[Samba] multi-site DC - AD

L.P.H. van Belle belle at bazuin.nl
Thu Feb 12 02:04:40 MST 2015 

and you have added the following to the /etc/hosts 

172.16.99.3	pdc.domain.co.id pdc

and you did setup your krb5.conf in that way you point directly to the correct hosts without the use of a search 

like: 
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = SMBDOM.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true

[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}

[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM


and maybe you should also find out where your latency delay is comming from.
>64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms
>64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms

install for example smokeping and track with mtr.


Louis




>-----Oorspronkelijk bericht-----
>Van: bentunx at gmail.com [mailto:samba-bounces at lists.samba.org] 
>Namens zhia chandra
>Verzonden: donderdag 12 februari 2015 9:10
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] multi-site DC - AD
>
>hi all
>
>i have problem with my multi-site AD-DC installation, one of my DC, 
>suddently cant start well, i think problem(corrupt) with the 
>LDAP database
>then i try to re join it, but every time i try to join it i always has 
>issue like this
>
>/Finding a writeable DC for domain 'domain.co.id'
>Found DC pdc.domain.co.id
>Password for [domain\administrator]:
>workgroup is domain
>realm is domain.co.id
>checking sAMAccountName
>Adding CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id
>Adding 
>CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,D C=domain,DC=co,DC=id
>Adding CN=NTDS 
>Settings,CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C 
>N=Configuration,DC=domain,DC=co,DC=id
>Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for 
>e3514235-4b06-11 
>d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:pdc.domain.co.id[1024,seal] 
>NT_STATUS_IO_TIM EOUT
>Join failed - cleaning up
>checking sAMAccountName
>Deleted CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id
>Deleted 
>CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration, 
>DC=domain,DC=co,DC=id
>ERROR(runtime): uncaught exception - (-1073741643, 
>'NT_STATUS_IO_TIMEOUT')
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__
init__.py" , 
>line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/do
main.py", 
>line 555, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
>dns_backend=dns_backend)
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 1172 , in join_DC
>     ctx.do_join()
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 1075 , in do_join
>     ctx.join_add_objects()
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 541, in join_add_objects
>     ctx.join_add_ntdsdsa()
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 474, in join_add_ntdsdsa
>     ctx.DsAddEntry([rec])
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 384, in DsAddEntry
>     ctx.drsuapi_connect()
>   File 
>"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
>line 362, in drsuapi_connect
>     ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)/
>
>i have about 1mbps OpenVPN connection between this site to 
>another DC to 
>join
>i try to ping from each DC    , i think its fine
>
>/[root at dc24 ~]# ping pdc
>PING pdc.domain.co.id (172.16.99.3) 56(84) bytes of data.
>64 bytes from 172.16.99.3: icmp_seq=1 ttl=61 time=140 ms
>64 bytes from 172.16.99.3: icmp_seq=2 ttl=61 time=51.2 ms
>64 bytes from 172.16.99.3: icmp_seq=3 ttl=61 time=48.5 ms
>64 bytes from 172.16.99.3: icmp_seq=4 ttl=61 time=59.3 ms
>64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms
>64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms
>64 bytes from 172.16.99.3: icmp_seq=7 ttl=61 time=65.5 ms
>64 bytes from 172.16.99.3: icmp_seq=8 ttl=61 time=62.3 ms
>64 bytes from 172.16.99.3: icmp_seq=9 ttl=61 time=50.1 ms
>^C
>--- pdc.domain.co.id ping statistics ---
>9 packets transmitted, 9 received, 0% packet loss, time 8835ms
>rtt min/avg/max/mdev = 48.567/80.214/194.278/48.556 ms/
>
>but still i cant re joint the dc
>any suggest to overcome this problem ?
>
>Thanks In Advance
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list