[Samba] Samba Active Directory Domain Controller

lingpanda101 lingpanda101 at gmail.com
Fri May 5 15:33:50 UTC 2017 

On 5/5/2017 11:08 AM, Anantha Raghava wrote:
>
> Hello James,
>
> Even after setting the rfc2307 in smb.conf replication error continues 
> and password change error continues. Error thrown while forcing 
> replication is shown below.
>
> -------------------------------------------------------------------
> Even after setting RFC, DC2 is not getting synced from DC1. Connection 
> time out error comes.
>
> #samba-tool drs replicate DC2.KTKBANKLTD.COM 
> <http://DC2.KTKBANKLTD.COM> DC1.KTKBANKLTD.COM 
> <http://DC1.KTKBANKLTD.COM> DC=ForestDnsZones,DC=KTKBANKLTD,DC=COM
>
> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for 
> ncacn_ip_tcp:172.20.107.31[1024,seal,target_hostname=DC2.KTKBANKLTD.COM 
> <http://DC2.KTKBANKLTD.COM>,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.20.107.31] 
> NT_STATUS_IO_TIMEOUT
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to 
> DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> failed - drsException: 
> DRS connection to DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> 
> failed: (-1073741643, '{Device Timeout} The specified I/O operation on 
> %hs was not completed before the time-out period expired.')
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", 
> line 41, in drsuapi_connect
>     (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = 
> drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", 
> line 54, in drsuapi_connect
>     raise drsException("DRS connection to %s failed: %s" % (server, e))
> ----------------------------------------------------------------------
>
> Also, as you had suggested, we have run the command 'samba-tool domain 
> passwordsettinsg show'
> ----------------------------------------------------------------------
> Before modification:
>
> Password informations for domain 'DC=ktkbankltd,DC=com'
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 7
> Minimum password age (days): 1
> Maximum password age (days): 42
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
> ----------------------------------------------------------------------------------
> Passowrd information for domain after modification using samba-tool:
>
> Password informations for domain 'DC=ktkbankltd,DC=com'
>
> Password complexity: off
> Store plaintext passwords: off
> Password history length: 3
> Minimum password length: 7
> Minimum password age (days): 0
> Maximum password age (days): 60
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
> ---------------------------------------------------------------------------------
>
> When we reset the password policy using samba-tool, after about 10 
> minutes, the policy comes to DC2 from DC1 and users are allowed to 
> change their password. Now we have disabled the GPO for Password 
> settings.
>
> Probably I feel, due to this replication issue, the DB is becoming 
> inconsistent and errors are being thrown. Also, DNS errors appear to 
> exist in the Domain Controllers. We are using INTERNAL DNS which is 
> adding to problem.
>
> Request you to help us in solving this issue.
>
> -- 
>
> Thanks & Regards,
>
>
> Anantha Raghava
>
>
> DISCLAIMER:
> This e-mail communication and any attachments may be privileged and 
> confidential to eXza Technology Consulting & Services, and are 
> intended only for the use of the recipients named above If you are not 
> the addressee you may not copy, forward, disclose or use any part of 
> it. If you have received this message in error, please delete it and 
> all copies from your system and notify the sender immediately by 
> return e-mail. Internet communications cannot be guaranteed to be 
> timely, secure, error or virus-free. The sender does not accept 
> liability for any errors or omissions.
>
>
> Do not print this e-mail unless required. Save Paper & trees.
>
> On Thursday 04 May 2017 06:15 PM, lingpanda101 wrote:
>>
>> Thanks & Regards,
>>
>
The error on replication is

failed: (-1073741643, '{Device Timeout} The specified I/O operation on 
%hs was not completed before the time-out period expired

Are DC1 and DC2 in the same geographical location? Can you post the 
results of

'samba-tool drs showrepl' from DC1 and DC2?

It also appears you are missing

'dns forwarder ='

in DC2 smb.conf

I see you commented this out of DC1

#interfaces = 127.0.0.1 172.20.107.30

I would verify you have correctly assigned the proper hostname and 
static IP's on each DC. Can you run this command again and append -d 4? 
This will provide additional debug info.


'samba-tool drs replicate DC2.KTKBANKLTD.COM <http://DC2.KTKBANKLTD.COM> 
DC1.KTKBANKLTD.COM <http://DC1.KTKBANKLTD.COM> 
DC=ForestDnsZones,DC=KTKBANKLTD,DC=COM -d 4'

I'm also unclear from your message if you are still having password 
issues or not.




-- 
--
James

More information about the samba mailing list