[Samba] DRS Replication between two DC's Failing
Harsh Kukreja
h.kukreja at ium.edu.na
Fri Jan 12 08:27:10 UTC 2018
Hi James
Thanks for your response.
hots -t A iumsvrpdc (use it's fqdn as well) I have verified it with the
FQDN which says that the record iumsvrpdc.iumnet.edu.na exists
Search for 'iumsvrpdc' objectGUID
ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
--cross-ncs objectguid : it shows 2 records found
# record 1
dn: CN=NTDS
Settings,CN=IUMDCDP01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na
# record 2
dn: CN=NTDS
Settings,CN=IUMSVRPDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=iumnet,DC=edu,DC=na
# returned 2 records
# 2 entries
# 0 referrals
host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com
host -t CNAME iumsvrpdc._msdcs.iumnet.edu.na
iumsvrpdc._msdcs.iumnet.edu.na is an alias for
27182378-a9c7-451e-bb95-7b2172a5f311._msdcs.iumnet.edu.na
Reference the wiki if needed. https://wiki.samba.org/index.
php/Verifying_and_Creating_a_DC_DNS_Record
Just to confirm you are attempting to replicate from 'iumsvrpdc' to '
iumdcdp01.iumnet.edu.na'? YES
Please assist to resolve this issue.
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Thu, Jan 11, 2018 at 9:20 PM, lingpanda101 <lingpanda101 at gmail.com>
wrote:
> On 1/11/2018 1:57 PM, Harsh Kukreja wrote:
>
> Hi
>
> I have tried using FQDN for DC1 and DC2 but still it is failing.Please
> assist to fix
>
> samba-tool drs replicate iumdcdp01.iumnet.edu.na iumsvrpdc
> DC=iumnet,DC=edu,DC=na --sync-forced -UAdministrator
> INFO: Current debug levels:
> all: 9
> tdb: 9
> printdrivers: 9
> lanman: 9
> smb: 9
> rpc_parse: 9
> rpc_srv: 9
> rpc_cli: 9
> passdb: 9
> sam: 9
> auth: 9
> winbind: 9
> vfs: 9
> idmap: 9
> quota: 9
> acls: 9
> locking: 9
> msdfs: 9
> dmapi: 9
> registry: 9
> scavenger: 9
> dns: 0
> ldb: 9
> tevent: 9
> auth_audit: 9
> auth_json_audit: 9
> kerberos: 9
> drs_repl: 9
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[softshare]"
> pm_process() returned Yes
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:iumdcdp01.iumnet.edu.na[,seal,print]
> Mapped to DCERPC endpoint 135
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Mapped to DCERPC endpoint 1024
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Password for [IUMNET\Administrator]:
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically sealed
> drsuapi_DsBind: struct drsuapi_DsBind
> in: struct drsuapi_DsBind
> bind_guid : *
> bind_guid : e24d201a-4fd6-11d1-a3da-
> 0000f875ae0d
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x0fefff7f (267386751)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_REPL_INFO
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> TRANSITIVE_MEMBERSHIP
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ADDENTRYREPLY_V3
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V7
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> VERIFY_OBJECT
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> XPRESS_COMPRESS
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREQ_V10
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART2
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART3
> site_guid : 00000000-0000-0000-0000-
> 000000000000
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> drsuapi_DsBind: struct drsuapi_DsBind
> out: struct drsuapi_DsBind
> bind_info : *
> bind_info: struct drsuapi_DsBindInfoCtr
> length : 0x0000001c (28)
> __ndr_length : 0x0000001c (28)
> info : union
> drsuapi_DsBindInfo(case 28)
> info28: struct drsuapi_DsBindInfo28
> supported_extensions : 0x2fffff6f (805306223)
> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ASYNC_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHG_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> RESTORE_USN_OPTIMIZATION
> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> LINKED_VALUE_REPLICATION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> INSTANCE_TYPE_NOT_REQ_ON_MOD
> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_REPL_INFO
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> STRONG_ENCRYPTION
> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> TRANSITIVE_MEMBERSHIP
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ADD_SID_HISTORY
> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GET_MEMBERSHIPS2
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> NONDOMAIN_NCS
> 1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V5
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V6
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> ADDENTRYREPLY_V3
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREPLY_V7
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> VERIFY_OBJECT
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> XPRESS_COMPRESS
> 1: DRSUAPI_SUPPORTED_EXTENSION_
> GETCHGREQ_V10
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART2
> 0: DRSUAPI_SUPPORTED_EXTENSION_
> RESERVED_PART3
> site_guid : 29e318da-d660-4a24-94d9-
> 81e86b5a1e82
> pid : 0x00000000 (0)
> repl_epoch : 0x00000000 (0)
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 4b1eea79-e969-408c-a3b1-
> 84ca1fe9a0eb
> result : WERR_OK
> lpcfg_servicenumber: couldn't find ldb
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
> netmask=255.255.255.0
> resolve_lmhosts: Attempting lmhosts lookup for name
> iumdcdp01.iumnet.edu.na<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Received smb_krb5 packet of length 271
> Received smb_krb5 packet of length 1397
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically signed
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> in: struct drsuapi_DsReplicaSync
> bind_handle : *
> bind_handle: struct policy_handle
> handle_type : 0x00000000 (0)
> uuid : 4b1eea79-e969-408c-a3b1-
> 84ca1fe9a0eb
> level : 0x00000001 (1)
> req : *
> req : union
> drsuapi_DsReplicaSyncRequest(case 1)
> req1: struct drsuapi_DsReplicaSyncRequest1
> naming_context : *
> naming_context: struct drsuapi_
> DsReplicaObjectIdentifier
> __ndr_size : 0x00000066 (102)
> __ndr_size_sid : 0x00000000 (0)
> guid :
> 00000000-0000-0000-0000-000000000000
> sid : S-0-0
> __ndr_size_dn : 0x00000016 (22)
> dn :
> 'DC=iumnet,DC=edu,DC=na'
> source_dsa_guid : 27182378-a9c7-451e-bb95-
> 7b2172a5f311
> source_dsa_dns : NULL
> options : 0x02000010 (33554448)
> 0: DRSUAPI_DRS_ASYNC_OP
> 0: DRSUAPI_DRS_GETCHG_CHECK
> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
> 0: DRSUAPI_DRS_ADD_REF
> 0: DRSUAPI_DRS_SYNC_ALL
> 0: DRSUAPI_DRS_DEL_REF
> 1: DRSUAPI_DRS_WRIT_REP
> 0: DRSUAPI_DRS_INIT_SYNC
> 0: DRSUAPI_DRS_PER_SYNC
> 0: DRSUAPI_DRS_MAIL_REP
> 0: DRSUAPI_DRS_ASYNC_REP
> 0: DRSUAPI_DRS_IGNORE_ERROR
> 0: DRSUAPI_DRS_TWOWAY_SYNC
> 0: DRSUAPI_DRS_CRITICAL_ONLY
> 0: DRSUAPI_DRS_GET_ANC
> 0: DRSUAPI_DRS_GET_NC_SIZE
> 0: DRSUAPI_DRS_LOCAL_ONLY
> 0: DRSUAPI_DRS_NONGC_RO_REP
> 0: DRSUAPI_DRS_SYNC_BYNAME
> 0: DRSUAPI_DRS_REF_OK
> 0: DRSUAPI_DRS_FULL_SYNC_NOW
> 0: DRSUAPI_DRS_NO_SOURCE
> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
> 0: DRSUAPI_DRS_SYNC_REQUEUE
> 0: DRSUAPI_DRS_SYNC_URGENT
> 0: DRSUAPI_DRS_REF_GCSPN
> 0: DRSUAPI_DRS_NO_DISCARD
> 0: DRSUAPI_DRS_NEVER_SYNCED
> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
> 0: DRSUAPI_DRS_INIT_SYNC_NOW
> 0: DRSUAPI_DRS_PREEMPTED
> 1: DRSUAPI_DRS_SYNC_FORCED
> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
> 0: DRSUAPI_DRS_USE_COMPRESSION
> 0: DRSUAPI_DRS_NEVER_NOTIFY
> 0: DRSUAPI_DRS_SYNC_PAS
> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> out: struct drsuapi_DsReplicaSync
> result : WERR_BAD_NET_RESP
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386,
> in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> *Harsh Kukreja *Systems Administrator
> *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
> @ium.edu.na - Web:
> *http://www.ium.edu.na <http://www.ium.edu.na/> *Private Bag
> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>
>
>
>
>
>
>
>
> On Thu, Jan 11, 2018 at 6:04 PM, lingpanda101 via samba <
> samba at lists.samba.org> wrote:
>
>> On 1/11/2018 10:39 AM, Harsh Kukreja via samba wrote:
>>
>>> Hi
>>>
>>> The DRS sync between two Domain Controllers connected on one network is
>>> failing. I have enabled the log level 9.
