[Samba] AD replication problem "WERR_DS_DRA_ACCESS_DENIED" - need help debugging
Dirk Laurenz
samba at laurenz.ws
Wed Apr 4 13:06:19 UTC 2018
Yes - is valid
root at samba03:~# ldbsearch -H /var/lib/samba/private/sam.ldb
'(invocationId=*)' --cross-ncs objectguid
# record 1
dn: CN=NTDS
Settings,CN=SAMBA03,CN=Servers,CN=Harz,CN=Sites,CN=Configuration,DC=local,DC
=laurenz,DC=ws
objectGUID: 63f4e656-6590-4c1d-a362-c3b97b5e464d
# record 2
dn: CN=NTDS
Settings,CN=SAMBA01,CN=Servers,CN=Zuhause,CN=Sites,CN=Configuration,DC=local
,DC=laurenz,DC=ws
objectGUID: 2f342b05-98f4-430d-8613-7fceff09f982
# record 3
dn: CN=NTDS
Settings,CN=SAMBA02,CN=Servers,CN=Zuhause,CN=Sites,CN=Configuration,DC=local
,DC=laurenz,DC=ws
objectGUID: 948e49d3-e161-46c1-a2a0-91072eb408cc
# returned 3 records
# 3 entries
# 0 referrals
If tried this serverReference fix .... seems to help
-----Ursprüngliche Nachricht-----
Von: Rowland Penny <rpenny at samba.org>
Gesendet: Mittwoch, 4. April 2018 14:50
An: samba at lists.samba.org
Cc: Dirk Laurenz <samba at laurenz.ws>
Betreff: Re: [Samba] AD replication problem "WERR_DS_DRA_ACCESS_DENIED" -
need help debugging
On Wed, 4 Apr 2018 14:32:22 +0200
Dirk Laurenz via samba <samba at lists.samba.org> wrote:
> Same error here...
>
> root at samba01:~# samba-tool ldapcmp ldap://samba01 ldap://samba02
> -Uadministrator --filter=CN,DC,member CONFIGURATION Password for
> [LAURENZ\administrator]:
>
Firstly, I wouldn't have joined the new DC's with the names of the old DC's.
Have you checked if
'63f4e656-6590-4c1d-a362-c3b97b5e464d._msdcs.local.laurenz.ws' is a valid
GUID ?
Is it something left over from an old join ?
Rowland
More information about the samba
mailing list