[Samba] DRS Replication between two DC's Failing
lingpanda101
lingpanda101 at gmail.com
Thu Jan 11 19:20:50 UTC 2018
On 1/11/2018 1:57 PM, Harsh Kukreja wrote:
> Hi
>
> I have tried using FQDN for DC1 and DC2 but still it is
> failing.Please assist to fix
>
> samba-tool drs replicate iumdcdp01.iumnet.edu.na
> <http://iumdcdp01.iumnet.edu.na> iumsvrpdc DC=iumnet,DC=edu,DC=na
> --sync-forced -UAdministrator
> INFO: Current debug levels:
> all: 9
> tdb: 9
> printdrivers: 9
> lanman: 9
> smb: 9
> rpc_parse: 9
> rpc_srv: 9
> rpc_cli: 9
> passdb: 9
> sam: 9
> auth: 9
> winbind: 9
> vfs: 9
> idmap: 9
> quota: 9
> acls: 9
> locking: 9
> msdfs: 9
> dmapi: 9
> registry: 9
> scavenger: 9
> dns: 0
> ldb: 9
> tevent: 9
> auth_audit: 9
> auth_json_audit: 9
> kerberos: 9
> drs_repl: 9
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[softshare]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na
> <http://iumdcdp01.iumnet.edu.na>[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Mapped to DCERPC endpoint 1024
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Password for [IUMNET\Administrator]:
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically sealed
> drsuapi_DsBind: struct drsuapi_DsBind
> in: struct drsuapi_DsBind
> bind_guid : *
> bind_guid :
> e24d201a-4fd6-11d1-a3da-0000f875ae0d
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x0fefff7f (267386751)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 00000000-0000-0000-0000-000000000000
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> drsuapi_DsBind: struct drsuapi_DsBind
> out: struct drsuapi_DsBind
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x2fffff6f (805306223)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 29e318da-d660-4a24-94d9-81e86b5a1e82
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
> result : WERR_OK
> lpcfg_servicenumber: couldn't find ldb
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na><0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically signed
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> in: struct drsuapi_DsReplicaSync
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 4b1eea79-e969-408c-a3b1-84ca1fe9a0eb
> level : 0x00000001 (1)
> req : *
> req : union
> drsuapi_DsReplicaSyncRequest(case 1)
> req1: struct drsuapi_DsReplicaSyncRequest1
> naming_context : *
> naming_context: struct
> drsuapi_DsReplicaObjectIdentifier
> __ndr_size : 0x00000066 (102)
> __ndr_size_sid : 0x00000000 (0)
> guid :
> 00000000-0000-0000-0000-000000000000
> sid : S-0-0
> __ndr_size_dn : 0x00000016 (22)
> dn :
> 'DC=iumnet,DC=edu,DC=na'
> source_dsa_guid :
> 27182378-a9c7-451e-bb95-7b2172a5f311
> source_dsa_dns : NULL
> options : 0x02000010 (33554448)
> 0: DRSUAPI_DRS_ASYNC_OP
> 0: DRSUAPI_DRS_GETCHG_CHECK
> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> 0: DRSUAPI_DRS_ADD_REF
> 0: DRSUAPI_DRS_SYNC_ALL
> 0: DRSUAPI_DRS_DEL_REF
> 1: DRSUAPI_DRS_WRIT_REP
> 0: DRSUAPI_DRS_INIT_SYNC
> 0: DRSUAPI_DRS_PER_SYNC
> 0: DRSUAPI_DRS_MAIL_REP
> 0: DRSUAPI_DRS_ASYNC_REP
> 0: DRSUAPI_DRS_IGNORE_ERROR
> 0: DRSUAPI_DRS_TWOWAY_SYNC
> 0: DRSUAPI_DRS_CRITICAL_ONLY
> 0: DRSUAPI_DRS_GET_ANC
> 0: DRSUAPI_DRS_GET_NC_SIZE
> 0: DRSUAPI_DRS_LOCAL_ONLY
> 0: DRSUAPI_DRS_NONGC_RO_REP
> 0: DRSUAPI_DRS_SYNC_BYNAME
> 0: DRSUAPI_DRS_REF_OK
> 0: DRSUAPI_DRS_FULL_SYNC_NOW
> 0: DRSUAPI_DRS_NO_SOURCE
> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
