[Samba] Samba4 multiple DCs replication
L.P.H. van Belle
belle at bazuin.nl
Thu Nov 22 13:53:34 UTC 2018
Ah a know error.
I suggest, look here, no need to reinstall.
https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Julien TEHERY via samba
> Verzonden: donderdag 22 november 2018 14:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
>
> Le 22/11/2018 à 12:18, L.P.H. van Belle via samba a écrit :
> > Hai,
> >
> > Reboot the remote servers also or login and run :
> samba_dnsupdate --all-names --verbose
> > samba-tool dbcheck --fix or samba-tool dbcheck --fix --cross-nc
> >
> > Greetz,
> >
> > Louis
> >
>
> Result is "dns_tkey_negotiategss: TKEY is unacceptable" when doing
> dnsupdate.
> I'm wondering about re installing everything from scratch in
> newer version.
>
> But if there's a good way to clean thos records, I'd really
> like to know how
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Julien TEHERY via samba
> >> Verzonden: donderdag 22 november 2018 11:54
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
> >>
> >> Le 22/11/2018 à 10:07, L.P.H. van Belle via samba a écrit :
> >>> Hai Julien,
> >>>
> >>> Ah, ok, then im suspecting a regression bug here.
> >>> For some reason somethings this happens, if you've had
> >> rebooted the servers, it would probely be fixed also.
> >>> There where some older reports on this, but good to know
> >> its back or still there
> >>> A manual run of : samba_dnsupdate --all-names --verbose
> >>> Should/could helped to fix it also.
> >>>
> >>> And Thank you for the quick reply.
> >>>
> >>> Greetz,
> >>>
> >>> Louis
> >>>
> >> Ok, I try to reboot all the DCs juste to see what happens.
> >> Then replication is still fine on the 3 main DCs (main site) with
> >> inbound/outbound neighbors, but now "samba-tool drs
> whowrepl" doesn't
> >> work anymore on 2 remote DCs.
> >> Even they don't have outbound neighbors anymore.. :(
> >>
> >> They have error like:
> >>
> >> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
> >> ncacn_ip_tcp:192
> >> .168.174.1[1024,seal,target_hostname=dc1-site-02.mydomain.lan,
> > abstract_syntax=e3
> >> 514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192
> > .168.174.1]
> >> NT_STAT
> >> US_IO_TIMEOUT
> >>
> >> Yhen I looked in ldb with ldbsearch -H
> >> /usr/local/samba/private/sam.ldb
> >> '(invocationId=*)' --cross-ncs objectguid
> >> and saw doublons in it.
> >>
> >> I ran dbcheck on all DCs, but it didn't cleared the
> obsoletes records.
> >> I guess those doublons are here because I ran so many tests
> >> on this test
> >> domain (promote/demote)
> >> Is there a way to clean it up ?
> >>
> >>
> >>>> -----Oorspronkelijk bericht-----
> >>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>>> Julien TEHERY via samba
> >>>> Verzonden: donderdag 22 november 2018 10:02
> >>>> Aan: samba at lists.samba.org
> >>>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
> >>>>
> >>>> Le 22/11/2018 à 09:58, L.P.H. van Belle via samba a écrit :
> >>>>> Good its fixed now, but 1 question, just for me ..
> >>>>>
> >>>>> Did you reboot both servers or did you only restart/reload
> >>>> the services.
> >>>>> Greetz,
> >>>>>
> >>>>> Louis
> >>>> I only restarted the services. (samba and bind). Maybe it wasn't
> >>>> required, but I did it.
> >>>>>
> >>>>>
> >>>>>> -----Oorspronkelijk bericht-----
> >>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >>>>>> Julien TEHERY via samba
> >>>>>> Verzonden: donderdag 22 november 2018 9:35
> >>>>>> Aan: samba at lists.samba.org
> >>>>>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
> >>>>>>
> >>>>>> Le 22/11/2018 à 08:38, Julien TEHERY via samba a écrit :
> >>>>>>> Le 21/11/2018 à 17:47, Rowland Penny via samba a écrit :
> >>>>>>>> On Wed, 21 Nov 2018 17:33:28 +0100
> >>>>>>>> Julien TEHERY via samba <samba at lists.samba.org> wrote:
> >>>>>>>>
> >>>>>>>>> Another thing, I see that only DC1 has OUTBOUND NEIGHBORS
> >>>>>> (all failed
> >>>>>>>>> with an WERR_FILE_NOT_FOUND error)
> >>>>>>>>> All the other DCs have only an INBOUND NEIGHBORS and
> >> no OUTBOUND
> >>>>>>>>> NEIGHBORS
> >>>>>>>> You have problems, all DC's at a site should replicate to
> >>>>>> each other
> >>>>>>>> and there should be replication between sites. Is
> >>>> something like a
> >>>>>>>> firewall getting in the way ?
> >>>>>>>>
> >>>>>>>> Have you checked the AD databases ?
> >>>>>>>>
> >>>>>>>> Rowland
> >>>>>>> There is no firewall between the 3 DCs on the main site (same
> >>>>>>> subnet), however there are no outbound neighbors on
> DC2 and DC3
> >>>>>>> replication status
> >>>>>>> An yes AD db have been checked.
> >>>>>>>
> >>>>>>>
> >>>>>> Know what, I just found out the problem.
> >>>>>> CNAME records were missing, according to
> >>>>>> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_D
> >>>>>> NS_Record
> >>>>>> I addes them, restarted both samba and bind, and then all
> >>>> inbound and
> >>>>>> outbound connections appeared,
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> To unsubscribe from this list go to the following URL
> >> and read the
> >>>>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>>>
> >>>>
> >>>> --
> >>>> To unsubscribe from this list go to the following URL
> and read the
> >>>> instructions: https://lists.samba.org/mailman/options/samba
> >>>>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list