[Samba] Problem with sync user account from Samba Master to Samba Slave

Rowland penny rpenny at samba.org
Fri Aug 23 20:36:00 UTC 2019 

On 23/08/2019 20:55, Miguel Coa M. via samba wrote:
> Hello,
> i’ve Samba 4.7 with domain controller with 3 servers, 1 DC (samba-ad) and two other DCs (samba-1) and (samba-2).  The problem is when create user account from "samba-ad”  this account not sync to other, but i create the account on   "samba-1" or "samba-2” this is sync on all server.
>
> Samba version
>
> [………………….]
> root at samba-ad:~# samba -V
> Version 4.7.6-Ubuntu
>
> root at samba-1:~# samba -V
> Version 4.7.6-Ubuntu
>
> root at samba-2:~# samba -V
> Version 4.7.6-Ubuntu
>
> [………………….]
>
>
> Example:
>
> Create account on samba-ad (A DC that probably holds all the FSMO roles)
>
> [………………….]
> root at samba-ad:~# samba-tool user create steave ste at ave.10 --mail-address "steave at domain.com" --given-name "Steave" --must-change-at-next-login
> User 'steave' created successfully
>
> [………………….]
>
>
> Search in samba-ad
>
> [………………….]
> root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
> dn: CN=Steave,CN=Users,DC=domain,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Steave
> givenName: Steave
> instanceType: 4
> whenCreated: 20190823191136.0Z
> whenChanged: 20190823191136.0Z
> displayName: Steave
> uSNCreated: 2928230
> .....
> .....
> .....
>
> [………………….]
>
>
>
> Check on samba-1 -> Not sync
>
> [………………….]
> root at samba-1:~# ldapsearch -LLL -x -H ldap://10.13.250.111 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
> # refldap://domain.com/CN=Configuration,DC=domain,DC=com
>
> # refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com
>
> # refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
> [………………….]
>
>
> Check on samba-2 -> Not sync
>
> [………………….]
> root at samba-2:~# ldapsearch -LLL -x -H ldap://10.13.250.112 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword  "(sAMAccountName=steave)"
> # refldap://domain.com/CN=Configuration,DC=domain,DC=com
>
> # refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com
>
> # refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
> [………………….]
>
>
> Example Nº2
>
> Create user account on samba-2
>
>
> [………………….]
> root at samba-2:~# samba-tool user create alf alf at .10 --mail-address "alf at domain.com" --given-name "Alf" --must-change-at-next-login
> User 'alf' created successfully
> root at samba-2:~#
> [………………….]
>
>
> Check on samba-2 -> Sync ok
>
>
> [………………….]
> root at samba-2:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
> dn: CN=Alf,CN=Users,DC=domain,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Alf
> givenName: Alf
> instanceType: 4
> whenCreated: 20190823191926.0Z
> [………………….]
>
>
> Check on samba-1 -> Sync ok
>
> [………………….]
> root at samba-1:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
> dn: CN=Alf,CN=Users,DC=domain,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Alf
> givenName: Alf
> instanceType: 4
> whenCreated: 20190823191926.0Z
> whenChanged: 20190823191926.0Z
> displayName: Alf
> uSNCreated: 1396773
> [………………….]
>
>
> Check on samba-ad -> Sync ok
> [………………….]
> root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx <ldap://10.13.xxx>.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword  "(sAMAccountName=alf)"
> dn: CN=Alf,CN=Users,DC=domain,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Alf
> givenName: Alf
> instanceType: 4
> whenCreated: 20190823191926.0Z
> whenChanged: 20190823191926.0Z
> displayName: Alf
> uSNCreated: 2928583
> uSNChanged: 2928583
> [………………….]
>
>
>  From samba-ad the “samba-tool drs showrepl” command not listed errors
>
>
> Can you help me, please.

I have helped you by first rewriting your post, you do not have a master 
DC and two slaves, you have three DCs, one of which probably holds all 
the FSMO roles, but any of them could hold any or all of the FSMO roles.

If replication is working then, no matter which DC you create a user on, 
the user should be replicated to the other DCs.

Please show the output of 'samba-tool drs showrepl <one ot the other 
DCS>' from each DC.

Rowland

More information about the samba mailing list