[Samba] DsReplicaSync failed - WERR_LOGON_FAILURE // Failed to bind to uuid for ncacn_ip_tcp - NT_STATUS_LOGON_FAILURE

L.P.H. van Belle belle at bazuin.nl
Mon Apr 8 09:05:20 UTC 2019


I have a few things on this thread. 

For the DsREplicatSync error, i would suggest these steps first. 
DC2, change the resolv.conf, set DC1 first, then DC2, reboot. 
Wait 5 min, now check replication again, if its ok, now you can change the resolv.conf backup. 

The samba_dnsupdate might work also, but in my experiance a reboot is often needed, dont ask why.
I dont know and never investigated it because a reboot works for me al the times. 

On the replication error. 
Run this script on both DC's and show the output. 
Dont need all, just the results. 

About the howto and packages. 
If your now on 4.5.16 ( official debian ), then the shown howto's are good. 
If you upgrade to higher, then you might need to adjust some settings in smb.conf, 
which are shown in the upgrade-into.txt and offcourse the samba change logs.

About sssd, yes i could build these also, but that would increase my packages needed to build even more. 
Do remember one samba version, ( debian stretch amd64 ) requeres me to build between 5 and 11 packages. 
Now add i386, jessie, bionic, 3 different samba version... So thats why.. To much, this is a lot already.

And better option for you, but this highly depends on whats running on the server, upgrade now to debian buster. 
This way you can still use sssd and your up in samba version. 
But i only recommend this if you only use samba on the servers and not much other packages.
Debian Buster is in freeze state, so no major changes should enter. 

Today wil be building day, so if you have more questions, just ask, im monitoring the list today. 
New packages will arrive soon. 




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: zaterdag 6 april 2019 20:43
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DsReplicaSync failed - 
> WERR_LOGON_FAILURE // Failed to bind to uuid for ncacn_ip_tcp 
> On Sat, 6 Apr 2019 19:08:30 +0200
> Martin Krämer <mk.maddin at gmail.com> wrote:
> > hm... to be truth there were already multiple times I tough 
> of having
> > a more up-to-date version would be greate...
> > Maybe I can try with my test servers first (I would start with
> > http://downloads.van-belle.nl/samba4/Upgrade-info.txt here I think )
> > - but first I think have to check how to get rid of sssd ( I do not
> > want to build on my own)
> It all depends on how you use your Samba machines. If you use 
> your DC's
> just for authentication and never log in as a domain user and never
> store anything in shares (except sysvol & netlogon) then you do not
> need to use sssd or anything else. It is only when you use a DC as
> fileserver that you may need something like sssd. 
> > Thanks for this - I tried "samba_dnsupdate" in following ways.
> > All of them run through without any error telling me "No DNS updates
> > needed" at the end
> > 
> > samba_dnsupdate --verbose
> > samba_dnsupdate --verbose --rpc-server-ip=location-000001.domain.de
> > samba_dnsupdate --verbose --rpc-server-ip=location-000002.domain.de
> > 
> > afterwards unfortunately there is still no change to the error :/
> Try comparing the databases on the DC's, see 'samba-tool ldapcmp
> --help' for more info.
> You could also try replicating from the good DC to the other, see
> 'samba-tool drs replicate --help' for more info
> There is also 'samba-tool dbcheck'
> Finally, is something like a firewall getting in the way.
> > 
> > hm...this is how I currently use sssd & sudo:
> > https://linux.die.net/man/5/sssd-sudo
> > I think with sudo-ldap you refere to the following:
> > https://www.sudo.ws/man/1.8.17/sudoers.ldap.man.html ?
> > As of today my sudo rules are "linked" to the ou of the device and
> > based on the  "ldap_sudo_search_base" config from sudo-sssd devices
> > apply one the one matching for them.
> > (nearly the same way as group policy linking in windows works)
> > I think in case of switching I need to work with
> > "SUDOERS_SEARCH_FILTER" or "SUDOERS_BASE" option... maybe I will
> > check.
> From memory, sudo-ldap works in much the same way as sssd, the only
> real difference is the lack of a cache, but, from my experience, this
> would be the last thing on your mind if something has gone wrong and
> you cannot login as a sudo user from ldap.
> > 
> > Louis once guided me to:
> > https://github.com/thctlo/samba4/tree/master/howtos Are these how-to
> > compliant to what you mention about samba support & winbind?
> Apart from referring to older versions of Samba, they should still be
> valid.
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list