[Samba] AD DC out of sync

Marc Muehlfeld mmuehlfeld at samba.org
Wed Mar 11 14:17:15 MDT 2015


Hello Lars,

Am 11.03.2015 um 18:01 schrieb Lars Hanke:
> It now happened for the second time: Out of the blue, I could not login
> from windows machines or authenticate using smbclient, while
> Kerberos/nslcd were still working fine, after setting a password.
> 
> The cause is that the password change didn' reach both AD DCs, but only
> one. The other one still had the old value as could be seen by
> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of
> seconds brings them back to sync and Windows logons work as they used to.
> 
> samba-tool drs showrepl does not show any failure, beyond: Warning: No
> NC replicated for Connection!

This warning you can ignore.



> Any idea, what I should do next time to obtain valuable output for
> debugging?

* What Samba version are you running?
* How many DCs?
* Can you force this problem to appear?

Just an idea: AD problems are often caused by DNS problems and we got
the keyword "DNS islanding" in an other threat at the moment: Which DNS
do your DCs use as primary? Their own or a different one? See
http://retrohack.com/a-word-or-two-about-dns-islanding/



Regards,
Marc


More information about the samba mailing list