[Samba] No more replication for new DC
mathias dufresne
infractory at gmail.com
Mon Nov 16 15:09:42 UTC 2015
That did not work. I've added DNS entries mentioned in that wiki page. I
also forced creation of all entries mentioned by samba_dnsupdate
--all-names --verbose.
So I expect all needed DNS entries are present. If some are still missing
they are not mentioned by samba_dnsupdate. And as samba_dnsupdate job is to
create missing DNS entries, I dare rely on it.
I expect the issue comes from missing servicePrincipalName.
I'm wondering why these LDAP fields are not filled...
Cheers,
mathias
2015-11-16 15:39 GMT+01:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 16/11/15 14:33, mathias dufresne wrote:
>
>> Another error coming often:
>> [2015/11/16 15:11:07.592598, 0]
>> ../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>>
>> ncacn_ip_tcp:10.156.248.219[1024,seal,krb5,target_hostname=231cc777-1ab8-4b15-be6c-dcd218df48e9._msdcs.samba.domain.tld,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.156.248.221]
>> NT_STATUS_INVALID_PARAMETER
>>
>> Digging a bit further there is no "servicePrincipalName" for last added
>> DC.
>> Using samba_spnupdate on FSMO owner or on newly added DC has no effect.
>>
>> I'm about to create these servicePrincipalName by hand to see if it could
>> solve my little issue.
>>
>> Cheers,
>>
>> mathias
>>
>>
>> 2015-11-16 14:40 GMT+01:00 mathias dufresne <infractory at gmail.com>:
>>
>> Hi all,
>>>
>>> I have 3 DCs running Samba 4.3.1 in the same domain. They seem to work
>>> quiet well with coherent databases on each of them.
>>>
>>> After rebuilding my RPM to include systemd units, I've joined a Samba
>>> 4.3.1 today, using --domain-critical-only. The join was successful, the
>>> replication was not. This DC has only 146 objects in the DB when it
>>> should
>>> have a bit less than 50000 objects.
>>>
>>> As I was suspecting the newly built RPMs, I set up another DC using same
>>> RPMs as the ones used to prepare first 3 DC. I joined that 5th DC to the
>>> domain, successfully, but replication does not work too.
>>>
>>> Finally I installed 4.2.5 sernet's version, join it to the domain and
>>> still replication does not work.
>>>
>>> In log.samba from newly added DC there are lines:
>>> [2015/11/16 14:25:05.966500, 0]
>>>
>>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
>>> of transaction: operations error at
>>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
>>> [2015/11/16 14:25:05.968151, 0]
>>>
>>> ../source4/dsdb/repl/drepl_out_helpers.c:770(dreplsrv_op_pull_source_apply_changes_trigger)
>>> Failed to commit objects:
>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>
>>> Coming repetitively.
>>>
>>> One important thing is I changed FSMO owner on that domain once I
>>> switched
>>> from 4.3.0 to 4.3.1.
>>> As already discussed seizing FSMO does not modify DNS entry for SOA so
>>> I'd
>>> modified that manually plus lot of others entries to remove traces of old
>>> DCs. There is no more LDAP entry for these old DCs.
>>>
>>> If someone has some idea to solve that, he would be welcomed :)
>>>
>>> Cheers,
>>>
>>> mathias
>>>
>>>
>>>
> Have a look here:
> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list