[Samba] DRS Replication between two DC's Failing

Harsh Kukreja h.kukreja at ium.edu.na
Fri Jan 12 08:27:10 UTC 2018


Hi James

Thanks for your response.

hots -t A iumsvrpdc    (use it's fqdn as well)  I have verified it with the
FQDN which says that the record iumsvrpdc.iumnet.edu.na exists

Search for 'iumsvrpdc' objectGUID

ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
--cross-ncs objectguid : it shows 2 records found

# record 1

dn: CN=NTDS
Settings,CN=IUMDCDP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na

# record 2

dn: CN=NTDS
Settings,CN=IUMSVRPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na

# returned 2 records

# 2 entries

# 0 referrals

host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com

host -t CNAME iumsvrpdc._msdcs.iumnet.edu.na

iumsvrpdc._msdcs.iumnet.edu.na is an alias for
27182378-a9c7-451e-bb95-7b2172a5f311._msdcs.iumnet.edu.na


Reference the wiki if needed.  https://wiki.samba.org/index.
php/Verifying_and_Creating_a_DC_DNS_Record

Just to confirm you are attempting to replicate from 'iumsvrpdc' to '
iumdcdp01.iumnet.edu.na'? YES


Please assist to resolve this issue.

*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA






On Thu, Jan 11, 2018 at 9:20 PM, lingpanda101 <lingpanda101 at gmail.com>
wrote:

> On 1/11/2018 1:57 PM, Harsh Kukreja wrote:
>
> Hi
>
> I have tried  using FQDN for DC1 and DC2 but still it is failing.Please
> assist to fix
>
> samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc
> DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator
> INFO: Current debug levels:
>   all: 9
>   tdb: 9
>   printdrivers: 9
>   lanman: 9
>   smb: 9
>   rpc_parse: 9
>   rpc_srv: 9
>   rpc_cli: 9
>   passdb: 9
>   sam: 9
>   auth: 9
>   winbind: 9
>   vfs: 9
>   idmap: 9
>   quota: 9
>   acls: 9
>   locking: 9
>   msdfs: 9
>   dmapi: 9
>   registry: 9
>   scavenger: 9
>   dns: 0
>   ldb: 9
>   tevent: 9
>   auth_audit: 9
>   auth_json_audit: 9
>   kerberos: 9
>   drs_repl: 9
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[softshare]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Mapped to DCERPC endpoint 1024
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Password for [IUMNET\Administrator]:
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically sealed
>      drsuapi_DsBind: struct drsuapi_DsBind
>         in: struct drsuapi_DsBind
>             bind_guid                : *
>                 bind_guid                : e24d201a-4fd6-11d1-a3da-
> 0000f875ae0d
>             bind_info                : *
>                 bind_info: struct drsuapi_DsBindInfoCtr
>                     length                   : 0x0000001c (28)
>                     __ndr_length             : 0x0000001c (28)
>                     info                     : union
> drsuapi_DsBindInfo(case 28)
>                     info28: struct drsuapi_DsBindInfo28
>                         supported_extensions     : 0x0fefff7f (267386751)
>                                1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ASYNC_REPLICATION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>                                1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHG_COMPRESS
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> RESTORE_USN_OPTIMIZATION
>                                0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>                                1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
>                                1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> LINKED_VALUE_REPLICATION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> INSTANCE_TYPE_NOT_REQ_ON_MOD
>                                1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_REPL_INFO
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> STRONG_ENCRYPTION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> TRANSITIVE_MEMBERSHIP
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ADD_SID_HISTORY
>                                1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>                                0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_MEMBERSHIPS2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> NONDOMAIN_NCS
>                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V5
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V6
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ADDENTRYREPLY_V3
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V7
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> VERIFY_OBJECT
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> XPRESS_COMPRESS
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREQ_V10
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART2
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART3
>                         site_guid                : 00000000-0000-0000-0000-
> 000000000000
>                         pid                      : 0x00000000 (0)
>                         repl_epoch               : 0x00000000 (0)
>      drsuapi_DsBind: struct drsuapi_DsBind
>         out: struct drsuapi_DsBind
>             bind_info                : *
>                 bind_info: struct drsuapi_DsBindInfoCtr
>                     length                   : 0x0000001c (28)
>                     __ndr_length             : 0x0000001c (28)
>                     info                     : union
> drsuapi_DsBindInfo(case 28)
>                     info28: struct drsuapi_DsBindInfo28
>                         supported_extensions     : 0x2fffff6f (805306223)
>                                1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ASYNC_REPLICATION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>                                1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHG_COMPRESS
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> RESTORE_USN_OPTIMIZATION
>                                0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>                                1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
>                                1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> LINKED_VALUE_REPLICATION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> INSTANCE_TYPE_NOT_REQ_ON_MOD
>                                1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_REPL_INFO
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> STRONG_ENCRYPTION
>                                1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> TRANSITIVE_MEMBERSHIP
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ADD_SID_HISTORY
>                                1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
>                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_MEMBERSHIPS2
>                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> NONDOMAIN_NCS
>                                1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V5
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V6
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> ADDENTRYREPLY_V3
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V7
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> VERIFY_OBJECT
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> XPRESS_COMPRESS
>                                1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREQ_V10
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART2
