[Samba] can't replicate ForestDnsZones and DomainDnsZones
mathias dufresne
infractory at gmail.com
Thu Dec 15 16:43:08 UTC 2016
2016-12-10 10:57 GMT+01:00 Денис Полещук via samba <samba at lists.samba.org>:
> I have DC on samba 4.5.2 (pdc)
> Also I have additional DC on Win2008 R2. (bdc)
> pdc and bdc just host names
>
> When I trying to replicate samba to windows:
>
> pdc:~ # samba-tool drs replicate bdc pdc DC=tidykzn,DC=local
> Replicate from pdc to bdc was successful.
> pdc:~ # samba-tool drs replicate bdc pdc
> CN=Schema,CN=Configuration,DC=tidykzn,DC=local
> Replicate from pdc to bdc was successful.
> pdc:~ # samba-tool drs replicate bdc pdc
> CN=Configuration,DC=tidykzn,DC=local
> Replicate from pdc to bdc was successful.
>
> But:
>
> pdc:~ # samba-tool drs replicate bdc pdc
> DC=ForestDnsZones,DC=tidykzn,DC=local
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER')
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
> 368, in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/local/samba/lib64/python2.7/site-packages/samba/
> drs_utils.py",
> line 83, in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
> pdc:~ # samba-tool drs replicate bdc pdc
> DC=DomainDnsZones,DC=tidykzn,DC=local
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER')
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
> 368, in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/local/samba/lib64/python2.7/site-packages/samba/
> drs_utils.py",
> line 83, in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> What I need not do to fix this situation?
First note that what I'll propose was not advised by Samba team months ago.
No idea what is the status of that right now.
Anyway, let's go : )
In private/sam.ldb.d you will find DIT files. These files are different on
each DC and for that reason it not advised to copy them between DC.
Now when DB replication is working fine between DC "samba-tool ldapcmp"
shows only attribute which is not synchronized between DC: "whenChanged"
attribute. The reason of this difference is because MS (and Samba team)
decided it is not an important attribute which worth replication.
So our DIT files are different but nobody care about that difference.
So you can simply copy DIT files from one DC to another.
Please perform the copy with Samba services on your DCs (both, source and
destination) stopped to avoid any change into the DB during the copy.
Making a copy/backup of the file you're about to replace seems also a (very
very) good idea : )
I have to copy both DIT DomainDnsZones and ForestDnsZones here at work and
now all my DC are working like charms.
Remember the note at the beginning ;)
Have fun and good luck!
mathias
More information about the samba
mailing list