[Samba] multi-site DC - AD

zhia chandra bentunx at gmail.com
Thu Feb 12 04:45:12 MST 2015 

hi Louise

i have follow ur instruction
but i think my problem is on the openvpn network latency
are there any /NT_STATUS_IO_TIMEOUT/ parameter that i can config
to add more time of /IO_TIMEOUT/  ?

regards
zhia

On 2/12/2015 4:04 PM, L.P.H. van Belle wrote:
> and you have added the following to the /etc/hosts
>
> 172.16.99.3	pdc.domain.co.id pdc
>
> and you did setup your krb5.conf in that way you point directly to the correct hosts without the use of a search
>
> like:
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = SMBDOM.EXAMPLE.COM
> dns_lookup_realm = false
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> renew_lifetime = 7d
> forwardable = true
>
> [realms]
> EXAMPLE.COM = {
> kdc = kerberos.example.com
> admin_server = kerberos.example.com
> }
>
> [domain_realm]
> .example.com = EXAMPLE.COM
> example.com = EXAMPLE.COM
>
>
> and maybe you should also find out where your latency delay is comming from.
>> 64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms
>> 64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms
> install for example smokeping and track with mtr.
>
>
> Louis
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: bentunx at gmail.com [mailto:samba-bounces at lists.samba.org]
>> Namens zhia chandra
>> Verzonden: donderdag 12 februari 2015 9:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] multi-site DC - AD
>>
>> hi all
>>
>> i have problem with my multi-site AD-DC installation, one of my DC,
>> suddently cant start well, i think problem(corrupt) with the
>> LDAP database
>> then i try to re join it, but every time i try to join it i always has
>> issue like this
>>
>> /Finding a writeable DC for domain 'domain.co.id'
>> Found DC pdc.domain.co.id
>> Password for [domain\administrator]:
>> workgroup is domain
>> realm is domain.co.id
>> checking sAMAccountName
>> Adding CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id
>> Adding
>> CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
> guration,D C=domain,DC=co,DC=id
>> Adding CN=NTDS
>> Settings,CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
>> N=Configuration,DC=domain,DC=co,DC=id
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>> e3514235-4b06-11
>> d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp:pdc.domain.co.id[1024,seal]
>> NT_STATUS_IO_TIM EOUT
>> Join failed - cleaning up
>> checking sAMAccountName
>> Deleted CN=DC24,OU=Domain Controllers,DC=domain,DC=co,DC=id
>> Deleted
>> CN=DC24,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
> guration,
>> DC=domain,DC=co,DC=id
>> ERROR(runtime): uncaught exception - (-1073741643,
>> 'NT_STATUS_IO_TIMEOUT')
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__
> init__.py" ,
>> line 175, in _run
>>      return self.run(*args, **kwargs)
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/do
> main.py",
>> line 555, in run
>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 1172 , in join_DC
>>      ctx.do_join()
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 1075 , in do_join
>>      ctx.join_add_objects()
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 541, in join_add_objects
>>      ctx.join_add_ntdsdsa()
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 474, in join_add_ntdsdsa
>>      ctx.DsAddEntry([rec])
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 384, in DsAddEntry
>>      ctx.drsuapi_connect()
>>    File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
>> line 362, in drsuapi_connect
>>      ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)/
>>
>> i have about 1mbps OpenVPN connection between this site to
>> another DC to
>> join
>> i try to ping from each DC    , i think its fine
>>
>> /[root at dc24 ~]# ping pdc
>> PING pdc.domain.co.id (172.16.99.3) 56(84) bytes of data.
>> 64 bytes from 172.16.99.3: icmp_seq=1 ttl=61 time=140 ms
>> 64 bytes from 172.16.99.3: icmp_seq=2 ttl=61 time=51.2 ms
>> 64 bytes from 172.16.99.3: icmp_seq=3 ttl=61 time=48.5 ms
>> 64 bytes from 172.16.99.3: icmp_seq=4 ttl=61 time=59.3 ms
>> 64 bytes from 172.16.99.3: icmp_seq=5 ttl=61 time=194 ms
>> 64 bytes from 172.16.99.3: icmp_seq=6 ttl=61 time=50.2 ms
>> 64 bytes from 172.16.99.3: icmp_seq=7 ttl=61 time=65.5 ms
>> 64 bytes from 172.16.99.3: icmp_seq=8 ttl=61 time=62.3 ms
>> 64 bytes from 172.16.99.3: icmp_seq=9 ttl=61 time=50.1 ms
>> ^C
>> --- pdc.domain.co.id ping statistics ---
>> 9 packets transmitted, 9 received, 0% packet loss, time 8835ms
>> rtt min/avg/max/mdev = 48.567/80.214/194.278/48.556 ms/
>>
>> but still i cant re joint the dc
>> any suggest to overcome this problem ?
>>
>> Thanks In Advance
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>

More information about the samba mailing list