>>>
>>> samba-tool drs replicate 172.16.10.5 iumsvrpdc DC=iumnet,DC=edu,DC=na
>>> --full-sync -UAdministrator
>>> INFO: Current debug levels:
>>> all: 9
>>> tdb: 9
>>> printdrivers: 9
>>> lanman: 9
>>> smb: 9
>>> rpc_parse: 9
>>> rpc_srv: 9
>>> rpc_cli: 9
>>> passdb: 9
>>> sam: 9
>>> auth: 9
>>> winbind: 9
>>> vfs: 9
>>> idmap: 9
>>> quota: 9
>>> acls: 9
>>> locking: 9
>>> msdfs: 9
>>> dmapi: 9
>>> registry: 9
>>> scavenger: 9
>>> dns: 0
>>> ldb: 9
>>> tevent: 9
>>> auth_audit: 9
>>> auth_json_audit: 9
>>> kerberos: 9
>>> drs_repl: 9
>>> Processing section "[netlogon]"
>>> Processing section "[sysvol]"
>>> Processing section "[softshare]"
>>> pm_process() returned Yes
>>> GENSEC backend 'gssapi_spnego' registered
>>> GENSEC backend 'gssapi_krb5' registered
>>> GENSEC backend 'gssapi_krb5_sasl' registered
>>> GENSEC backend 'spnego' registered
>>> GENSEC backend 'schannel' registered
>>> GENSEC backend 'naclrpc_as_system' registered
>>> GENSEC backend 'sasl-EXTERNAL' registered
>>> GENSEC backend 'ntlmssp' registered
>>> GENSEC backend 'ntlmssp_resume_ccache' registered
>>> GENSEC backend 'http_basic' registered
>>> GENSEC backend 'http_ntlm' registered
>>> GENSEC backend 'krb5' registered
>>> GENSEC backend 'fake_gssapi_krb5' registered
>>> Using binding ncacn_ip_tcp:172.16.10.5[,seal,print]
>>> Mapped to DCERPC endpoint 135
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Mapped to DCERPC endpoint 1024
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gssapi_krb5
>>> Cannot do GSSAPI to an IP address
>>> Failed to start GENSEC client mech gssapi_krb5:
>>> NT_STATUS_INVALID_PARAMETER
>>> Starting GENSEC submechanism ntlmssp
>>> Got challenge flags:
>>> Got NTLMSSP neg_flags=0x62898235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_TARGET_TYPE_DOMAIN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_TARGET_INFO
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> Password for [IUMNET\Administrator]:
>>> NTLMSSP: Set final flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> drsuapi_DsBind: struct drsuapi_DsBind
>>> in: struct drsuapi_DsBind
>>> bind_guid : *
>>> bind_guid :
>>> e24d201a-4fd6-11d1-a3da-0000f875ae0d
>>> bind_info : *
>>> bind_info: struct drsuapi_DsBindInfoCtr
>>> length : 0x0000001c (28)
>>> __ndr_length : 0x0000001c (28)
>>> info : union
>>> drsuapi_DsBindInfo(case 28)
>>> info28: struct drsuapi_DsBindInfo28
>>> supported_extensions : 0x0fefff7f
>>> (267386751)
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_MO
>>> VEREQ_V2
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>>> C_EXECUTE
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>>> DENTRY_V2
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>>> YPTO_BIND
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> T_REPL_INFO
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DC
>>> INFO_V01
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_PO
>>> ST_BETA3
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V5
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V6
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>>> NDOMAIN_NCS
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V8
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V5
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V6
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V7
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>>> RIFY_OBJECT
>>> 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V10
