[Samba] Dcs Replication
lingpanda101
lingpanda101 at gmail.com
Thu May 17 20:02:23 UTC 2018
On 5/17/2018 3:58 PM, Carlos wrote:
>
> Hi!
>
> In "NTDS settings" created new connection for:
>
> DC2 ->DC3
>
> DC3 -> DC2
>
> All OK,
>
> I tested with option
>
> kccsrv:samba_kcc=No
>
> is ok too.
>
> But in my DC2, a received one erro:
>
> May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336, 0]
> ../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done)
> May 17 16:54:44 dc2 samba[10421]: UpdateRefs failed with
> WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for
> 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX
> DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX
>
> But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....
>
> Any ideia ?
>
> Regards;
>
> On 17-05-2018 13:55, Carlos wrote:
>> Hi!
>>
>> In Option "Inter-Site Transports", i have only one the name
>> "DEFAULTIPSITELINK" , in properties
>>
>> Sites in this link:
>>
>> Matriz
>> Filial
>>
>> Matriz -> site with DC1 and DC2
>> Filail -> site With DC3
>>
>> Regards;
>>
>>
>> On 17-05-2018 13:12, lingpanda101 wrote:
>>> On 5/17/2018 12:07 PM, Carlos wrote:
>>>> Hi!
>>>>
>>>> Thanks for answer.
>>>>
>>>> But, i allowed all ports in my firewall...
>>>>
>>>> I tested, shutdown my DC1
>>>>
>>>> DC2 dont comunication with DC3
>>>>
>>>> I create user in DC2, dont replication with DC3...
>>>> I waited more in 20 minutes
>>>>
>>>> Why ??
>>>>
>>>> Regards;
>>>>
>>>>
>>>> On 17-05-2018 12:01, lingpanda101 wrote:
>>>>> On 5/17/2018 10:30 AM, Carlos via samba wrote:
>>>>>> Hi!
>>>>>>
>>>>>> I have 2 DC, now add one more DC, but all dcs dont view between
>>>>>> they.
>>>>>>
>>>>>> New DC is "DC2"
>>>>>>
>>>>>> DC1 - vlan10 -> OK to DC3(Connectad by openvpn)
>>>>>>
>>>>>> DC1 -> vlan10 -> OK to DC2(vlan50)
>>>>>>
>>>>>> DC2-> vlan50 -> OK to DC1(vlan10)
>>>>>>
>>>>>> DC2-> Openvpn -> Dont "see" DC3
>>>>>>
>>>>>> DC3 -> Openvpn -> OK to DC1(vlan10)
>>>>>>
>>>>>> DC3 -> Openvpn -> Dont "view" DC2(vlan50)
>>>>>>
>>>>>> All version Dcs Samba 4.7.7
>>>>>> Firewall is allow between they.
>>>>>>
>>>>>> -----
>>>>>>
>>>>>> DC1
>>>>>>
>>>>>> samba-tool drs showrepl
>>>>>>
>>>>>> I see only DC2 and DC3 is OK
>>>>>> Is correct.
>>>>>>
>>>>>> DC2
>>>>>>
>>>>>> samba-tool drs showrepl
>>>>>>
>>>>>> I see only DC1
>>>>>>
>>>>>> DC3
>>>>>>
>>>>>> samba-tool drs showrepl
>>>>>>
>>>>>> I see only DC1
>>>>>> ------------------------
>>>>>>
>>>>>> Any Ideia ?
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>> Carlos,
>>>>>
>>>>> This is normal if your firewall is working correctly. The KCC
>>>>> checks and creates replication links to optimize latency and cost
>>>>> where needed. You can override this and create a full mesh
>>>>> topology with the following in your smb.conf under 'Global'.
>>>>>
>>>>> kccsrv:samba_kcc=No
>>>>>
>>>>> I advise not doing this but instead ensure sites and services are
>>>>> setup correctly for your IP Inter-Site-Transports. You can define
>>>>> cost and interval for the links here.
>>>>>
>>>>>
>>>>> -James
>>>>>
>>>>>
>>>>
>>> Did you verify you have the Inter-Site Transports configured
>>> properly in Active Directory Sites and Services snap in?
>>>
>>> -James
>>>
>>
>
Carlos,
You are doing a lot of things that go against best practice. Do not
manually create the links. let the KCC handle that function.
--
--
James
More information about the samba
mailing list