>                                0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART3
>                         site_guid                : 29e318da-d660-4a24-94d9-
> 81e86b5a1e82
>                         pid                      : 0x00000000 (0)
>                         repl_epoch               : 0x00000000 (0)
>             bind_handle              : *
>                 bind_handle: struct policy_handle
>                     handle_type              : 0x00000000 (0)
>                     uuid                     : 4b1eea79-e969-408c-a3b1-
> 84ca1fe9a0eb
>             result                   : WERR_OK
> lpcfg_servicenumber: couldn't find ldb
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically signed
>      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>         in: struct drsuapi_DsReplicaSync
>             bind_handle              : *
>                 bind_handle: struct policy_handle
>                     handle_type              : 0x00000000 (0)
>                     uuid                     : 4b1eea79-e969-408c-a3b1-
> 84ca1fe9a0eb
>             level                    : 0x00000001 (1)
>             req                      : *
>                 req                      : union
> drsuapi_DsReplicaSyncRequest(case 1)
>                 req1: struct drsuapi_DsReplicaSyncRequest1
>                     naming_context           : *
>                         naming_context: struct drsuapi_
> DsReplicaObjectIdentifier
>                             __ndr_size               : 0x00000066 (102)
>                             __ndr_size_sid           : 0x00000000 (0)
>                             guid                     :
> 00000000-0000-0000-0000-000000000000
>                             sid                      : S-0-0
>                             __ndr_size_dn            : 0x00000016 (22)
>                             dn                       :
> 'DC=iumnet,DC=edu,DC=na'
>                     source_dsa_guid          : 27182378-a9c7-451e-bb95-
> 7b2172a5f311
>                     source_dsa_dns           : NULL
>                     options                  : 0x02000010 (33554448)
>                            0: DRSUAPI_DRS_ASYNC_OP
>                            0: DRSUAPI_DRS_GETCHG_CHECK
>                            0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>                            0: DRSUAPI_DRS_ADD_REF
>                            0: DRSUAPI_DRS_SYNC_ALL
>                            0: DRSUAPI_DRS_DEL_REF
>                            1: DRSUAPI_DRS_WRIT_REP
>                            0: DRSUAPI_DRS_INIT_SYNC
>                            0: DRSUAPI_DRS_PER_SYNC
>                            0: DRSUAPI_DRS_MAIL_REP
>                            0: DRSUAPI_DRS_ASYNC_REP
>                            0: DRSUAPI_DRS_IGNORE_ERROR
>                            0: DRSUAPI_DRS_TWOWAY_SYNC
>                            0: DRSUAPI_DRS_CRITICAL_ONLY
>                            0: DRSUAPI_DRS_GET_ANC
>                            0: DRSUAPI_DRS_GET_NC_SIZE
>                            0: DRSUAPI_DRS_LOCAL_ONLY
>                            0: DRSUAPI_DRS_NONGC_RO_REP
>                            0: DRSUAPI_DRS_SYNC_BYNAME
>                            0: DRSUAPI_DRS_REF_OK
>                            0: DRSUAPI_DRS_FULL_SYNC_NOW
>                            0: DRSUAPI_DRS_NO_SOURCE
>                            0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>                            0: DRSUAPI_DRS_FULL_SYNC_PACKET
>                            0: DRSUAPI_DRS_SYNC_REQUEUE
>                            0: DRSUAPI_DRS_SYNC_URGENT
>                            0: DRSUAPI_DRS_REF_GCSPN
>                            0: DRSUAPI_DRS_NO_DISCARD
>                            0: DRSUAPI_DRS_NEVER_SYNCED
>                            0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>                            0: DRSUAPI_DRS_INIT_SYNC_NOW
>                            0: DRSUAPI_DRS_PREEMPTED
>                            1: DRSUAPI_DRS_SYNC_FORCED
>                            0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>                            0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>                            0: DRSUAPI_DRS_USE_COMPRESSION
>                            0: DRSUAPI_DRS_NEVER_NOTIFY
>                            0: DRSUAPI_DRS_SYNC_PAS
>                            0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>         out: struct drsuapi_DsReplicaSync
>             result                   : WERR_BAD_NET_RESP
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386,
> in run
>     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
>   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
> sendDsReplicaSync
>     raise drsException("DsReplicaSync failed %s" % estr)
>
> *Harsh Kukreja *Systems Administrator
> *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
> @ium.edu.na - Web:
> *http://www.ium.edu.na <http://www.ium.edu.na/> *Private Bag
> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>
>
>
>
>
>
>
>
> On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba <
> samba at lists.samba.org> wrote:
>
>> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>>
>>> Hi
>>>
>>> The DRS sync between two Domain Controllers connected on one network is
>>> failing. I have enabled the log level 9.
>>>
>>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>>> --full-sync -UAdministrator
>>> INFO: Current debug levels:
>>>    all: 9
>>>    tdb: 9
>>>    printdrivers: 9
>>>    lanman: 9
>>>    smb: 9
>>>    rpc_parse: 9
>>>    rpc_srv: 9
>>>    rpc_cli: 9
>>>    passdb: 9
>>>    sam: 9
>>>    auth: 9
>>>    winbind: 9
>>>    vfs: 9
>>>    idmap: 9
>>>    quota: 9
>>>    acls: 9
>>>    locking: 9
>>>    msdfs: 9
>>>    dmapi: 9
>>>    registry: 9
>>>    scavenger: 9
>>>    dns: 0
>>>    ldb: 9
>>>    tevent: 9
>>>    auth_audit: 9
>>>    auth_json_audit: 9
>>>    kerberos: 9
>>>    drs_repl: 9
>>> Processing section "[netlogon]"
>>> Processing section "[sysvol]"
>>> Processing section "[softshare]"
>>> pm_process() returned Yes
>>> GENSEC backend 'gssapi_spnego' registered
>>> GENSEC backend 'gssapi_krb5' registered
