[Samba] Problem with sync user account from Samba Master to Samba Slave
Miguel Coa M.
mcoa at itlinux.cl
Fri Aug 23 21:13:33 UTC 2019
Hello,
The list fsmo is:
[........................]
root at samba-ad:~# samba-tool fsmo show
ldb_wrap open of secrets.ldb
SchemaMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
InfrastructureMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
RidAllocationMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
DomainNamingMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
root at samba-ad:~#
[……………………]
The "samba-tool drs showrepl" for three DC's .
From samba-ad
[........................]
root at samba-ad:~# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:samba-ad.domain.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name samba-ad.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-ad.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-ad.domain.com<0x20>
Default-First-Site-Name\samba-ad
DSA Options: 0x00000001
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
DSA invocationId: b0a91b8a-3bd6-4489-b846-ddba28dcf5a4
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 17:00:23 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:23 2019 -04
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:00:23 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:23 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 17:01:54 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:01:54 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:00:27 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:27 2019 -04
DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 17:00:27 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:27 2019 -04
DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:00:39 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:39 2019 -04
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 17:00:39 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:39 2019 -04
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:00:44 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:44 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 17:00:44 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:44 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:00:49 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:00:49 2019 -04
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 17:04:00 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 17:04:00 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:58:40 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:58:40 2019 -04
DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:48:33 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:48:33 2019 -04
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-1 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 36a4786c-c9de-4fc1-b2b7-390c0d7f4dba
Enabled : TRUE
Server DNS name : SAMBA-1.domain.com
Server DN name : CN=NTDS Settings,CN=SAMBA-1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: f74e48dd-ca6a-43a3-8c7e-ddba4203a12f
Enabled : TRUE
Server DNS name : SAMBA-2.domain.com
Server DN name : CN=NTDS Settings,CN=SAMBA-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[........................]
From samba-1
[........................]
root at samba-1:~# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:samba-1.domain.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name samba-1.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-1.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-1.domain.com<0x20>
Default-First-Site-Name\samba-1
DSA Options: 0x00000001
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
DSA invocationId: 5ab872d5-dbc6-49d1-83e4-78cf6dbc5aa8
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:45:25 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:45:25 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:45:29 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:45:29 2019 -04
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:44:48 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:48 2019 -04
DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:45:30 2019 -04 failed, result 58 (WERR_BAD_NET_RESP)
2361 consecutive failure(s).
Last success @ Fri Aug 23 13:34:38 2019 -04
DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ Fri Aug 23 16:44:50 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:44:50 2019 -04
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=domain,DC=com
Default-First-Site-Name\SAMBA-2 via RPC
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=domain,DC=com
Default-First-Site-Name\SAMBA-AD via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 4c77efe4-a389-496d-a90a-598c0e0c1aa3
Enabled : TRUE
Server DNS name : SAMBA-2.domain.com
Server DN name : CN=NTDS Settings,CN=SAMBA-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 89d66174-24d7-4dde-a70f-a4bc104da89b
Enabled : TRUE
Server DNS name : SAMBA-AD.domain.com
Server DN name : CN=NTDS Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[........................]
From samba-2
[........................]
root at samba-2:~# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:samba-2.domain.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name samba-2.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-2.domain.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name samba-2.domain.com<0x20>
Default-First-Site-Name\samba-2
DSA Options: 0x00000001
DSA object GUID: 2cd36245-dcae-479d-b8d0-b7a8e19caad3
DSA invocationId: 0ca5e964-c09b-42c0-a5ff-6eafdf5be5b8
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:49:47 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:49:47 2019 -04
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:49:45 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:49:45 2019 -04
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:46:10 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:46:10 2019 -04
DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ Fri Aug 23 16:47:53 2019 -04 was successful
0 consecutive failure(s).
Last success @ Fri Aug 23 16:47:53 2019 -04
DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ Fri Aug 23 16:47:54 2019 -04 failed, result 58 (WERR_BAD_NET_RESP)
7444 consecutive failure(s).
Last success @ Fri Aug 16 09:19:49 2019 -04
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=domain,DC=com
Default-First-Site-Name\samba-ad via RPC
DSA object GUID: 696d9995-8406-408c-82af-9aa254a6d338
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=domain,DC=com
Default-First-Site-Name\samba-2 via RPC
DSA object GUID: 7692d6b0-2684-4f27-937a-08f52be0d4c8
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 44d3df56-687e-4ed9-a0b8-310ff38a0c80
Enabled : TRUE
Server DNS name : samba-2.domain.com
Server DN name : CN=NTDS Settings,CN=samba-2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: a34532a3-b02a-41dc-88a5-d20ebc5be347
Enabled : TRUE
Server DNS name : samba-ad.domain.com
Server DN name : CN=NTDS Settings,CN=samba-ad,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root at samba-2:~#
root at samba-2:~#
[........................]
From samba-1 and samba-2 show the error " (WERR_BAD_NET_RESP)” to samba-ad .
Thanks.
