RPC
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> CN=Configuration,DC=altea,DC=site
>>> Default-First-Site-Name\GERANIO via RPC
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> Last attempt @ NTTIME(0) was successful
>>> 0 consecutive failure(s).
>>> Last success @ NTTIME(0)
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>>
>>> DC2
>>> sudo samba-tool drs showrepl
>>> Default-First-Site-Name\GERANIO
>>> DSA Options: 0x00000001
>>> DSA object GUID: 51755e44-0a78-4ab8-8206-b4ae8a09c172
>>> DSA invocationId: 0b9244b1-2821-4f78-8643-0ad08d4ddced
>>>
>>> ==== INBOUND NEIGHBORS ====
>>>
>>> DC=altea,DC=site
>>> Default-First-Site-Name\PALMERA via RPC
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> Last attempt @ Tue Jun 17 19:19:24 2014 CEST was successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Jun 17 19:19:24 2014 CEST
>>>
>>> CN=Schema,CN=Configuration,DC=altea,DC=site
>>> Default-First-Site-Name\PALMERA via RPC
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> Last attempt @ Tue Jun 17 19:19:26 2014 CEST was successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Jun 17 19:19:26 2014 CEST
>>>
>>> CN=Configuration,DC=altea,DC=site
>>> Default-First-Site-Name\PALMERA via RPC
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> Last attempt @ Tue Jun 17 19:19:27 2014 CEST was successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Jun 17 19:19:27 2014 CEST
>>>
>>> DC=ForestDnsZones,DC=altea,DC=site
>>> Default-First-Site-Name\PALMERA via RPC
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> Last attempt @ Tue Jun 17 19:19:23 2014 CEST was successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Jun 17 19:19:23 2014 CEST
>>>
>>> DC=DomainDnsZones,DC=altea,DC=site
>>> Default-First-Site-Name\PALMERA via RPC
>>> DSA object GUID: 37cb1209-7eef-4671-b38b-2a71c231a40b
>>> Last attempt @ Tue Jun 17 19:19:23 2014 CEST was successful
>>> 0 consecutive failure(s).
>>> Last success @ Tue Jun 17 19:19:23 2014 CEST
>>>
>>> ==== OUTBOUND NEIGHBORS ====
>>>
>>> ==== KCC CONNECTION OBJECTS ====
>>>
>>> Nothing created on the new dc is replicated.
>>> Anything to check?
>>> Thanks.
>>> Steve
>>>
>>>
>>
>> which samba version(s) are you running on your DCs - and are you
>> using a released version or did you build yourself (e.g. from git ...)?
>
> We are investigating a move to Ubuntu when sysvol is working:
> samba --version
> Version 4.2.0pre1-GIT-7f36828
> on Ubuntu 14.04
>>
>> Btw - what do you get with:
>> samba-tool testparm -v --suppress-prompt | grep kccsrv:samba_kcc
>> on your DCs?
>>
>> Cheers, Günter
>>
>
> On both DCs:
> sudo samba-tool testparm -v --suppress-prompt | grep kccsrv:samba_kcc
> kccsrv:samba_kcc = true
In the *release* versions the internal samba default is
kccsrv:samba_kcc = false
*but* in current git master this setting defaults to *true*!
The external python KCC "samba_kcc" is atm *not* fully implemented and to
my knowledge has never been really tested.
KCC related info. e.g.: http://technet.microsoft.com/en-us/library/cc961781.aspx
So i strongly recommend to add the following to the [global] section of smb.conf:
kccsrv:samba_kcc = false
to all your DCs which you built from git.
The current python samba_kcc is buggy, so it should not be used until it is fixed.
Btw - you can also force an initial replication between DCs in both directions with
samba-tool drs replicate ......
Once a first replication has been done successfully, it usually sticks.
Take care to use the right syntax, but there should already be samples on the net.
Cheers, Günter
>
>
> Hi
> Question: If I create a user on DC1 it replicates. If I create a user on
> DC2 it does not. Is the replication one way only with this version?
> Thanks,
> Steve
>
>
>
--
More information about the samba
mailing list