>>> GENSEC backend 'gssapi_krb5_sasl' registered
>>> GENSEC backend 'spnego' registered
>>> GENSEC backend 'schannel' registered
>>> GENSEC backend 'naclrpc_as_system' registered
>>> GENSEC backend 'sasl-EXTERNAL' registered
>>> GENSEC backend 'ntlmssp' registered
>>> GENSEC backend 'ntlmssp_resume_ccache' registered
>>> GENSEC backend 'http_basic' registered
>>> GENSEC backend 'http_ntlm' registered
>>> GENSEC backend 'krb5' registered
>>> GENSEC backend 'fake_gssapi_krb5' registered
>>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
>>> Mapped to DCERPC endpoint 135
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Mapped to DCERPC endpoint 1024
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gssapi_krb5
>>> Cannot do GSSAPI to an IP address
>>> Failed to start GENSEC client mech gssapi_krb5:
>>> NT_STATUS_INVALID_PARAMETER
>>> Starting GENSEC submechanism ntlmssp
>>> Got challenge flags:
>>> Got NTLMSSP neg_flags=0x62898235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_TARGET_TYPE_DOMAIN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_TARGET_INFO
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> Password for [IUMNET\Administrator]:
>>> NTLMSSP: Set final flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>>       drsuapi_DsBind: struct drsuapi_DsBind
>>>          in: struct drsuapi_DsBind
>>>              bind_guid                : *
>>>                  bind_guid                :
>>> e24d201a-4fd6-11d1-a3da-0000f875ae0d
>>>              bind_info                : *
>>>                  bind_info: struct drsuapi_DsBindInfoCtr
>>>                      length                   : 0x0000001c (28)
>>>                      __ndr_length             : 0x0000001c (28)
>>>                      info                     : union
>>> drsuapi_DsBindInfo(case 28)
>>>                      info28: struct drsuapi_DsBindInfo28
>>>                          supported_extensions     : 0x0fefff7f
>>> (267386751)
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_MO
>>> VEREQ_V2
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>>> C_EXECUTE
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>>> DENTRY_V2
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>>> YPTO_BIND
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> T_REPL_INFO
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DC
>>> INFO_V01
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_PO
>>> ST_BETA3
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V5
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V6
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>>> NDOMAIN_NCS
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V8
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V5
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V6
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V7
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>>> RIFY_OBJECT
>>>                                 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V10
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART2
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART3
>>>                          site_guid                :
>>> 00000000-0000-0000-0000-000000000000
>>>                          pid                      : 0x00000000 (0)
>>>                          repl_epoch               : 0x00000000 (0)
>>>       drsuapi_DsBind: struct drsuapi_DsBind
>>>          out: struct drsuapi_DsBind
>>>              bind_info                : *
>>>                  bind_info: struct drsuapi_DsBindInfoCtr
>>>                      length                   : 0x0000001c (28)
>>>                      __ndr_length             : 0x0000001c (28)
>>>                      info                     : union
>>> drsuapi_DsBindInfo(case 28)
>>>                      info28: struct drsuapi_DsBindInfo28
>>>                          supported_extensions     : 0x2fffff6f
>>> (805306223)
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_MO
>>> VEREQ_V2
>>>                                 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>>> C_EXECUTE
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>>> DENTRY_V2
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>>> YPTO_BIND
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> T_REPL_INFO
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_DC
>>> INFO_V01
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_PO
>>> ST_BETA3
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V5
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V6
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>>> NDOMAIN_NCS
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V8
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V5
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V6
>>>                                 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V7
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>>> RIFY_OBJECT
>>>                                 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>>>                                 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V10
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART2
>>>                                 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART3
>>>                          site_guid                :
>>> 29e318da-d660-4a24-94d9-81e86b5a1e82
>>>                          pid                      : 0x00000000 (0)
>>>                          repl_epoch               : 0x00000000 (0)
>>>              bind_handle              : *
>>>                  bind_handle: struct policy_handle
>>>                      handle_type              : 0x00000000 (0)
>>>                      uuid                     :
>>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>>>              result                   : WERR_OK
>>> lpcfg_servicenumber: couldn't find ldb
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gssapi_krb5
>>> Cannot do GSSAPI to an IP address
>>> Failed to start GENSEC client mech gssapi_krb5:
>>> NT_STATUS_INVALID_PARAMETER
>>> Starting GENSEC submechanism ntlmssp
>>> Got challenge flags:
