[Samba] Problems with Secondary DC

Rowland Penny rpenny at samba.org
Mon Aug 15 17:46:09 UTC 2016 

On Mon, 15 Aug 2016 17:26:30 +0000 (UTC)
Ricardo Pardim Claus via samba <samba at lists.samba.org> wrote:

> Problems with Secondary DC 
> 
> My scenario: 
> DC1 = = SRV14=primary DC + DHCP Bind9 
> DC2 = SRV15=secondary DC + Bind9 
> Both running Samba 4.4.5. 
> 
> Through the Group Policy Management, when switching DC, when I try to
> connect to DC2, I get error message: "There was an error processing
> to collect data using this base domain controller. Change the base
> domain controller and try again." When I connect the "Active Users
> and Computers Diretory" I can not connect normally.
> 
> 
> When I run the following command, I get inconsistencies errors:
> 
> # samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator 
> 
> # samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator 
> ...
> 
> * Result for [CONFIGURATION]: FAILURE 
> 
> SUMMARY 
> --------- 
> 
> Attributes with different values: 
> 
> whenChanged 
> 
> * Comparing [SCHEMA] context... 
> * Objects to be compared: 1739 
> * Result for [SCHEMA]: SUCCESS 
> * Comparing [DNSDOMAIN] context... 
> * Objects to be compared: 243 
> * Result for [DNSDOMAIN]: SUCCESS 
> * Comparing [DNSFOREST] context... 
> * Objects to be compared: 25 
> * Result for [DNSFOREST]: SUCCESS 
> ERROR: Compare failed: -1 
> 
> 
> 
> # samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator
> configuration...
> * Result for [CONFIGURATION]: FAILURE 
> 
> SUMMARY 
> --------- 
> 
> Attributes with different values: 
> 
> whenChanged 
> ERROR: Compare failed: -1 
> 
> 
> 
> 
> The contents of the smb.conf DC2:
> 
> # Global parameters 
> [global] 
> bind interfaces only = Yes 
> interfaces = lo eth0 
> netbios name = SRV15 
> realm = DOMAIN.LOCAL 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate workgroup = DOMAIN 
> server role = active directory domain controller 
> comment = 
> log file = /var/log/samba/%m.log 
> log level = 1 
> # 
> winbind enum users = yes 
> winbind enum groups = yes 
> #
> client ldap sasl wrapping = sign 
> 
> [netlogon] 
> path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
> read only = No 
> 
> [sysvol] 
> path = /usr/local/samba/var/locks/sysvol 
> read only = No 
> 
> 
> 
> The contents of the smb.conf DC1:
> 
> # Global parameters 
> [global] 
> #bind interfaces only = Yes 
> interfaces = lo eth0 
> netbios name = SRV14 
> realm = DOMAIN.LOCAL 
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate workgroup = DOMAIN
> server role = active directory domain controller 
> comment = 
> log file = /var/log/samba/%m.log 
> log level = 1 
> # 
> idmap_ldb:use rfc2307 = yes 
> # 
> allow dns updates = secure only 
> nsupdate command =  /usr/bin/nsupdate -g 
> #
> client ldap sasl wrapping = sign 
> 
> 
> [netlogon] 
> path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
> read only = No 
> 
> [sysvol] 
> path = /usr/local/samba/var/locks/sysvol 
> read only = No 
> 
> 
> 
> How can I solve these problems? 
> Thank you!
> 

I wouldn't worry about the 'WhenChanged' error and don't use win8.1 or
10 with GPMC, it doesn't work at the moment, see here:
https://bugzilla.samba.org/show_bug.cgi?id=11351

Rowland

More information about the samba mailing list