[Samba] Error in Second Samba Domain Controller

mathias dufresne infractory at gmail.com
Tue Mar 29 09:07:57 UTC 2016

So you have the root cause: DNS issue you just have to solve it.

To solve that DNS issue just declare missing entries, no?

What are missing entries? Those which timeout, no?

How to add them: DNS console from Microsoft RSAT or samba-tool dns add
command from samba.

Have fun.

2016-03-26 23:56 GMT+01:00 Nicholas Rudd <nicholas.m.rudd at gmail.com>:

> I do not use AD sites, however I am willing to here you out a simple guide
> would help since I have not used sites before, As for the error that I had
> when trying to replication it was fixed by a simple entry in hosts file on
> the samba computer. I am suspecting a DNS error is occurring somewhere
> because I am having LDAP (my Macs log shows that after looking for the
> cached ip address it timeout, Windows clams that a DNS record is not
> correct) issues when only the second domain controller is online. Openvpn
> doesn't appear to have any issues because on a different domain I have the
> same setup (but with no Windows DC and only a Samba domain controller) and
> it works fine.
> On Thu, Mar 24, 2016 at 12:26 PM, mathias dufresne <infractory at gmail.com>
> wrote:
>> Very short reply as I have to leave the office in few minutes...
>> I remember have read something about issues when using OpenVPN. For now I
>> don't remind what were these issues.
>> About log in issue: do you use AD Sites? As far as I understood this is
>> THE way to get failover. You create a site, you attribute a network (CIDR
>> form) to that site and then client would try to connect on one DC in the
>> site they belong. If no DC is available in the AD Site, the client will
>> re-do the DC search without including site in DNS request. This means the
>> client will try to find an available DC among all DC of your domain.
>> Could be also DNS issue I think but not enough information to tell for
>> now.
>> 2016-03-23 14:21 GMT+01:00 Nicholas Rudd <nicholas.m.rudd at gmail.com>:
>>> So a little background, in my domain we have 2 domain controllers, the
>>> main
>>> (A Windows Server 2008 R2), and a secondary that is was recently migrated
>>> from Server 2003 R2 to Samba. Both domain controllers are offsite so we
>>> use
>>> OpenVpn to connect them, dns is set to the samba domain controller then
>>> the
>>> Windows server, this is due that the samba domain controller is up 24/7
>>> while the Windows is only up for certain hours. So heres the problem, I
>>> can
>>> still login to the domain when the main domain controller is online,
>>> however as soon as it goes offline I can no longer login, I can still get
>>> online so I know DNS is kinda working, however when issuing "samba-tool
>>> drs
>>> showrepl"on the second domain controller I get
>>> **ERROR(<class 'samba.drs_utils.drsException'*
>>> *>): DRS connection toip-172-31-15-16.ad.mydomain.com
>>> <http://ip-172-31-15-16.ad.mydomain.com/> <
>>> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>>> <http://ip-172-31-15-16.ad/> .mydomain.com <http://mydomain.com>>failed
>>> -
>>> drsException: DRS connection to ip-172-31-15-16.ad.mydomain.com
>>> <http://ip-172-31-15-16.ad.mydomain.com/><
>>> <http://ip-172-31-15-16.ad.mydomain.com/>http://ip-172-31-15-16.ad
>>> <http://ip-172-31-15-16.ad/> .mydomain.com <http://mydomain.com>>
>>> failed:
>>> (-1073741772, 'The objectname is not found.')**  File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",line
>>> 39,
>>> in drsuapi_connect**    (ctx.drsuapi, ctx.drsuapi_handle,
>>> ctx.bind_supported_extensions) =drs_utils.drsuapi_connect(ctx.server,
>>> ctx.lp, ctx.creds)**  File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",line
>>> 54,
>>> in drsuapi_connect**    raise drsException("DRS connection to %s failed:
>>> %s" % (server, e))**
>>> This is interesting becuase the IP that it is looking for is not mine,
>>> mine
>>> is ip-172-31-15-161.ad.mylocaldomain.com
>>> , I have logged into the DNS
>>> management console many times and checked the records on the second (and
>>> first) domain controller and the records look correct. Any suggestions?
>>> --
>>> Nicholas Rudd
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
> --
> Thanks,
> Nicholas Rudd
> nicholas.m.rudd at gmail.com

More information about the samba mailing list