> 0: DRSUAPI_DRS_SYNC_REQUEUE
> 0: DRSUAPI_DRS_SYNC_URGENT
> 0: DRSUAPI_DRS_REF_GCSPN
> 0: DRSUAPI_DRS_NO_DISCARD
> 0: DRSUAPI_DRS_NEVER_SYNCED
> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> 0: DRSUAPI_DRS_INIT_SYNC_NOW
> 0: DRSUAPI_DRS_PREEMPTED
> 1: DRSUAPI_DRS_SYNC_FORCED
> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> 0: DRSUAPI_DRS_USE_COMPRESSION
> 0: DRSUAPI_DRS_NEVER_NOTIFY
> 0: DRSUAPI_DRS_SYNC_PAS
> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> out: struct drsuapi_DsReplicaSync
> result : WERR_BAD_NET_RESP
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
> 386, in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
> in sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> *Harsh Kukreja *Systems Administrator
>
> **International University of Namibia**Tel: 061-4336000 - E-mail:
> h.kukreja at ium.edu.na <mailto:h.kukreja at ium.edu.na> - Web:
> _http://www.ium.edu.na <http://www.ium.edu.na/>
> _Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park,
> Windhoek, NAMIBIA
>
>
>
>
>
>
>
>
>
>
>
> On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>
> Hi
>
> The DRS sync between two Domain Controllers connected on one
> network is
> failing. I have enabled the log level 9.
>
> samba-tool drs replicate 172.16.10.5 iumsvrpdc
> DC=iumnet,DC=edu,DC=na
> --full-sync -UAdministrator
> INFO: Current debug levels:
> all: 9
> tdb: 9
> printdrivers: 9
> lanman: 9
> smb: 9
> rpc_parse: 9
> rpc_srv: 9
> rpc_cli: 9
> passdb: 9
> sam: 9
> auth: 9
> winbind: 9
> vfs: 9
> idmap: 9
> quota: 9
> acls: 9
> locking: 9
> msdfs: 9
> dmapi: 9
> registry: 9
> scavenger: 9
> dns: 0
> ldb: 9
> tevent: 9
> auth_audit: 9
> auth_json_audit: 9
> kerberos: 9
> drs_repl: 9
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[softshare]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Mapped to DCERPC endpoint 1024
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Cannot do GSSAPI to an IP address
> Failed to start GENSEC client mech gssapi_krb5:
> NT_STATUS_INVALID_PARAMETER
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> Password for [IUMNET\Administrator]:
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> drsuapi_DsBind: struct drsuapi_DsBind
> in: struct drsuapi_DsBind
> bind_guid : *
> bind_guid :
> e24d201a-4fd6-11d1-a3da-0000f875ae0d
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x0fefff7f
> (267386751)
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 00000000-0000-0000-0000-000000000000
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> drsuapi_DsBind: struct drsuapi_DsBind
> out: struct drsuapi_DsBind
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x2fffff6f
> (805306223)
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
> 1:
> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
> 0:
> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
> site_guid :
> 29e318da-d660-4a24-94d9-81e86b5a1e82
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 2cb3f3b5-b29a-4958-a912-51a0881976da
> result : WERR_OK
> lpcfg_servicenumber: couldn't find ldb
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Cannot do GSSAPI to an IP address
> Failed to start GENSEC client mech gssapi_krb5:
> NT_STATUS_INVALID_PARAMETER
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_TARGET_TYPE_DOMAIN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_SEAL
