[Samba] Samba4 multiple DCs replication
Julien TEHERY
julien.tehery at openevents.fr
Thu Nov 22 14:03:26 UTC 2018
Le 22/11/2018 à 14:53, L.P.H. van Belle via samba a écrit :
> Ah a know error.
>
> I suggest, look here, no need to reinstall.
> https://wiki.samba.org/index.php/Dns_tkey_negotiategss:_TKEY_is_unacceptable
> ;-)
>
>
> Greetz,
>
> Louis
Thanks but i allready looked at this procedure.
The keytab contained dns-DC5 entries, however i tried to delete it,
delete the dns account, re create it, but nothing changed.
As it is a POC domain, and my version is old (4.6.4), I intend to do a
fresh install of the whole thing in 4.8.5.
Then I'll have a fresh new start and will let you know
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Julien TEHERY via samba
>> Verzonden: donderdag 22 november 2018 14:45
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
>>
>> Le 22/11/2018 à 12:18, L.P.H. van Belle via samba a écrit :
>>> Hai,
>>>
>>> Reboot the remote servers also or login and run :
>> samba_dnsupdate --all-names --verbose
>>> samba-tool dbcheck --fix or samba-tool dbcheck --fix --cross-nc
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>> Result is "dns_tkey_negotiategss: TKEY is unacceptable" when doing
>> dnsupdate.
>> I'm wondering about re installing everything from scratch in
>> newer version.
>>
>> But if there's a good way to clean thos records, I'd really
>> like to know how
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>> Julien TEHERY via samba
>>>> Verzonden: donderdag 22 november 2018 11:54
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
>>>>
>>>> Le 22/11/2018 à 10:07, L.P.H. van Belle via samba a écrit :
>>>>> Hai Julien,
>>>>>
>>>>> Ah, ok, then im suspecting a regression bug here.
>>>>> For some reason somethings this happens, if you've had
>>>> rebooted the servers, it would probely be fixed also.
>>>>> There where some older reports on this, but good to know
>>>> its back or still there
>>>>> A manual run of : samba_dnsupdate --all-names --verbose
>>>>> Should/could helped to fix it also.
>>>>>
>>>>> And Thank you for the quick reply.
>>>>>
>>>>> Greetz,
>>>>>
>>>>> Louis
>>>>>
>>>> Ok, I try to reboot all the DCs juste to see what happens.
>>>> Then replication is still fine on the 3 main DCs (main site) with
>>>> inbound/outbound neighbors, but now "samba-tool drs
>> whowrepl" doesn't
>>>> work anymore on 2 remote DCs.
>>>> Even they don't have outbound neighbors anymore.. :(
>>>>
>>>> They have error like:
>>>>
>>>> Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>>>> ncacn_ip_tcp:192
>>>> .168.174.1[1024,seal,target_hostname=dc1-site-02.mydomain.lan,
>>> abstract_syntax=e3
>>>> 514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192
>>> .168.174.1]
>>>> NT_STAT
>>>> US_IO_TIMEOUT
>>>>
>>>> Yhen I looked in ldb with ldbsearch -H
>>>> /usr/local/samba/private/sam.ldb
>>>> '(invocationId=*)' --cross-ncs objectguid
>>>> and saw doublons in it.
>>>>
>>>> I ran dbcheck on all DCs, but it didn't cleared the
>> obsoletes records.
>>>> I guess those doublons are here because I ran so many tests
>>>> on this test
>>>> domain (promote/demote)
>>>> Is there a way to clean it up ?
>>>>
>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>>>> Julien TEHERY via samba
>>>>>> Verzonden: donderdag 22 november 2018 10:02
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
>>>>>>
>>>>>> Le 22/11/2018 à 09:58, L.P.H. van Belle via samba a écrit :
>>>>>>> Good its fixed now, but 1 question, just for me ..
>>>>>>>
>>>>>>> Did you reboot both servers or did you only restart/reload
>>>>>> the services.
>>>>>>> Greetz,
>>>>>>>
>>>>>>> Louis
>>>>>> I only restarted the services. (samba and bind). Maybe it wasn't
>>>>>> required, but I did it.
>>>>>>>
>>>>>>>
>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>>>>>> Julien TEHERY via samba
>>>>>>>> Verzonden: donderdag 22 november 2018 9:35
>>>>>>>> Aan: samba at lists.samba.org
>>>>>>>> Onderwerp: Re: [Samba] Samba4 multiple DCs replication
>>>>>>>>
>>>>>>>> Le 22/11/2018 à 08:38, Julien TEHERY via samba a écrit :
>>>>>>>>> Le 21/11/2018 à 17:47, Rowland Penny via samba a écrit :
>>>>>>>>>> On Wed, 21 Nov 2018 17:33:28 +0100
>>>>>>>>>> Julien TEHERY via samba <samba at lists.samba.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> Another thing, I see that only DC1 has OUTBOUND NEIGHBORS
>>>>>>>> (all failed
>>>>>>>>>>> with an WERR_FILE_NOT_FOUND error)
>>>>>>>>>>> All the other DCs have only an INBOUND NEIGHBORS and
>>>> no OUTBOUND
>>>>>>>>>>> NEIGHBORS
>>>>>>>>>> You have problems, all DC's at a site should replicate to
>>>>>>>> each other
>>>>>>>>>> and there should be replication between sites. Is
>>>>>> something like a
>>>>>>>>>> firewall getting in the way ?
>>>>>>>>>>
>>>>>>>>>> Have you checked the AD databases ?
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>> There is no firewall between the 3 DCs on the main site (same
>>>>>>>>> subnet), however there are no outbound neighbors on
>> DC2 and DC3
>>>>>>>>> replication status
>>>>>>>>> An yes AD db have been checked.
>>>>>>>>>
>>>>>>>>>
>>>>>>>> Know what, I just found out the problem.
>>>>>>>> CNAME records were missing, according to
>>>>>>>> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_D
>>>>>>>> NS_Record
>>>>>>>> I addes them, restarted both samba and bind, and then all
>>>>>> inbound and
>>>>>>>> outbound connections appeared,
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL
>>>> and read the
>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL
>> and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list