[Samba] ADC 4.7.0 KCC replication failing with PDC 4.6.8
Harsh Kukreja
h.kukreja at ium.edu.na
Fri Oct 27 14:28:40 UTC 2017
Hi
I have created a new DC on the Ubuntu 16.04 with the latest sernet samba
4.7.0 package. After joining to the PDC running 4.6.8 package I backed up
the idmap.ldb file and copied to the new DC. When I run the samba-tool
ntacl sysvolreset command on the new DC to replicate GID Mappings it fails
with the below error:
open: error=2 (No such file or directory) ERROR(runtime): uncaught
exception - (-1073741823, '{Operation Failed} The requested operation was
unsuccessful.') File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in
_run return self.run(*args, **kwargs) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run
lp, use_ntvfs=use_ntvfs) File
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609,
in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb,
lp, use_ntvfs, passdb=s4_passdb) File
"/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1502,
in set_gpos_acl use_ntvfs=use_ntvfs, skip_invalid_chown=True,
passdb=passdb, service=SYSVOL_SERVICE) File
"/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP |
security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
Also on the PDC the INBOUND KCC is failing from the new DC:
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=iumnet,DC=edu,DC=na
Default-First-Site-Name\IUMSVRPDC via RPC
DSA object GUID: 27182378-a9c7-451e-bb95-7b2172a5f311
Last attempt @ Fri Oct 27 16:03:15 2017 WAST failed, result
1225 (WERR_CONNECTION_REFUSED)
28 consecutive failure(s).
Last success @ NTTIME(0)
Here is the smb.conf from both the servers:
*PDC*
# Global parameters
[global]
workgroup = IUMNET
realm = IUMNET.EDU.NA
netbios name = IUMDCDP01
server role = active directory domain controller
dns forwarder = 172.16.10.254
domain master = yes
preferred master = yes
server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
password server = 172.16.10.5
allow dns updates = nonsecure and secure
# lanman auth = Yes
# client lanman auth = Yes
ntlm auth = yes
client use spnego = no
client ldap sasl wrapping = sign
# ldap ssl ads = yes
# ldap ssl = start tls
ldap server require strong auth = no
# wins server = iumnet.edu.na
# wins support = Yes
time server = Yes
template shell = /bin/bash
template homedir = /home/%U
idmap config * : backend = tdb
idmap config *:range = 50000-1000000
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect disconnect
*ADC new DC*
# Global parameters
[global]
netbios name = IUMSVRPDC
realm = IUMNET.EDU.NA
workgroup = IUMNET
server role = active directory domain controller
dns forwarder = 172.16.10.254
server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
allow dns updates = nonsecure and secure
ntlm auth = yes
ldap server require strong auth = no
time server = Yes
template shell = /bin/bash
template homedir = /home/%U
idmap config * : backend = tdb
idmap config *:range = 50000-1000000
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect disconnect
The purpose of creating new DC is to transfer FSMO roles from current PDC
which is running on old Ubuntu 12.04 and shut it down. Please assist to
resolve the problem.
Thanks n Regards
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
More information about the samba
mailing list