>>> Got NTLMSSP neg_flags=0x62898235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_TARGET_TYPE_DOMAIN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_TARGET_INFO
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP: Set final flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>>    NTLMSSP_NEGOTIATE_UNICODE
>>>    NTLMSSP_REQUEST_TARGET
>>>    NTLMSSP_NEGOTIATE_SIGN
>>>    NTLMSSP_NEGOTIATE_SEAL
>>>    NTLMSSP_NEGOTIATE_NTLM
>>>    NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>>    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>>    NTLMSSP_NEGOTIATE_VERSION
>>>    NTLMSSP_NEGOTIATE_128
>>>    NTLMSSP_NEGOTIATE_KEY_EXCH
>>>       drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>>>          in: struct drsuapi_DsReplicaSync
>>>              bind_handle              : *
>>>                  bind_handle: struct policy_handle
>>>                      handle_type              : 0x00000000 (0)
>>>                      uuid                     :
>>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>>>              level                    : 0x00000001 (1)
>>>              req                      : *
>>>                  req                      : union
>>> drsuapi_DsReplicaSyncRequest(case 1)
>>>                  req1: struct drsuapi_DsReplicaSyncRequest1
>>>                      naming_context           : *
>>>                          naming_context: struct
>>> drsuapi_DsReplicaObjectIdentifier
>>>                              __ndr_size               : 0x00000066 (102)
>>>                              __ndr_size_sid           : 0x00000000 (0)
>>>                              guid                     :
>>> 00000000-0000-0000-0000-000000000000
>>>                              sid                      : S-0-0
>>>                              __ndr_size_dn            : 0x00000016 (22)
>>>                              dn                       :
>>> 'DC=iumnet,DC=edu,DC=na'
>>>                      source_dsa_guid          :
>>> 27182378-a9c7-451e-bb95-7b2172a5f311
>>>                      source_dsa_dns           : NULL
>>>                      options                  : 0x00008010 (32784)
>>>                             0: DRSUAPI_DRS_ASYNC_OP
>>>                             0: DRSUAPI_DRS_GETCHG_CHECK
>>>                             0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>>>                             0: DRSUAPI_DRS_ADD_REF
>>>                             0: DRSUAPI_DRS_SYNC_ALL
>>>                             0: DRSUAPI_DRS_DEL_REF
>>>                             1: DRSUAPI_DRS_WRIT_REP
>>>                             0: DRSUAPI_DRS_INIT_SYNC
>>>                             0: DRSUAPI_DRS_PER_SYNC
>>>                             0: DRSUAPI_DRS_MAIL_REP
>>>                             0: DRSUAPI_DRS_ASYNC_REP
>>>                             0: DRSUAPI_DRS_IGNORE_ERROR
>>>                             0: DRSUAPI_DRS_TWOWAY_SYNC
>>>                             0: DRSUAPI_DRS_CRITICAL_ONLY
>>>                             0: DRSUAPI_DRS_GET_ANC
>>>                             0: DRSUAPI_DRS_GET_NC_SIZE
>>>                             0: DRSUAPI_DRS_LOCAL_ONLY
>>>                             0: DRSUAPI_DRS_NONGC_RO_REP
>>>                             0: DRSUAPI_DRS_SYNC_BYNAME
>>>                             0: DRSUAPI_DRS_REF_OK
>>>                             1: DRSUAPI_DRS_FULL_SYNC_NOW
>>>                             1: DRSUAPI_DRS_NO_SOURCE
>>>                             0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>>>                             0: DRSUAPI_DRS_FULL_SYNC_PACKET
>>>                             0: DRSUAPI_DRS_SYNC_REQUEUE
>>>                             0: DRSUAPI_DRS_SYNC_URGENT
>>>                             0: DRSUAPI_DRS_REF_GCSPN
>>>                             0: DRSUAPI_DRS_NO_DISCARD
>>>                             0: DRSUAPI_DRS_NEVER_SYNCED
>>>                             0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>>>                             0: DRSUAPI_DRS_INIT_SYNC_NOW
>>>                             0: DRSUAPI_DRS_PREEMPTED
>>>                             0: DRSUAPI_DRS_SYNC_FORCED
>>>                             0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>>>                             0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>>>                             0: DRSUAPI_DRS_USE_COMPRESSION
>>>                             0: DRSUAPI_DRS_NEVER_NOTIFY
>>>                             0: DRSUAPI_DRS_SYNC_PAS
>>>                             0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>>>       drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>>>          out: struct drsuapi_DsReplicaSync
>>>              result                   : WERR_BAD_NET_RESP
>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>>>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>>> 386, in
>>> run
>>>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>> source_dsa_guid, NC, req_options)
>>>    File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
>>> in
>>> sendDsReplicaSync
>>>      raise drsException("DsReplicaSync failed %s" % estr)
>>>
>>> *Harsh Kukreja *Systems Administrator
>>> *International University of Namibia *Tel: 061-4336000 - E-mail:
>>> h.kukreja
>>> @ium.edu.na - Web:
>>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>>
>>
>> Not sure what your issue is but have you tried using the fqdn for DC1 and
>> DC2? I've experienced issues with manual replication when using a IP and
>> not the dns or fqdn name.
>>
>> --
>> --
>> James
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
> I would verify the dns entries for 'iumsvrpdc'.
>
> hots -t A iumsvrpdc    (use it's fqdn as well)
>
> Search for 'iumsvrpdc' objectGUID
>
> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
> --cross-ncs objectguid
>
> host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com
>
> Reference the wiki if needed.  https://wiki.samba.org/index.
> php/Verifying_and_Creating_a_DC_DNS_Record
>
> Just to confirm you are attempting to replicate from 'iumsvrpdc' to '
> iumdcdp01.iumnet.edu.na'?
>
> --
> --
> James
>
>


More information about the samba mailing list