[Samba] Samba Active Directory Domain Controller

Fri May 5 15:08:46 UTC 2017

Hello James,

Even after setting the rfc2307 in smb.conf replication error continues 
and password change error continues. Error thrown while forcing 
replication is shown below.

-------------------------------------------------------------------
Even after setting RFC, DC2 is not getting synced from DC1. Connection 
time out error comes.

#samba-tool drs replicate DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> 
DC1.KTKBANKLTD.COM <http://DC1.KTKBANKLTD.COM> 
DC=ForestDnsZones,DC=KTKBANKLTD,DC=COM

Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for 
ncacn_ip_tcp:172.20.107.31[1024,seal,target_hostname=DC2.KTKBANKLTD.COM 
<http://DC2.KTKBANKLTD.COM>,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.20.107.31] 
NT_STATUS_IO_TIMEOUT
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to 
DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> failed - drsException: 
DRS connection to DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> failed: 
(-1073741643, '{Device Timeout} The specified I/O operation on %hs was 
not completed before the time-out period expired.')
   File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", 
line 41, in drsuapi_connect
     (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = 
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
   File 
"/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", 
line 54, in drsuapi_connect
     raise drsException("DRS connection to %s failed: %s" % (server, e))
----------------------------------------------------------------------

Also, as you had suggested, we have run the command 'samba-tool domain 
passwordsettinsg show'
----------------------------------------------------------------------
Before modification:

Password informations for domain 'DC=ktkbankltd,DC=com'

Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
----------------------------------------------------------------------------------
Passowrd information for domain after modification using samba-tool:

Password informations for domain 'DC=ktkbankltd,DC=com'

Password complexity: off
Store plaintext passwords: off
Password history length: 3
Minimum password length: 7
Minimum password age (days): 0
Maximum password age (days): 60
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
---------------------------------------------------------------------------------

When we reset the password policy using samba-tool, after about 10 
minutes, the policy comes to DC2 from DC1 and users are allowed to 
change their password. Now we have disabled the GPO for Password settings.

Probably I feel, due to this replication issue, the DB is becoming 
inconsistent and errors are being thrown. Also, DNS errors appear to 
exist in the Domain Controllers. We are using INTERNAL DNS which is 
adding to problem.

Request you to help us in solving this issue.

-- 

Thanks & Regards,

Anantha Raghava

DISCLAIMER:
This e-mail communication and any attachments may be privileged and 
confidential to eXza Technology Consulting & Services, and are intended 
only for the use of the recipients named above If you are not the 
addressee you may not copy, forward, disclose or use any part of it. If 
you have received this message in error, please delete it and all copies 
from your system and notify the sender immediately by return e-mail. 
Internet communications cannot be guaranteed to be timely, secure, error 
or virus-free. The sender does not accept liability for any errors or 
omissions.

Do not print this e-mail unless required. Save Paper & trees.

On Thursday 04 May 2017 06:15 PM, lingpanda101 wrote:
>
> Thanks & Regards,
>