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART2
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART3
>>> site_guid :
>>> 00000000-0000-0000-0000-000000000000
>>> pid : 0x00000000 (0)
>>> repl_epoch : 0x00000000 (0)
>>> drsuapi_DsBind: struct drsuapi_DsBind
>>> out: struct drsuapi_DsBind
>>> bind_info : *
>>> bind_info: struct drsuapi_DsBindInfoCtr
>>> length : 0x0000001c (28)
>>> __ndr_length : 0x0000001c (28)
>>> info : union
>>> drsuapi_DsBindInfo(case 28)
>>> info28: struct drsuapi_DsBindInfo28
>>> supported_extensions : 0x2fffff6f
>>> (805306223)
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_MO
>>> VEREQ_V2
>>> 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_KC
>>> C_EXECUTE
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_AD
>>> DENTRY_V2
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_CR
>>> YPTO_BIND
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> T_REPL_INFO
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_DC
>>> INFO_V01
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_PO
>>> ST_BETA3
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V5
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V6
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_NO
>>> NDOMAIN_NCS
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V8
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V5
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V6
>>> 1:
>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREPLY_V7
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_VE
>>> RIFY_OBJECT
>>> 0:
>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
>>> 1: DRSUAPI_SUPPORTED_EXTENSION_GE
>>> TCHGREQ_V10
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART2
>>> 0: DRSUAPI_SUPPORTED_EXTENSION_RE
>>> SERVED_PART3
>>> site_guid :
>>> 29e318da-d660-4a24-94d9-81e86b5a1e82
>>> pid : 0x00000000 (0)
>>> repl_epoch : 0x00000000 (0)
>>> bind_handle : *
>>> bind_handle: struct policy_handle
>>> handle_type : 0x00000000 (0)
>>> uuid :
>>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>>> result : WERR_OK
>>> lpcfg_servicenumber: couldn't find ldb
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
>>> netmask=255.255.255.0
>>> Starting GENSEC mechanism spnego
>>> Starting GENSEC submechanism gssapi_krb5
>>> Cannot do GSSAPI to an IP address
>>> Failed to start GENSEC client mech gssapi_krb5:
>>> NT_STATUS_INVALID_PARAMETER
>>> Starting GENSEC submechanism ntlmssp
>>> Got challenge flags:
>>> Got NTLMSSP neg_flags=0x62898235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_TARGET_TYPE_DOMAIN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_TARGET_INFO
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP: Set final flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> NTLMSSP Sign/Seal - Initialising with flags:
>>> Got NTLMSSP neg_flags=0x62088235
>>> NTLMSSP_NEGOTIATE_UNICODE
>>> NTLMSSP_REQUEST_TARGET
>>> NTLMSSP_NEGOTIATE_SIGN
>>> NTLMSSP_NEGOTIATE_SEAL
>>> NTLMSSP_NEGOTIATE_NTLM
>>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>> NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>>> NTLMSSP_NEGOTIATE_VERSION
>>> NTLMSSP_NEGOTIATE_128
>>> NTLMSSP_NEGOTIATE_KEY_EXCH
>>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>>> in: struct drsuapi_DsReplicaSync
>>> bind_handle : *
>>> bind_handle: struct policy_handle
>>> handle_type : 0x00000000 (0)
>>> uuid :
>>> 2cb3f3b5-b29a-4958-a912-51a0881976da