> El 23-08-2019, a las 16:36, Rowland penny via samba <samba at lists.samba.org> escribió:
>
> On 23/08/2019 20:55, Miguel Coa M. via samba wrote:
>> Hello,
>> i’ve Samba 4.7 with domain controller with 3 servers, 1 DC (samba-ad) and two other DCs (samba-1) and (samba-2). The problem is when create user account from "samba-ad” this account not sync to other, but i create the account on "samba-1" or "samba-2” this is sync on all server.
>>
>> Samba version
>>
>> [………………….]
>> root at samba-ad:~# samba -V
>> Version 4.7.6-Ubuntu
>>
>> root at samba-1:~# samba -V
>> Version 4.7.6-Ubuntu
>>
>> root at samba-2:~# samba -V
>> Version 4.7.6-Ubuntu
>>
>> [………………….]
>>
>>
>> Example:
>>
>> Create account on samba-ad (A DC that probably holds all the FSMO roles)
>>
>> [………………….]
>> root at samba-ad:~# samba-tool user create steave ste at ave.10 --mail-address "steave at domain.com" --given-name "Steave" --must-change-at-next-login
>> User 'steave' created successfully
>>
>> [………………….]
>>
>>
>> Search in samba-ad
>>
>> [………………….]
>> root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword "(sAMAccountName=steave)"
>> dn: CN=Steave,CN=Users,DC=domain,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Steave
>> givenName: Steave
>> instanceType: 4
>> whenCreated: 20190823191136.0Z
>> whenChanged: 20190823191136.0Z
>> displayName: Steave
>> uSNCreated: 2928230
>> .....
>> .....
>> .....
>>
>> [………………….]
>>
>>
>>
>> Check on samba-1 -> Not sync
>>
>> [………………….]
>> root at samba-1:~# ldapsearch -LLL -x -H ldap://10.13.250.111 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword "(sAMAccountName=steave)"
>> # refldap://domain.com/CN=Configuration,DC=domain,DC=com
>>
>> # refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com
>>
>> # refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
>> [………………….]
>>
>>
>> Check on samba-2 -> Not sync
>>
>> [………………….]
>> root at samba-2:~# ldapsearch -LLL -x -H ldap://10.13.250.112 -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wMyP at ssword "(sAMAccountName=steave)"
>> # refldap://domain.com/CN=Configuration,DC=domain,DC=com
>>
>> # refldap://domain.com/DC=DomainDnsZones,DC=domain,DC=com
>>
>> # refldap://domain.com/DC=ForestDnsZones,DC=domain,DC=com
>> [………………….]
>>
>>
>> Example Nº2
>>
>> Create user account on samba-2
>>
>>
>> [………………….]
>> root at samba-2:~# samba-tool user create alf alf at .10 --mail-address "alf at domain.com" --given-name "Alf" --must-change-at-next-login
>> User 'alf' created successfully
>> root at samba-2:~#
>> [………………….]
>>
>>
>> Check on samba-2 -> Sync ok
>>
>>
>> [………………….]
>> root at samba-2:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword "(sAMAccountName=alf)"
>> dn: CN=Alf,CN=Users,DC=domain,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Alf
>> givenName: Alf
>> instanceType: 4
>> whenCreated: 20190823191926.0Z
>> [………………….]
>>
>>
>> Check on samba-1 -> Sync ok
>>
>> [………………….]
>> root at samba-1:~# ldapsearch -LLL -x -H ldap://10.13.xxx.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword "(sAMAccountName=alf)"
>> dn: CN=Alf,CN=Users,DC=domain,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Alf
>> givenName: Alf
>> instanceType: 4
>> whenCreated: 20190823191926.0Z
>> whenChanged: 20190823191926.0Z
>> displayName: Alf
>> uSNCreated: 1396773
>> [………………….]
>>
>>
>> Check on samba-ad -> Sync ok
>> [………………….]
>> root at samba-ad:~# ldapsearch -LLL -x -H ldap://10.13.xxx <ldap://10.13.xxx>.xxx -b "DC=domain,DC=com" -D "CN=administrator,CN=Users,DC=domain,DC=com" -wyP at ssword "(sAMAccountName=alf)"
>> dn: CN=Alf,CN=Users,DC=domain,DC=com
>> objectClass: top
>> objectClass: person
>> objectClass: organizationalPerson
>> objectClass: user
>> cn: Alf
>> givenName: Alf
>> instanceType: 4
>> whenCreated: 20190823191926.0Z
>> whenChanged: 20190823191926.0Z
>> displayName: Alf
>> uSNCreated: 2928583
>> uSNChanged: 2928583
>> [………………….]
>>
>>
>> From samba-ad the “samba-tool drs showrepl” command not listed errors
>>
>>
>> Can you help me, please.
>
> I have helped you by first rewriting your post, you do not have a master DC and two slaves, you have three DCs, one of which probably holds all the FSMO roles, but any of them could hold any or all of the FSMO roles.
>
> If replication is working then, no matter which DC you create a user on, the user should be replicated to the other DCs.
>
> Please show the output of 'samba-tool drs showrepl <one ot the other DCS>' from each DC.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list