[Samba] DC site replication issue ?

lingpanda101 lingpanda101 at gmail.com
Mon Mar 6 20:48:00 UTC 2017 

On 3/6/2017 12:53 PM, Mircea Husz wrote:
> --------------------------------------------
> On Mon, 3/6/17, lingpanda101 via samba <samba at lists.samba.org> wrote:
>
>   Subject: Re: [Samba] DC site replication issue ?
>   To: samba at lists.samba.org
>   Date: Monday, March 6, 2017, 9:20 AM
>   
>   On 3/6/2017 9:56 AM,
>   Mircea Husz via samba wrote:
>   > All,
>   >
>   > I'm migrating a
>   samba3 domain to a new samba4 AD version 4.5.5. Did a fair
>   amount of testing on isolated vlans including two sites and
>   replication between two domain controllers.
>   >
>   > I'm now rolling
>   out DCs intended to become production shortly. One is in
>   Chicago, the other in NY, and each is configured in its own
>   timezone with NTP synching up.
>   >
>   > I am looking at a potential replication
>   issue and want to know if the message from 'samba-tool
>   drs showrepl' is indicative of trouble.
>   >
>   > The 'Inbound
>   neighbors' list looks correct on both CH and NY DCs. The
>   'Outbound neighbors' list on both DCs shows
>   'Last attempt @ NTTIME(0) was successful'. I listed
>   the full output at the bottom of this post.
>   >
>   > The logs don't
>   have overt error messages, although I admit I don't
>   understand everything that gets logged. I looked at levels
>   3, 5, and 10.
>   >
>   > I
>   tested replication by adding a DNS entry, adding an account,
>   then deleting the test account, and all that gets replicated
>   to the other DC. So it seems to work fine.
>   >
>   > Also I used the
>   ldapcmp tool, which came back with the only difference being
>   the uppercase vs lowercase bug between cn and CN, dc and DC
>   as per this report:
>   > https://bugzilla.samba.org/show_bug.cgi?id=12399
>   >
>   > Forcing replication
>   returns with success: 'Replicate from CH1-AD-V01 to
>   NY4-AD-V01 was successful.'
>   >
>   > So my questions are:
>   >
>   1 - Do others with DCs in multiple sites get an actual time
>   entry in the Outbound neighbors list instead of '@
>   NTTIME(0)' ?
>   >
>   > 2
>   - Is replication used in production with three or more sites
>   and timezones and is it reliable ? I'd like to know if
>   going to production with such a setup is generally
>   recommended based on real-life deployments.
>   >
>   > Thank you for all
>   input.
>   >
>   > The output
>   from 'samba-tool drs showrepl':
>   >
>   > CH1\CH1-AD-V01
>   > DSA Options: 0x00000001
>   > DSA object GUID:
>   ae57ed96-5b4a-4d86-befd-027711adfe26
>   >
>   DSA invocationId: cf59ac10-c027-4a45-8df5-218c88433fdd
>   >
>   > ==== INBOUND
>   NEIGHBORS ====
>   >
>   >
>   DC=ForestDnsZones,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ Fri Mar  3 11:23:46 2017 CST was
>   successful
>   > 0 consecutive failure(s).
>   > Last success @ Fri Mar  3 11:23:46 2017
>   CST
>   >
>   >
>   DC=DomainDnsZones,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ Fri Mar  3 11:23:46 2017 CST was
>   successful
>   > 0 consecutive failure(s).
>   > Last success @ Fri Mar  3 11:23:46 2017
>   CST
>   >
>   >
>   DC=ad,DC=corp,DC=com
>   > NY4\NY4-AD-V01 via
>   RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ Fri Mar  3 11:23:46 2017 CST was
>   successful
>   > 0 consecutive failure(s).
>   > Last success @ Fri Mar  3 11:23:46 2017
>   CST
>   >
>   >
>   CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
>   > NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ Fri Mar  3 11:23:47 2017 CST was
>   successful
>   > 0 consecutive failure(s).
>   > Last success @ Fri Mar  3 11:23:47 2017
>   CST
>   >
>   >
>   CN=Configuration,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ Fri Mar  3 11:23:47 2017 CST was
>   successful
>   > 0 consecutive failure(s).
>   > Last success @ Fri Mar  3 11:23:47 2017
>   CST
>   >
>   > ==== OUTBOUND
>   NEIGHBORS ====
>   >
>   >
>   DC=ForestDnsZones,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ NTTIME(0) was successful
>   >
>   0 consecutive failure(s).
>   > Last success
>   @ NTTIME(0)
>   >
>   >
>   DC=DomainDnsZones,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ NTTIME(0) was successful
>   >
>   0 consecutive failure(s).
>   > Last success
>   @ NTTIME(0)
>   >
>   >
>   DC=ad,DC=corp,DC=com
>   > NY4\NY4-AD-V01 via
>   RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ NTTIME(0) was successful
>   >
>   0 consecutive failure(s).
>   > Last success
>   @ NTTIME(0)
>   >
>   >
>   CN=Schema,CN=Configuration,DC=ad,DC=corp,DC=com
>   > NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ NTTIME(0) was successful
>   >
>   0 consecutive failure(s).
>   > Last success
>   @ NTTIME(0)
>   >
>   >
>   CN=Configuration,DC=ad,DC=corp,DC=com
>   >
>   NY4\NY4-AD-V01 via RPC
>   > DSA object GUID:
>   b7aea0b6-f0fa-477c-a44d-96a8b005450d
>   >
>   Last attempt @ NTTIME(0) was successful
>   >
>   0 consecutive failure(s).
>   > Last success
>   @ NTTIME(0)
>   >
>   > ====
>   KCC CONNECTION OBJECTS ====
>   >
>   > Connection --
>   >
>   Connection name: 2ab1b199-31a6-48d9-a87e-4aa10e8a2594
>   > Enabled        : TRUE
>   > Server DNS name :
>   ny4-ad-v01.ad.corp.com
>   > Server DN name
>   : CN=NTDS
>   Settings,CN=NY4-AD-V01,CN=Servers,CN=NY4,CN=Sites,CN=Configuration,DC=ad,DC=corp,DC=com
>   > TransportType: RPC
>   >
>   options: 0x00000001
>   > Warning: No NC
>   replicated for Connection!
>   >
>   > Thanks,
>   > -Mike
>   >
>   
>   I can
>   only answer number 1.  I have the same behavior with no
>   reporting
>   of the time stamp on Outbound
>   Neighbors.
>   
>   --
>   - James
>   
>
> Aside from the lack of timestamp, how long has replication worked in your setup ?
>
> Thanks,
> -Mike
>   
>
>   --
>   To unsubscribe from this
>   list go to the following URL and read the
>   instructions:  https://lists.samba.org/mailman/options/samba
>   

I have been using Samba since 2012 version 4.0 as a DC. Replication has 
never been a issue aside from my own misunderstanding of how Samba 
operates. My replication partners are contained within a MAN and not a 
WAN. My network consists of 6 DC's across 3 sites. I can't comment on 
time zone concerns however. The only issue I see if any is Sysvol 
replication. Make sure not to forget this step.

https://wiki.samba.org/index.php/SysVol_replication_(DFS-R)

-- 
- James

More information about the samba mailing list