[Samba] Error in Second Samba Domain Controller

Sat Mar 26 22:56:00 UTC 2016

I do not use AD sites, however I am willing to here you out a simple guide
would help since I have not used sites before, As for the error that I had
when trying to replication it was fixed by a simple entry in hosts file on
the samba computer. I am suspecting a DNS error is occurring somewhere
because I am having LDAP (my Macs log shows that after looking for the
cached ip address it timeout, Windows clams that a DNS record is not
correct) issues when only the second domain controller is online. Openvpn
doesn't appear to have any issues because on a different domain I have the
same setup (but with no Windows DC and only a Samba domain controller) and
it works fine.

On Thu, Mar 24, 2016 at 12:26 PM, mathias dufresne <infractory at gmail.com>
wrote:

> Very short reply as I have to leave the office in few minutes...
>
> I remember have read something about issues when using OpenVPN. For now I
> don't remind what were these issues.
>
> About log in issue: do you use AD Sites? As far as I understood this is
> THE way to get failover. You create a site, you attribute a network (CIDR
> form) to that site and then client would try to connect on one DC in the
> site they belong. If no DC is available in the AD Site, the client will
> re-do the DC search without including site in DNS request. This means the
> client will try to find an available DC among all DC of your domain.
>
> Could be also DNS issue I think but not enough information to tell for now.
>
>
> 2016-03-23 14:21 GMT+01:00 Nicholas Rudd <nicholas.m.rudd at gmail.com>:
>
>> So a little background, in my domain we have 2 domain controllers, the
>> main
>> (A Windows Server 2008 R2), and a secondary that is was recently migrated
>> from Server 2003 R2 to Samba. Both domain controllers are offsite so we
>> use
>> OpenVpn to connect them, dns is set to the samba domain controller then
>> the
>> Windows server, this is due that the samba domain controller is up 24/7
>> while the Windows is only up for certain hours. So heres the problem, I
>> can
>> still login to the domain when the main domain controller is online,
>> however as soon as it goes offline I can no longer login, I can still get
>> online so I know DNS is kinda working, however when issuing "samba-tool
>> drs
>> showrepl"on the second domain controller I get
>>
>> **ERROR(<class 'samba.drs_utils.drsException'*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *>): DRS connection toip-172-31-15-16.ad.mydomain.com
>> <http://ip-172-31-15-16.ad.mydomain.com/> <
>> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>> <http://ip-172-31-15-16.ad/> .mydomain.com <http://mydomain.com>>failed -
>> drsException: DRS connection to ip-172-31-15-16.ad.mydomain.com
>> <http://ip-172-31-15-16.ad.mydomain.com/><
>> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>> <http://ip-172-31-15-16.ad/> .mydomain.com <http://mydomain.com>> failed:
>> (-1073741772, 'The objectname is not found.')**  File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",line
>> 39,
>> in drsuapi_connect**    (ctx.drsuapi, ctx.drsuapi_handle,
>> ctx.bind_supported_extensions) =drs_utils.drsuapi_connect(ctx.server,
>> ctx.lp, ctx.creds)**  File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",line 54,
>> in drsuapi_connect**    raise drsException("DRS connection to %s failed:
>> %s" % (server, e))**
>>
>> This is interesting becuase the IP that it is looking for is not mine,
>> mine
>> is ip-172-31-15-161.ad.mylocaldomain.com
>>
>> , I have logged into the DNS
>> management console many times and checked the records on the second (and
>> first) domain controller and the records look correct. Any suggestions?
>> --
>> Nicholas Rudd
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

-- 
Thanks,
Nicholas Rudd
nicholas.m.rudd at gmail.com