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
> NTLMSSP_NEGOTIATE_VERSION
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> in: struct drsuapi_DsReplicaSync
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid :
> 2cb3f3b5-b29a-4958-a912-51a0881976da
> level : 0x00000001 (1)
> req : *
> req : union
> drsuapi_DsReplicaSyncRequest(case 1)
> req1: struct drsuapi_DsReplicaSyncRequest1
> naming_context : *
> naming_context: struct
> drsuapi_DsReplicaObjectIdentifier
> __ndr_size : 0x00000066 (102)
> __ndr_size_sid : 0x00000000 (0)
> guid :
> 00000000-0000-0000-0000-000000000000
> sid : S-0-0
> __ndr_size_dn : 0x00000016 (22)
> dn :
> 'DC=iumnet,DC=edu,DC=na'
> source_dsa_guid :
> 27182378-a9c7-451e-bb95-7b2172a5f311
> source_dsa_dns : NULL
> options : 0x00008010 (32784)
> 0: DRSUAPI_DRS_ASYNC_OP
> 0: DRSUAPI_DRS_GETCHG_CHECK
> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> 0: DRSUAPI_DRS_ADD_REF
> 0: DRSUAPI_DRS_SYNC_ALL
> 0: DRSUAPI_DRS_DEL_REF
> 1: DRSUAPI_DRS_WRIT_REP
> 0: DRSUAPI_DRS_INIT_SYNC
> 0: DRSUAPI_DRS_PER_SYNC
> 0: DRSUAPI_DRS_MAIL_REP
> 0: DRSUAPI_DRS_ASYNC_REP
> 0: DRSUAPI_DRS_IGNORE_ERROR
> 0: DRSUAPI_DRS_TWOWAY_SYNC
> 0: DRSUAPI_DRS_CRITICAL_ONLY
> 0: DRSUAPI_DRS_GET_ANC
> 0: DRSUAPI_DRS_GET_NC_SIZE
> 0: DRSUAPI_DRS_LOCAL_ONLY
> 0: DRSUAPI_DRS_NONGC_RO_REP
> 0: DRSUAPI_DRS_SYNC_BYNAME
> 0: DRSUAPI_DRS_REF_OK
> 1: DRSUAPI_DRS_FULL_SYNC_NOW
> 1: DRSUAPI_DRS_NO_SOURCE
> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
> 0: DRSUAPI_DRS_SYNC_REQUEUE
> 0: DRSUAPI_DRS_SYNC_URGENT
> 0: DRSUAPI_DRS_REF_GCSPN
> 0: DRSUAPI_DRS_NO_DISCARD
> 0: DRSUAPI_DRS_NEVER_SYNCED
> 0:
> DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> 0: DRSUAPI_DRS_INIT_SYNC_NOW
> 0: DRSUAPI_DRS_PREEMPTED
> 0: DRSUAPI_DRS_SYNC_FORCED
> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> 0: DRSUAPI_DRS_USE_COMPRESSION
> 0: DRSUAPI_DRS_NEVER_NOTIFY
> 0: DRSUAPI_DRS_SYNC_PAS
> 0:
> DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> out: struct drsuapi_DsReplicaSync
> result : WERR_BAD_NET_RESP
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
> failed -
> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
> 386, in
> run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py",
> line 85, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> *Harsh Kukreja *Systems Administrator
> *International University of Namibia *Tel: 061-4336000 -
> E-mail: h.kukreja
> @ium.edu.na <http://ium.edu.na> - Web:
> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek,
> NAMIBIA
>
>
> Not sure what your issue is but have you tried using the fqdn for
> DC1 and DC2? I've experienced issues with manual replication when
> using a IP and not the dns or fqdn name.
>
> --
> --
> James
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> <https://lists.samba.org/mailman/options/samba>
>
>
I would verify the dns entries for 'iumsvrpdc'.
hots -t A iumsvrpdc (use it's fqdn as well)
Search for 'iumsvrpdc' objectGUID
ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
--cross-ncs objectguid
host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com
Reference the wiki if needed.
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
Just to confirm you are attempting to replicate from 'iumsvrpdc' to
'iumdcdp01.iumnet.edu.na <http://iumdcdp01.iumnet.edu.na>'?
--
--
James
More information about the samba
mailing list