[Samba] Replication with Multiple Sites in a Hub and Spoke Topology
Dale Renton
drenton at gmail.com
Mon Dec 19 18:42:52 UTC 2016
On Sun, Dec 18, 2016 at 5:20 PM, Garming Sam <garming at catalyst.net.nz>
wrote:
> Hi,
>
> It seems unlikely that the KCC is the cause of these issues. The KCC is
> only responsible for telling who to connect (and when) and doesn't
> actually affect any underlying network connectivity. Connectivity
> between the spokes should not be required and the communication between
> them is usually just some stale data. But none of that should affect
> either of these commands.
>
> Unless the DRS server is particular busy, it points to actual
> connectivity issues. If you're running samba-tool drs showrepl, it looks
> like it should only contact the DC you are on. How long does it take
> before each of the commands bail out? When doing the domain join, do you
> pick a particular server (and/or IP) to run against, and does it make a
> difference?
>
>
I figured out the problem. I ran the strace command on 'samba-tool drs
showrepl' and indeed it did show one spoke trying to communicate with
another spoke. This is where the command would hang for 2 minutes and
return the NT_STATUS_IO_TIMEOUT.
I changed the krb5.conf on DC3 only (left the hub domain controllers as is)
from :
[libdefaults]
default_realm = AD.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
to
[libdefaults]
default_realm = AD.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
AD.EXAMPLE.COM = {
kdc = DC3.AD.EXAMPLE.COM
admin_server = DC3.AD.EXAMPLE.COM
default_domain = AD.EXAMPLE.COM
Now everything seems to be working again. The domain join worked great
too. I'm assuming there is no harm in making this change?
Thanks,
Dale
More information about the samba
mailing list