[Samba] Dcs Replication
Carlos
carlos.hollow at gmail.com
Thu May 17 19:58:13 UTC 2018
Hi!
In "NTDS settings" created new connection for:
DC2 ->DC3
DC3 -> DC2
All OK,
I tested with option
kccsrv:samba_kcc=No
is ok too.
But in my DC2, a received one erro:
May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336, 0]
../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done)
May 17 16:54:44 dc2 samba[10421]: UpdateRefs failed with
WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for
24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX
DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX
But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....
Any ideia ?
Regards;
On 17-05-2018 13:55, Carlos wrote:
> Hi!
>
> In Option "Inter-Site Transports", i have only one the name
> "DEFAULTIPSITELINK" , in properties
>
> Sites in this link:
>
> Matriz
> Filial
>
> Matriz -> site with DC1 and DC2
> Filail -> site With DC3
>
> Regards;
>
>
> On 17-05-2018 13:12, lingpanda101 wrote:
>> On 5/17/2018 12:07 PM, Carlos wrote:
>>> Hi!
>>>
>>> Thanks for answer.
>>>
>>> But, i allowed all ports in my firewall...
>>>
>>> I tested, shutdown my DC1
>>>
>>> DC2 dont comunication with DC3
>>>
>>> I create user in DC2, dont replication with DC3...
>>> I waited more in 20 minutes
>>>
>>> Why ??
>>>
>>> Regards;
>>>
>>>
>>> On 17-05-2018 12:01, lingpanda101 wrote:
>>>> On 5/17/2018 10:30 AM, Carlos via samba wrote:
>>>>> Hi!
>>>>>
>>>>> I have 2 DC, now add one more DC, but all dcs dont view between they.
>>>>>
>>>>> New DC is "DC2"
>>>>>
>>>>> DC1 - vlan10 -> OK to DC3(Connectad by openvpn)
>>>>>
>>>>> DC1 -> vlan10 -> OK to DC2(vlan50)
>>>>>
>>>>> DC2-> vlan50 -> OK to DC1(vlan10)
>>>>>
>>>>> DC2-> Openvpn -> Dont "see" DC3
>>>>>
>>>>> DC3 -> Openvpn -> OK to DC1(vlan10)
>>>>>
>>>>> DC3 -> Openvpn -> Dont "view" DC2(vlan50)
>>>>>
>>>>> All version Dcs Samba 4.7.7
>>>>> Firewall is allow between they.
>>>>>
>>>>> -----
>>>>>
>>>>> DC1
>>>>>
>>>>> samba-tool drs showrepl
>>>>>
>>>>> I see only DC2 and DC3 is OK
>>>>> Is correct.
>>>>>
>>>>> DC2
>>>>>
>>>>> samba-tool drs showrepl
>>>>>
>>>>> I see only DC1
>>>>>
>>>>> DC3
>>>>>
>>>>> samba-tool drs showrepl
>>>>>
>>>>> I see only DC1
>>>>> ------------------------
>>>>>
>>>>> Any Ideia ?
>>>>>
>>>>>
>>>>> Regards
>>>>>
>>>>>
>>>> Carlos,
>>>>
>>>> This is normal if your firewall is working correctly. The KCC
>>>> checks and creates replication links to optimize latency and cost
>>>> where needed. You can override this and create a full mesh topology
>>>> with the following in your smb.conf under 'Global'.
>>>>
>>>> kccsrv:samba_kcc=No
>>>>
>>>> I advise not doing this but instead ensure sites and services are
>>>> setup correctly for your IP Inter-Site-Transports. You can define
>>>> cost and interval for the links here.
>>>>
>>>>
>>>> -James
>>>>
>>>>
>>>
>> Did you verify you have the Inter-Site Transports configured properly
>> in Active Directory Sites and Services snap in?
>>
>> -James
>>
>
More information about the samba
mailing list