[Samba] AD DC out of sync
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Mar 11 14:17:15 MDT 2015
Hello Lars,
Am 11.03.2015 um 18:01 schrieb Lars Hanke:
> It now happened for the second time: Out of the blue, I could not login
> from windows machines or authenticate using smbclient, while
> Kerberos/nslcd were still working fine, after setting a password.
>
> The cause is that the password change didn' reach both AD DCs, but only
> one. The other one still had the old value as could be seen by
> samba-tool ldapcmp. Restarting the DCs and waiting for a couple of
> seconds brings them back to sync and Windows logons work as they used to.
>
> samba-tool drs showrepl does not show any failure, beyond: Warning: No
> NC replicated for Connection!
This warning you can ignore.
> Any idea, what I should do next time to obtain valuable output for
> debugging?
* What Samba version are you running?
* How many DCs?
* Can you force this problem to appear?
Just an idea: AD problems are often caused by DNS problems and we got
the keyword "DNS islanding" in an other threat at the moment: Which DNS
do your DCs use as primary? Their own or a different one? See
http://retrohack.com/a-word-or-two-about-dns-islanding/
Regards,
Marc
More information about the samba
mailing list