[Samba] Samba 4.6.x as secondary DC to Windows 2008 R2
L.P.H. van Belle
belle at bazuin.nl
Fri May 12 10:05:00 UTC 2017
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Prof. Dr. Michael Schefczyk via samba
> Verzonden: donderdag 11 mei 2017 18:43
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba 4.6.x as secondary DC to Windows 2008 R2
>
> Dear All,
>
> I am running a two location SOHO network with a Microsoft AD
> on a Windows 2008 R2 server. In detail, the infrastructure is
> as follows:
>
> Primary location:
> - 1 DC on Windows 2008 R2 hardware server
> - 1 DC on Windows 2008 R2 virtual server
> - 2 DC on Windows 2016 virtual servers (forest functional level 2008)
> - 1 DC on Samba 4.6.2 on Debian Jessie
>
> Secondary location:
> - 1 DC on Samba 4.6.3 on Debian Jessie
>
> My aim is to become more independent from Microsoft products.
+1, got that already off my checklist.
> Over time, I will be unable to avoid upgrading my Windows
> servers to Windows 2016 - which does not mean that the DC
> level needs to be upgraded to Server 2016 (known to
> incompatible with Samba).
>
> My problem is twofold:
>
> 1) It seems that at least joining the domain and the initial
> replication is possible only with Samba DC and Windows 2008
> R2 DC, not with Windows 2016 DC, even if forest level is
> 2008. That is a problem, because once no 2008 servers will
> remain, the possibilities to join as a DC shrinks.
>
> Is this correct and is there a cure?
Yes, and no/maybe.
Keep an eye on : https://bugzilla.samba.org/show_bug.cgi?id=12204 and
And no. 2016 join as DC is not supported yet, you can join the windows as member server.
>
> 2) While the Windows DC are very reliable and able to recover
> pretty much any interruption of services (except scaling back
> a virtual machine to a previous point in time, of course),
> Samba 4.6.x does seem to be pretty sensitive. It seems that
> the slightest interruption of service in the wrong moment
> kills further replications permanently. Such interruptions
> include a reboot at the wrong moment or minimal interruptions
> of connectivity (e. g., online backup of a VM or seconds of
> loss of VPN connectivity between locations). From such point
> in time, the Microsoft DCs throw an error which indicates
> that schemas to no longer match (original error message in
> German below).
>
> So far, the only fix was to shut down the affected Samba DC,
> force delete it from a Windows 2008 R2 DC, delete the
> relevant .tdb and .ldb databases, restart samba and rejoin
> the domain. Since this does happen frequently (so far, my
> setup did not survive for any single calendar month
> consistently), I would very much welcome to learn if there is
> a better recovery technique.
I run 2 samba DC's, and i do my maintanance at office times.
Nobody notice this, even not when i down my server for a few hours if needed.
>
> Is my setup feasible at all? Should I better give up and
> install a Windows 2016 DC in my secondary location to achieve
> good reliability?
I would install a samba AD DC at the remove, and drop the windows completely.
But i cant tell how importand your windows servers are, thats up to you.
>
> I would be very happy to find a reliable solution for two
> reasons: a) I do prefer open source. b) I would like to build
> a two node CTDB cluster. But I would feel terrible if I
> procured two hardware servers only to find the same
> reliability issues with the CTDB cluster as well.
Stefan Kania wrote this. CTDB with Gluster Howto
www.kania-online.de/wp-content/uploads/2017/01/ubuntu-cluster.txt
( includes vfs-modules "glusterfs", "shadow_copy2" and "recycle" )
About the error below.
Check/compare the samba schema and windows versions.
https://wiki.samba.org/index.php/AD_Schema_Version_Support
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
>
> Regards,
>
> Michael
>
>
>
>
>
> Protokollname: Directory Service
> Quelle: Microsoft-Windows-ActiveDirectory_DomainService
> Datum: XX.XX.2017 20:55:42
> Ereignis-ID: 1791
> Aufgabenkategorie:Replikation
> Ebene: Fehler
> Schlüsselwörter:Klassisch
> Benutzer: ANONYMOUS-ANMELDUNG
> Computer: servercore.schefczyk.local
> Beschreibung:
> Die Replikation der Anwendungsverzeichnispartition
> DC=schefczyk,DC=local von Quelle
> 11d000d6-f318-44fa-9935-dfc82a28c282
> (domainb72.schefczyk.local) wurde abgebrochen. Für die
> Replikation ist ein konsistentes Schema erforderlich, aber
> beim letzten Versuch, das Schema zu synchronisieren, ist ein
> Fehler aufgetreten. Ein ordnungsgemäßes Funktionieren der
> Schemareplikation ist äußerst wichtig. Betrachten Sie die
> vorangegangenen Fehler zur weiteren Analyse. Wenden Sie sich
> an Microsoft Support Services, falls das Problem weiterhin
> besteht. Fehler 8418: Der Replikationsvorgang ist
> fehlgeschlagen, da Schemas unter den beteiligten Servern
> nicht übereinstimmten..
> Ereignis-XML:
> <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
> <System>
> <Provider
> Name="Microsoft-Windows-ActiveDirectory_DomainService"
> Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}"
> EventSourceName="NTDS General" />
> <EventID Qualifiers="49152">1791</EventID>
> <Version>0</Version>
> <Level>2</Level>
> <Task>5</Task>
> <Opcode>0</Opcode>
> <Keywords>0x8080000000000000</Keywords>
> <TimeCreated SystemTime="2017-XX-XXT19:55:42.634417100Z" />
> <EventRecordID>35100</EventRecordID>
> <Correlation />
> <Execution ProcessID="816" ThreadID="1856" />
> <Channel>Directory Service</Channel>
> <Computer>servercore.schefczyk.local</Computer>
> <Security UserID="S-1-5-7" />
> </System>
> <EventData>
> <Data>DC=schefczyk,DC=local</Data>
> <Data>11d000d6-f318-44fa-9935-dfc82a28c282
> (domainb72.schefczyk.local)</Data>
> <Data>8418</Data>
> <Data>Der Replikationsvorgang ist fehlgeschlagen, da
> Schemas unter den beteiligten Servern nicht übereinstimmten.</Data>
> </EventData>
> </Event>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list