[Samba] Tests with Secondary DC

Marcio Demetrio Bacci marciobacci at gmail.com
Thu Jul 23 02:47:43 UTC 2015


I have installed a secondary DC in my network, following the tutorial:

https://wiki.samba.org/index.php/Join_a_domain_as_a_DC#Kerberos

I have ran the following command:

samba-tool domain join mydomain.com.br DC -Uadministrator --realm =
mydomain.com --dns-backend = BIND_INTERNAL

It seems that everything is OK. I have ran the following commands in both
DC and the result was the same:

ldbsearch -H /opt/samba/private/sam.ldb -b 'DC = mydomain, DC = com, DC =
br' sub -s '(& (objectClass = group) (cn = Domain Users))' | grep gidNumber
| sed 's | gidNumber: ||'

ldbsearch -H /opt/samba/private/sam.ldb -b 'DC = mydomain, DC = com, DC =
br' sub -s '(& (objectClass = group) (cn = Domain Users))' | grep gidNumber
| sed 's | gidNumber: ||'


I did the tests of the following tutorial and everything is correct:

https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins

I also created DNS records in DC and was replicated to the other correctly.

But "wbinfo -i DomainUser" command brings different results.

The Primary DC "smb.conf" file has the attribute "idmap_ldb: use RFC2307 =
yes". In Secondary DC doesn't have that attribute. Could this generate
different information between DC?

Is this related to the correction of BUG 11313: idmap_rfc2307: Fix wbinfo
'--gid-to-sid' query?

Finally, the following test showed several errors:

samba-tool ldapcmp ldap: // DC1 ldap: // DC2 -Uadministrator domain
--filter = msDS-NcType, ServerState

Comparing:
'CN=Users,CN=Builtin,DC=mydomain,DC=com,DC=br' [ldap://DC1]
'CN=Users,CN=Builtin,DC=mydomain,DC=com,DC=br' [ldap://DC2]
    Difference in attribute values:
        whenChanged =>
['20150720230414.0Z']
['20150722233158.0Z']
    FAILED
Comparing:
'CN=Windows Authorization Access Group,CN=Builtin,DC=mydomain,DC=com,DC=br'
[ldap://DC1]
'CN=Windows Authorization Access Group,CN=Builtin,DC=mydomain,DC=com,DC=br'
 [ldap://DC2]
    Difference in attribute values:
        whenChanged =>
['20150720230630.0Z']
['20150722233158.0Z']
    FAILED
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes with different values:
    whenChanged
ERROR: Compare failed: -1

Which tests I could do to make sure everything is right?


Regards,

Márcio


More information about the samba mailing list