[Samba] Problems with Secondary DC

Ricardo Pardim Claus ricardo.claus at yahoo.com.br
Mon Aug 15 17:26:30 UTC 2016 

Problems with Secondary DC 

My scenario: 
DC1 = = SRV14=primary DC + DHCP Bind9 
DC2 = SRV15=secondary DC + Bind9 
Both running Samba 4.4.5. 

Through the Group Policy Management, when switching DC, when I try to connect to DC2, I get error message: 
"There was an error processing to collect data using this base domain controller. Change the base domain controller and try again." 
When I connect the "Active Users and Computers Diretory" I can not connect normally.


When I run the following command, I get inconsistencies errors:

# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator 

# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator 
...

* Result for [CONFIGURATION]: FAILURE 

SUMMARY 
--------- 

Attributes with different values: 

whenChanged 

* Comparing [SCHEMA] context... 
* Objects to be compared: 1739 
* Result for [SCHEMA]: SUCCESS 
* Comparing [DNSDOMAIN] context... 
* Objects to be compared: 243 
* Result for [DNSDOMAIN]: SUCCESS 
* Comparing [DNSFOREST] context... 
* Objects to be compared: 25 
* Result for [DNSFOREST]: SUCCESS 
ERROR: Compare failed: -1 



# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator configuration...
* Result for [CONFIGURATION]: FAILURE 

SUMMARY 
--------- 

Attributes with different values: 

whenChanged 
ERROR: Compare failed: -1 




The contents of the smb.conf DC2:

# Global parameters 
[global] 
bind interfaces only = Yes 
interfaces = lo eth0 
netbios name = SRV15 
realm = DOMAIN.LOCAL 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate 
workgroup = DOMAIN 
server role = active directory domain controller 
comment = 
log file = /var/log/samba/%m.log 
log level = 1 
# 
winbind enum users = yes 
winbind enum groups = yes 
#
client ldap sasl wrapping = sign 

[netlogon] 
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
read only = No 

[sysvol] 
path = /usr/local/samba/var/locks/sysvol 
read only = No 



The contents of the smb.conf DC1:

# Global parameters 
[global] 
#bind interfaces only = Yes 
interfaces = lo eth0 
netbios name = SRV14 
realm = DOMAIN.LOCAL 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate 
workgroup = DOMAIN
server role = active directory domain controller 
comment = 
log file = /var/log/samba/%m.log 
log level = 1 
# 
idmap_ldb:use rfc2307 = yes 
# 
allow dns updates = secure only 
nsupdate command =  /usr/bin/nsupdate -g 
#
client ldap sasl wrapping = sign 


[netlogon] 
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
read only = No 

[sysvol] 
path = /usr/local/samba/var/locks/sysvol 
read only = No 



How can I solve these problems? 
Thank you!

More information about the samba mailing list