>>> level : 0x00000001 (1)
>>> req : *
>>> req : union
>>> drsuapi_DsReplicaSyncRequest(case 1)
>>> req1: struct drsuapi_DsReplicaSyncRequest1
>>> naming_context : *
>>> naming_context: struct
>>> drsuapi_DsReplicaObjectIdentifier
>>> __ndr_size : 0x00000066 (102)
>>> __ndr_size_sid : 0x00000000 (0)
>>> guid :
>>> 00000000-0000-0000-0000-000000000000
>>> sid : S-0-0
>>> __ndr_size_dn : 0x00000016 (22)
>>> dn :
>>> 'DC=iumnet,DC=edu,DC=na'
>>> source_dsa_guid :
>>> 27182378-a9c7-451e-bb95-7b2172a5f311
>>> source_dsa_dns : NULL
>>> options : 0x00008010 (32784)
>>> 0: DRSUAPI_DRS_ASYNC_OP
>>> 0: DRSUAPI_DRS_GETCHG_CHECK
>>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION
>>> 0: DRSUAPI_DRS_ADD_REF
>>> 0: DRSUAPI_DRS_SYNC_ALL
>>> 0: DRSUAPI_DRS_DEL_REF
>>> 1: DRSUAPI_DRS_WRIT_REP
>>> 0: DRSUAPI_DRS_INIT_SYNC
>>> 0: DRSUAPI_DRS_PER_SYNC
>>> 0: DRSUAPI_DRS_MAIL_REP
>>> 0: DRSUAPI_DRS_ASYNC_REP
>>> 0: DRSUAPI_DRS_IGNORE_ERROR
>>> 0: DRSUAPI_DRS_TWOWAY_SYNC
>>> 0: DRSUAPI_DRS_CRITICAL_ONLY
>>> 0: DRSUAPI_DRS_GET_ANC
>>> 0: DRSUAPI_DRS_GET_NC_SIZE
>>> 0: DRSUAPI_DRS_LOCAL_ONLY
>>> 0: DRSUAPI_DRS_NONGC_RO_REP
>>> 0: DRSUAPI_DRS_SYNC_BYNAME
>>> 0: DRSUAPI_DRS_REF_OK
>>> 1: DRSUAPI_DRS_FULL_SYNC_NOW
>>> 1: DRSUAPI_DRS_NO_SOURCE
>>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
>>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET
>>> 0: DRSUAPI_DRS_SYNC_REQUEUE
>>> 0: DRSUAPI_DRS_SYNC_URGENT
>>> 0: DRSUAPI_DRS_REF_GCSPN
>>> 0: DRSUAPI_DRS_NO_DISCARD
>>> 0: DRSUAPI_DRS_NEVER_SYNCED
>>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
>>> 0: DRSUAPI_DRS_INIT_SYNC_NOW
>>> 0: DRSUAPI_DRS_PREEMPTED
>>> 0: DRSUAPI_DRS_SYNC_FORCED
>>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
>>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
>>> 0: DRSUAPI_DRS_USE_COMPRESSION
>>> 0: DRSUAPI_DRS_NEVER_NOTIFY
>>> 0: DRSUAPI_DRS_SYNC_PAS
>>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
>>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>>> out: struct drsuapi_DsReplicaSync
>>> result : WERR_BAD_NET_RESP
>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
>>> 386, in
>>> run
>>> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
>>> source_dsa_guid, NC, req_options)
>>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
>>> in
>>> sendDsReplicaSync
>>> raise drsException("DsReplicaSync failed %s" % estr)
>>>
>>> *Harsh Kukreja *Systems Administrator
>>> *International University of Namibia *Tel: 061-4336000 - E-mail:
>>> h.kukreja
>>> @ium.edu.na - Web:
>>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>>
>>
>> Not sure what your issue is but have you tried using the fqdn for DC1 and
>> DC2? I've experienced issues with manual replication when using a IP and
>> not the dns or fqdn name.
>>
>> --
>> --
>> James
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
> I would verify the dns entries for 'iumsvrpdc'.
>
> hots -t A iumsvrpdc (use it's fqdn as well)
>
> Search for 'iumsvrpdc' objectGUID
>
> ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationId=*)'
> --cross-ncs objectguid
>
> host -t CNAME objectGUID-for-iumsvrpdc._msdcs.samdom.example.com
>
> Reference the wiki if needed. https://wiki.samba.org/index.
> php/Verifying_and_Creating_a_DC_DNS_Record
>
> Just to confirm you are attempting to replicate from 'iumsvrpdc' to '
> iumdcdp01.iumnet.edu.na'?
>
> --
> --
> James
>
>
More information about the samba
mailing list