[Samba] bind fails to start w/missing records
Steve Thompson
smt at vgersoft.com
Sun May 10 09:08:17 MDT 2015
Roland,
Thank you very much for your attention to this. You should get a medal for
all the help you give everyone on this list.
On Sun, 10 May 2015, Rowland Penny wrote:
> Why ? And why don't they show up when you ask for the zones with samba-tool ?
I have that many subnets. As for why they don't show up: they are defined
in BIND's configuration and not samba's; they never did show up with
samba-tool. I wasn't expecting that they should.
> Just check that it isn't just non replicating attributes that are different.
It looks like a real problem. This is what I get when I compare DC1 and
DC2 (again, DC1 and DC3 are the same):
* Result for [DOMAIN]: FAILURE
Attributes found only in ldap://baxter:
isCriticalSystemObject
cn
ipsecName
fSMORoleOwner
objectClass
ipsecISAKMPReference
iPSECNegotiationPolicyAction
showInAdvancedViewOnly
ipsecFilterReference
priorSetTime
instanceType
ipsecOwnersReference
distinguishedName
ipsecNFAReference
msDS-TombstoneQuotaFactor
ipsecData
description
objectCategory
objectGUID
whenCreated
systemFlags
ipsecNegotiationPolicyReference
ipsecID
lastSetTime
iPSECNegotiationPolicyType
name
memberOf
ipsecDataType
* Result for [CONFIGURATION]: FAILURE
Attributes found only in ldap://baxter:
distinguishedName
isCriticalSystemObject
name
objectCategory
objectClass
msDS-Behavior-Version
description
msDS-TombstoneQuotaFactor
objectGUID
showInAdvancedViewOnly
systemFlags
whenCreated
fSMORoleOwner
instanceType
cn
* Result for [DNSDOMAIN]: FAILURE
Attributes found only in ldap://baxter:
distinguishedName
isCriticalSystemObject
cn
objectCategory
objectClass
objectGUID
whenCreated
showInAdvancedViewOnly
systemFlags
instanceType
name
* Result for [DNSFOREST]: FAILURE
Attributes found only in ldap://baxter:
distinguishedName
isCriticalSystemObject
cn
objectCategory
objectClass
objectGUID
whenCreated
showInAdvancedViewOnly
systemFlags
instanceType
name
and everything else is in order. "samba-tool drs showrepl" shows no
problems.
> Check your FSMO roles.
I've done that; this appears to be in order (DC1 = baxter):
InfrastructureMasterRole owner: CN=NTDS Settings,CN=BAXTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
RidAllocationMasterRole owner: CN=NTDS Settings,CN=BAXTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=BAXTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
DomainNamingMasterRole owner: CN=NTDS Settings,CN=BAXTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
SchemaMasterRole owner: CN=NTDS Settings,CN=BAXTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
-Steve
--
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
"186,282 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------
More information about the samba
mailing list