[Samba] Made a join with a netbios name, which already existed, now replication errors

thom_schu at gmx.de thom_schu at gmx.de
Mon Jul 31 18:06:34 UTC 2017 

> When you joined samba4 named as samba3, you removed the account for
> samba3. So the server that thought of itself as samba3 can't operate
> any more, essentially it has been force-demoted. 
> 
> I guess you need to remove them both and start again from samba1 and
> samba2.


hello,

I let the samba1 and samba2 untouched. They are still working with SLES 11 and samba 4.3.11 from sernet.
Since I broke samba3 with the installation of samba4, I installed a samba5 with SLES 12 and samba 4.6.6 (sernet),
so that I could demote samba3/samba4 with "samba-tool domain demote --remove-other-dead-server=" executed on samba5.
The first try with the name "samba3" or "samba4" didnt work, but with the GUID I could successfully demote.

samba1, samba2 and samba5 seem to work perfect. Then I made a new installation of samba3 (SLES 12 and samba 4.6.6)
and also joined that one. Now there are replication-errors on samba3.

While samba1, samba2 and samba5 seem to replicate with each other, even with the samba3,
so samba3 has the following error with samba2:

  Default-First-Site-Name\SAMBA2 via RPC
                DSA object GUID: 9455b34f-a395-449e-b7bb-9a900d59fdfe
                Last attempt @ Mon Jul 31 19:24:03 2017 CEST failed, result 8453 (WERR_DS_DRA_ACCESS_DENIED)
                58 consecutive failure(s).
                Last success @ Mon Jul 31 19:24:03 2017 CEST

On samba3 all entries under "INBOUND NEIGHBORS" have this error (WERR_DS_DRA_ACCESS_DENIED) with samba2.
The entries under "OUTBOUND NEIGHBORS" are all with success.
Under "KCC CONNECTION OBJECTS" samba1 is missing.

samba2 has a lot of entries in the "log.samba" like that:

  [2017/07/31 19:59:02.987782,  0] ../source4/rpc_server/drsuapi/updaterefs.c:276(dcesrv_drsuapi_DsReplicaUpdateRefs)
    ../source4/rpc_server/drsuapi/updaterefs.c:276: Refusing DsReplicaUpdateRefs for sid S-1-5-21-492433167-3996512854-4160196905-8869 with GUID 8eea9ec6-3610-477b-8770-93b467508e57

This is the GUID from samba3.

Regards

More information about the samba mailing list