[Samba] Samba DC sync issues - help

L.P.H. van Belle belle at bazuin.nl
Mon Jan 18 15:30:04 UTC 2016 

Ok, this is strange: 

 

Failed to connect to ldap URL 'ldap://3(NXDOMAIN)' - LDAP client internal error: NT_STATUS_OBJECT_NAME_NOT_FOUND 

 

What the script does it, it looks up the DC with the FSMO roles, sets that as DC1, and compairs the other DC’s with that one.

Can you run the following to be sure you dont have any other problems in you AD? 

 

Can you check the following outputs. 

 

samba-tool fsmo show | cut -d"," -f2 | head -n1 | cut -c4-100 | tr '[:upper:]' '[:lower:]'

 

samba-tool domain info DC_from_Above command 

 

and just to be sure,. 

echo "kkkkk" | kinit Administrator at YOUR_REALM 

does that work? 

 

i dont need al the output, you know if its correct, or sanitise your domain info a bit. 

 

If you get errors, please let met know, i’ll have a go with ubuntu 15.10 then and adjust the scripts. 

Im not there yet to make it compatible with other then debian. 

 

When the script works, you should see an output like this : 

 

./samba-check-db-repl.sh

Running with with console output

Running : /usr/bin/samba-tool ldapcmp --filter='whenChanged' ldap://dc1 ldap://dc2.internal.domain.tld.

Please wait.. this can take a while..

 

* Comparing [DOMAIN] context...

 

* Objects to be compared: 672

 

* Result for [DOMAIN]: SUCCESS

 

* Comparing [CONFIGURATION] context...

 

* Objects to be compared: 1665

 

* Result for [CONFIGURATION]: SUCCESS

 

* Comparing [SCHEMA] context...

 

* Objects to be compared: 1591

 

* Result for [SCHEMA]: SUCCESS

 

* Comparing [DNSDOMAIN] context...

 

* Objects to be compared: 338

 

* Result for [DNSDOMAIN]: SUCCESS

 

* Comparing [DNSFOREST] context...

 

* Objects to be compared: 20

 

* Result for [DNSFOREST]: SUCCESS

.. Next check..

Running : samba-tool drs showrepl

              No errors found

 

 

Greetz, 

 

Louis

 

 

 


Van: Nico De Ranter [mailto:nico.deranter at esaturnus.com] 
Verzonden: maandag 18 januari 2016 16:15
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba DC sync issues - help


 

I ran the script both with and without password.  I also tried 'echo "kkkkk" | kinit Administrator" but that didn't work either, it blocks on the password.


I'm running Ubuntu 15.10


Nico


 

On Mon, Jan 18, 2016 at 4:06 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:

Hai Nico,

 

Ok great, its fixed, and yes, i do think that the reboot fixed it, dont ask my why, i dont know.. i only know the fix ;-)

Seen this few times before..

 

About the script, did you run it without the password in the script or with the password in the script?

So i can check whats wrong there.

 

Your running samba 4.1.17 ? on which os?

 

Greetz,

 

Louis

 

 

 


Van: Nico De Ranter [mailto:nico.deranter at esaturnus.com]
Verzonden: maandag 18 januari 2016 15:57
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba DC sync issues - help



 

 


Hi Louis,


Rebooted DC1


Rebooted DC2


Ran "samba-tool drs replicate dc1 dc2 DC=win,DC=office"
Replicate from dc2 to dc1 was successful.


Unfortunately samba-check-db-repl.sh seems to be hanging when doing 'kinit Administrator ' (if seems ' echo"pwd" | kinit Administrator' doesn't seem to manage to pass on the password for some reason)


However when I now run an ldapcmp I see success everywhere.  When I update something via Windows and run ldapcmp afterwards everything is still ok.


So either the reboot of dc1 fixed it (I didn't try that before as it was the one running my whole network as dc2 was down) or the reverse replicate fixed it (am I totaly misunderstaning 'samba-tool drs replcate destination source' or is the manual wrong?)


Thank you very much for your help!


Nico

 

On Mon, Jan 18, 2016 at 12:04 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:

Hai,

Reboot both servers first, DC1 and wait until its fully up, then reboot DC2, and run the replicate again but now like this :

samba-tool drs replicate dc_WITH_FSMO_ROLES dc_TO_SYNC_TO DC=win,DC=office

report if this worked.

And check with this one, you can run it on any samba DC.
https://secure.bazuin.nl/scripts/samba-check-db-repl.sh

configure it, and run it, and report back.
For the configure, NT_ADMIN_USER/PASS is sufficient.
And set CONFIGURED to yes


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Nico De Ranter
> Verzonden: maandag 18 januari 2016 11:34
> Aan: samba
> Onderwerp: [Samba] Samba DC sync issues - help

>
> Help, my Samba DC's refuse to sync :-(
>
> I have 2 Samba 4.1.17 DC servers.  I made some changes via Active
> Directory
> USer and Computers on Windows.  However even after a weekend the changes
> do
> not appear on the second DC.
>
> If I run
> samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
> --filter=msDS-NcType,serverState,subrefs
>
> I see:
>
> ************************************************************
>
> Password for [OFFICE\administrator]:
>
> * Comparing [DOMAIN] context...
>
> * DN lists have different size: 397 != 396
>     CN=NICO-PC-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
>     CN=NICO-VM,CN=Computers,DC=win,DC=office
>     CN=dcim,CN=Computers,DC=win,DC=office
>     CN=NICO-VM,OU=OPS,OU=DomainComputers,DC=win,DC=office
>     CN=dcim,OU=Servers,OU=DomainComputers,DC=win,DC=office
>
> * Objects to be compared: 394
> Comparing:
> 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc1]
> 'CN=virtpc,OU=DomainUsers,DC=win,DC=office' [ldap://dc2]
>     Difference in attribute values:
>         homeDirectory =>
> ['\\\\storage\\virtpc']
> ['\\\\storage.office\\virtpc']
>     FAILED
> ...[snip removed lots of similar errors for all other users]...
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes with different values:
>
>     homeDirectory
>
> Attributes found only in ldap://dc2:
>
>     description
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1615
>
> * Result for [CONFIGURATION]: SUCCESS
>
> * Comparing [SCHEMA] context...
>
> * Objects to be compared: 1550
>
> * Result for [SCHEMA]: SUCCESS
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 56
>
> * Result for [DNSDOMAIN]: SUCCESS
>
> * Comparing [DNSFOREST] context...
>
> * Objects to be compared: 18
>
> * Result for [DNSFOREST]: SUCCESS
> ERROR: Compare failed: -1
>
> *************************************************************************
>
> Running a manual replication seems to work fine:
> samba-tool drs replicate dc2 dc1 DC=win,DC=office
> Replicate from dc1 to dc2 was successful.
>
> However nothing changes, when I do an ldapcmp I still see the same errors.
> What am I doing wrong? (Note: the clocks are synchronised)  I've been
> trying to solve this for a week now but I cannot figure out what is going
> wrong.
>
> Nico
>
>






--

Nico De Ranter

Operations Engineer

T. +32 16 40 12 82

M. +32 497 91 53 78




 

 

eSATURNUS
Romeinse straat 12
3001 Leuven – Belgium

T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com

 

 

 












































--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba







-- 

Nico De Ranter

Operations Engineer

T. +32 16 40 12 82

M. +32 497 91 53 78






 

eSATURNUS
Romeinse straat 12
3001 Leuven – Belgium
	
T. +32 16 40 12 82
F. +32 16 40 84 77
www.esaturnus.com



  

 

More information about the samba mailing list