[Samba] updates of repsFrom/repsTo attributes (was : Re: replPropertyMetaData & KCC issues after updating to Samba 4.5.0)
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Sat Sep 24 11:32:33 UTC 2016
Hi LingPanda101,
....
>
> DC=domain,DC=local
> site-c\DUNDC1 via RPC
> DSA object GUID: a216e718-488f-4821-8d9c-a399e6789222
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=local
> site-c\DUNDC2 via RPC
> DSA object GUID: 3c08db42-9416-40df-99ad-6d0c0ec554a6
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=local
> Default-First-Site-Name\PFDC1 via RPC
> DSA object GUID: acc2392f-9567-450f-bcb3-4fb1034b8753
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=local
> site-b\SOLDC1 via RPC
> DSA object GUID: 55e069f5-4f47-415b-8fa4-a398948235aa
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=local
> Default-First-Site-Name\PFDC2 via RPC
> DSA object GUID: e6284e90-f964-4643-b6a6-5baafdd7ba36
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=domain,DC=local
> site-c\DUNDC1 via RPC
> DSA object GUID: a216e718-488f-4821-8d9c-a399e6789222
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 7b7ddab7-4377-44f4-9831-8fe7feb55115
> Enabled : TRUE
> Server DNS name : SOLDC1.domain.local
> Server DN name : CN=NTDS
> Settings,CN=SOLDC1,CN=Servers,CN=site-b,CN=Sites,CN=Configuration,DC=domain,DC=local
>
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> I have what appears to still be a full mesh replication. Shouldn't the
> outbound and inbound neighbors be reflective of the KCC connection
> objects? I would expect to find only inbound and outbound connections
> for SOLDC1. Maybe I'm completely misinterpreting the intended behavior.
the job of the samba_kcc script is to create the ntdsConnection objects.
Afterward the repsFrom/repsTo attribute are created in accordance with
the ntdsConnection objects (you can force the creation using samba-tool
drs replicate although). You can check that the process is asynchronous
when you join a new DC, the INBOUND and OUTBOUND entries are coming
later on after the ntdsConnection object has been created.
You can find repsFrom/repsTo attributes at on the root ldap entries of
each of the five AD partitions. Those entries correspond to the INBOUND
and OUTBOUND display in the samba-tool drs showrepl command.
However there is currently no standard way to delete the leftover of
repsfrom/repsto, others than deleting the repsFrom/repsTo attribute
manually or through scripting (python-ldb is your friend here).
I had a discussion with Garming a while ago about this issue, and it was
not clear what process was responsible to remove spurious/leftover
repsfrom/repsto attribute. With the old kcc, it was not such an issue
because it was full meshed, however with the new KCC, it would indeed be
good to have some more tooling for drs maintenance and monitoring.
By the way, KCC computation algorithm specifications from Microsoft are
kind of mind boggling, so there might need some more tweaking, but
thanks to Garming it is has done the job for us since 4.3.0 for almost
one year.
Cheers,
Denis
>
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list