[Samba] Problem with sync user account from Samba Master to Samba Slave

[Miguel Coa M.]

Hello,
i’ve Samba 4.7 with domain controller with 3 servers, 1 master (samba-ad) and two slaves (samba-slave1) and (samba-slave2).  The problem is when create user account from "samba-ad”  this account not sync to slave, but i create the account on   "samba-slave1" or "samba-slave2” this is sync on all server.

Samba version

[………………….]
root at samba-ad:~# samba -V
Version 4.7.6-Ubuntu

root at samba-slave1:~# samba -V
Version 4.7.6-Ubuntu

root at samba-slave2:~# samba -V
Version 4.7.6-Ubuntu

[………………….]


Example:

Create account on samba-ad (master server)

[………………….]
root at samba-ad:~# samba-tool user create steave ste at ave.10 --mail-address "steave at domain.com" --given-name "Steave" --must-change-at-next-login
User 'steave' created successfully

[………………….]


Search in samba-ad

[………………….]
root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
dn: CN=Steave,CN=Users,DC=domain,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Steave
givenName: Steave
instanceType: 4
whenCreated: 20190823191136.0Z
whenChanged: 20190823191136.0Z
displayName: Steave
uSNCreated: 2928230
.....
.....
.....

[………………….]



Check on samba-slave1 -> Not sync

[………………….]
root at samba-slave1:~# ldapsearch -LLL -x -H ldap://10.13.250.111 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
# refldap://domain.com/CN=Configuration,DC=domain,DC=com

# refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com

# refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
[………………….]


Check on samba-slave2 -> Not sync

[………………….]
root at samba-slave2:~# ldapsearch -LLL -x -H ldap://10.13.250.112 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
# refldap://domain.com/CN=Configuration,DC=domain,DC=com

# refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com

# refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
[………………….]


Example Nº2

Create user account on samba-slave2


[………………….]
root at samba-slave2:~# samba-tool user create alf alf at .10 --mail-address "alf at domain.com" --given-name "Alf" --must-change-at-next-login
User 'alf' created successfully
root at samba-slave2:~#
[………………….]


Check on samba-slave2 -> Sync ok


[………………….]
root at samba-slave2:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
dn: CN=Alf,CN=Users,DC=domain,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Alf
givenName: Alf
instanceType: 4
whenCreated: 20190823191926.0Z
[………………….]


Check on samba-slave1 -> Sync ok

[………………….]
root at samba-slave1:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
dn: CN=Alf,CN=Users,DC=domain,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Alf
givenName: Alf
instanceType: 4
whenCreated: 20190823191926.0Z
whenChanged: 20190823191926.0Z
displayName: Alf
uSNCreated: 1396773
[………………….]


Check on samba-ad -> Sync ok
[………………….]
root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx <ldap://10.13.xxx>.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
dn: CN=Alf,CN=Users,DC=domain,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Alf
givenName: Alf
instanceType: 4
whenCreated: 20190823191926.0Z
whenChanged: 20190823191926.0Z
displayName: Alf
uSNCreated: 2928583
uSNChanged: 2928583
[………………….]


From samba-ad the “samba-tool drs showrepl” command not listed errors


Can you help me, please. 

Thanks.