[Samba] DRS Replication between two DC's Failing
Harsh Kukreja
h.kukreja at ium.edu.na
Thu Jan 11 18:57:18 UTC 2018
Hi
I have tried using FQDN for DC1 and DC2 but still it is failing.Please
assist to fix
samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc
DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 0
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[softshare]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print]
Mapped to DCERPC endpoint 135
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Mapped to DCERPC endpoint 1024
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [IUMNET\Administrator]:
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0: DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
29e318da-d660-4a24-94d9-81e86b5a1e82
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name iumdcdp01.iumnet.edu.na
<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1397
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x00000066 (102)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000016 (22)
dn :
'DC=iumnet,DC=edu,DC=na'
source_dsa_guid :
27182378-a9c7-451e-bb95-7b2172a5f311
source_dsa_dns : NULL
options : 0x02000010 (33554448)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
1: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba <
samba at lists.samba.org> wrote:
> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>
>> Hi
>>
>> The DRS sync between two Domain Controllers connected on one network is
>> failing. I have enabled the log level 9.
>>
>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>> --full-sync -UAdministrator
>> INFO: Current debug levels:
>> all: 9
>> tdb: 9
>> printdrivers: 9
>> lanman: 9
>> smb: 9
>> rpc_parse: 9
>> rpc_srv: 9
>> rpc_cli: 9
>> passdb: 9
>> sam: 9
>> auth: 9
>> winbind: 9
>> vfs: 9
>> idmap: 9
>> quota: 9
>> acls: 9
>> locking: 9
>> msdfs: 9
>> dmapi: 9
>> registry: 9
>> scavenger: 9
>> dns: 0
>> ldb: 9
>> tevent: 9
>> auth_audit: 9
>> auth_json_audit: 9
>> kerberos: 9
>> drs_repl: 9
>> Processing section "[netlogon]"
>> Processing section "[sysvol]"
>> Processing section "[softshare]"
>> pm_process() returned Yes
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
>> Mapped to DCERPC endpoint 135
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Mapped to DCERPC endpoint 1024
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> Password for [IUMNET\Administrator]:
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsBind: struct drsuapi_DsBind
>> in: struct drsuapi_DsBind
>> bind_guid : *
>> bind_guid :
>> e24d201a-4fd6-11d1-a3da-0000f875ae0d
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x0fefff7f (267386751)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 00000000-0000-0000-0000-000000000000
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> drsuapi_DsBind: struct drsuapi_DsBind
>> out: struct drsuapi_DsBind
>> bind_info : *
>> bind_info: struct drsuapi_DsBindInfoCtr
>> length : 0x0000001c (28)
>> __ndr_length : 0x0000001c (28)
>> info : union
>> drsuapi_DsBindInfo(case 28)
>> info28: struct drsuapi_DsBindInfo28
>> supported_extensions : 0x2fffff6f (805306223)
>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>> C_EXECUTE
>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>> DENTRY_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>> YPTO_BIND
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> T_REPL_INFO
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V5
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V6
>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>> NDOMAIN_NCS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V8
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V5
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V6
>> 1:
>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREPLY_V7
>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>> RIFY_OBJECT
>> 0:
>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>> TCHGREQ_V10
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART2
>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>> SERVED_PART3
>> site_guid :
>> 29e318da-d660-4a24-94d9-81e86b5a1e82
>> pid : 0x00000000 (0)
>> repl_epoch : 0x00000000 (0)
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> result : WERR_OK
>> lpcfg_servicenumber: couldn't find ldb
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>> netmask=255.255.255.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Cannot do GSSAPI to an IP address
>> Failed to start GENSEC client mech gssapi_krb5:
>> NT_STATUS_INVALID_PARAMETER
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_TARGET_TYPE_DOMAIN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x62088235
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_SEAL
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> NTLMSSP_NEGOTIATE_VERSION
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> in: struct drsuapi_DsReplicaSync
>> bind_handle : *
>> bind_handle: struct policy_handle
>> handle_type : 0x00000000 (0)
>> uuid :
>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>> level : 0x00000001 (1)
>> req : *
>> req : union
>> drsuapi_DsReplicaSyncRequest(case 1)
>> req1: struct drsuapi_DsReplicaSyncRequest1
>> naming_context : *
>> naming_context: struct
>> drsuapi_DsReplicaObjectIdentifier
>> __ndr_size : 0x00000066 (102)
>> __ndr_size_sid : 0x00000000 (0)
>> guid :
>> 00000000-0000-0000-0000-000000000000
>> sid : S-0-0
>> __ndr_size_dn : 0x00000016 (22)
>> dn :
>> 'DC=iumnet,DC=edu,DC=na'
>> source_dsa_guid :
>> 27182378-a9c7-451e-bb95-7b2172a5f311
>> source_dsa_dns : NULL
>> options : 0x00008010 (32784)
>> 0: DRSUAPI_DRS_ASYNC_OP
>> 0: DRSUAPI_DRS_GETCHG_CHECK
>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>> 0: DRSUAPI_DRS_ADD_REF
>> 0: DRSUAPI_DRS_SYNC_ALL
>> 0: DRSUAPI_DRS_DEL_REF
>> 1: DRSUAPI_DRS_WRIT_REP
>> 0: DRSUAPI_DRS_INIT_SYNC
>> 0: DRSUAPI_DRS_PER_SYNC
>> 0: DRSUAPI_DRS_MAIL_REP
>> 0: DRSUAPI_DRS_ASYNC_REP
>> 0: DRSUAPI_DRS_IGNORE_ERROR
>> 0: DRSUAPI_DRS_TWOWAY_SYNC
>> 0: DRSUAPI_DRS_CRITICAL_ONLY
>> 0: DRSUAPI_DRS_GET_ANC
>> 0: DRSUAPI_DRS_GET_NC_SIZE
>> 0: DRSUAPI_DRS_LOCAL_ONLY
>> 0: DRSUAPI_DRS_NONGC_RO_REP
>> 0: DRSUAPI_DRS_SYNC_BYNAME
>> 0: DRSUAPI_DRS_REF_OK
>> 1: DRSUAPI_DRS_FULL_SYNC_NOW
>> 1: DRSUAPI_DRS_NO_SOURCE
>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
>> 0: DRSUAPI_DRS_SYNC_REQUEUE
>> 0: DRSUAPI_DRS_SYNC_URGENT
>> 0: DRSUAPI_DRS_REF_GCSPN
>> 0: DRSUAPI_DRS_NO_DISCARD
>> 0: DRSUAPI_DRS_NEVER_SYNCED
>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>> 0: DRSUAPI_DRS_INIT_SYNC_NOW
>> 0: DRSUAPI_DRS_PREEMPTED
>> 0: DRSUAPI_DRS_SYNC_FORCED
>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>> 0: DRSUAPI_DRS_USE_COMPRESSION
>> 0: DRSUAPI_DRS_NEVER_NOTIFY
>> 0: DRSUAPI_DRS_SYNC_PAS
>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>> out: struct drsuapi_DsReplicaSync
>> result : WERR_BAD_NET_RESP
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>> 386, in
>> run
>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>> source_dsa_guid, NC, req_options)
>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
>> in
>> sendDsReplicaSync
>> raise drsException("DsReplicaSync failed %s" % estr)
>>
>> *Harsh Kukreja *Systems Administrator
>> *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
>> @ium.edu.na - Web:
>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>
>
> Not sure what your issue is but have you tried using the fqdn for DC1 and
> DC2? I've experienced issues with manual replication when using a IP and
> not the dns or fqdn name.
>
> --
> --
> James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list