[Samba] Samba 4.6 replication issue (WERR_FILE_NOT_FOUND)

Vadim V. Raskhozhev iamdexpl at gmail.com
Sat Aug 12 19:51:23 UTC 2017 

Hello!

Please help me with the following issue:

My employer has an Active Directory with four samba4 domain controllers 
named dc1, dc2, dc3, dc4. `samba-tool drs showrepl` on dc2 constantly shows

DC=mydomain
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 48bff36e-35e2-4b09-9e40-9d73b9a5387b
                 Last attempt @ Sat Aug 12 21:48:43 2017 MSK failed, 
result 2 (WERR_FILE_NOT_FOUND)
                 3798 consecutive failure(s).
                 Last success @ Sun Jul 30 23:25:55 2017 MSK

in its '==== INBOUND NEIGHBORS ====' and

DC=mydomain
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 48bff36e-35e2-4b09-9e40-9d73b9a5387b
                 Last attempt @ Sat Aug 12 21:49:49 2017 MSK failed, 
result 2 (WERR_FILE_NOT_FOUND)
                 7 consecutive failure(s).
                 Last success @ NTTIME(0)

in its '==== OUTBOUND NEIGHBORS ====' (DC=mydomain here substitutes the 
actual DC=... line since I'm not free to expose it). I've run

     samba-tool drs replicate dc2 dc1 DC=mydomain -d 6

and

     samba-tool drs replicate dc2 dc4 DC=mydomain -d 6

and compared log outputs (attached) but still have no clues to this 
issue. Samba version on hosts in question are

4.6.6 on dc1,

4.6.7 on dc2,

4.6.2 on dc4.

Not showing `samba-tool drs showrepl` from dc3 and dc4 because the 
former is sernet-samba-common-4.2.12-22.el7.x86_64 (quite old and 
planned for upgrade ASAP) and the latter has no replication agreement 
with dc1 at all. There's also Win Serv 2003 based DC, but I'm gonna wipe 
it off soon and mentioning it here just for fullness.

smb.conf from dc1:

# Global parameters
[global]
         interfaces = lo eth0
         netbios name = DC1
         realm = MYDOMAIN # actual realm substituted
         workgroup = MYDOMAIN # actual workgroup substituted
         log level = 3
         server role = active directory domain controller
         winbind enum groups = yes
         winbind enum users = yes

[netlogon]
         path = /var/lib/samba/sysvol/mydomain/scripts # actual path 
substituted
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

smb.conf on dc2 and dc4 differs from the above only in 'netbios name'.

`samba -b` from dc1:

Samba version: 4.6.6
Build environment:
    Build host:  Linux 99f3e1c0b9a7449a8969a6f3f3fb5161 
4.11.0-2.fc26.x86_64 #1 SMP Tue May 9 15:24:49 UTC 2017 x86_64 x86_64 
x86_64 GNU/Linux
Paths:
    BINDIR: /usr/bin
    SBINDIR: /usr/sbin
    CONFIGFILE: /etc/samba/smb.conf
    NCALRPCDIR: /run/samba/ncalrpc
    LOGFILEBASE: /var/log/samba
    LMHOSTSFILE: /etc/samba/lmhosts
    DATADIR: /usr/share
    MODULESDIR: /usr/lib64/samba
    LOCKDIR: /var/lib/samba/lock
    STATEDIR: /var/lib/samba
    CACHEDIR: /var/lib/samba
    PIDDIR: /run
    PRIVATE_DIR: /var/lib/samba/private
    CODEPAGEDIR: /usr/share/samba/codepages
    SETUPDIR: /usr/share/samba/setup
    WINBINDD_SOCKET_DIR: /run/samba/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd

`samba -b` from dc2:

Samba version: 4.6.7
Build environment:
    Build host:  Linux d5589f2efa7c4700957f06e3bd41b4cc 
4.11.0-2.fc26.x86_64 #1 SMP Tue May 9 15:24:49 UTC 2017 x86_64 x86_64 
x86_64 GNU/Linux
Paths:
    BINDIR: /usr/bin
    SBINDIR: /usr/sbin
    CONFIGFILE: /etc/samba/smb.conf
    NCALRPCDIR: /run/samba/ncalrpc
    LOGFILEBASE: /var/log/samba
    LMHOSTSFILE: /etc/samba/lmhosts
    DATADIR: /usr/share
    MODULESDIR: /usr/lib64/samba
    LOCKDIR: /var/lib/samba/lock
    STATEDIR: /var/lib/samba
    CACHEDIR: /var/lib/samba
    PIDDIR: /run
    PRIVATE_DIR: /var/lib/samba/private
    CODEPAGEDIR: /usr/share/samba/codepages
    SETUPDIR: /usr/share/samba/setup
    WINBINDD_SOCKET_DIR: /run/samba/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd

`samba -b` from dc4:

Samba version: 4.6.2
Build environment:
    Build host:  Linux copr-builder-106215192.novalocal 
4.5.5-300.fc24.x86_64 #1 SMP Thu May 19 13:05:32 UTC 2016 x86_64 x86_64 
x86_64 GNU/Linux
Paths:
    BINDIR: /usr/bin
    SBINDIR: /usr/sbin
    CONFIGFILE: /etc/samba/smb.conf
    NCALRPCDIR: /run/samba/ncalrpc
    LOGFILEBASE: /var/log/samba
    LMHOSTSFILE: /etc/samba/lmhosts
    DATADIR: /usr/share
    MODULESDIR: /usr/lib64/samba
    LOCKDIR: /var/lib/samba/lock
    STATEDIR: /var/lib/samba
    CACHEDIR: /var/lib/samba
    PIDDIR: /run
    PRIVATE_DIR: /var/lib/samba/private
    CODEPAGEDIR: /usr/share/samba/codepages
    SETUPDIR: /usr/share/samba/setup
    WINBINDD_SOCKET_DIR: /run/samba/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd


-- 
Sincerely
Vadim Raskhozhev

More information about the samba mailing list