[Samba] Replication not working for remote Domain Controller

[Rowland penny]

On 12/12/2019 08:09, shacky wrote:
>
>     Good, the _msdcs domain is the forest domain
>
>
> So is it normal that DC4 is not in that?
>
>     but are there records for 
>
>     all three DCs in:
>
>     DC=your.domain.com
>     <http://your.domain.com>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=your,DC=domain,DC=com
>
>
> I tried to find this path in the LDAP Browser and ASDI Edit but I did 
> not manage in find it.
> In the Windows DNS Manager connected to DC1 I found _ldap SRV records 
> for dc1 and dc2 into DNS\dc1\Forward Lookup Zones\my.domain.com 
> <http://my.domain.com>\domaindnszones\_sites\mysite\_tcp.
> There are no record for dc4 there.
>
>     What version(s) of Samba is this ?
>
>
> Samba Version 4.6.7-Ubuntu on every three domain controllers.
>
> Thanks!

OK, log into a working DC and run this:

ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 
'DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' 
-s sub '(objectclass=dnsnode)' | grep dn:

Notes: it should all be on one line and. It will  you will have to alter 
it to match your DNS domain. It may also output a large amount, so you 
might have to redirect the output to a file with something like ' > 
/tmp/dn.txt'. You may also have to install ldb-tools.

In the output, there should be lines likes these:

dn: 
DC=_gc._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_msdcs,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldaps._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_gc._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp.ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_kpasswd._udp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_kerberos._udp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_kerberos._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_kpasswd._tcp,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=ForestDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_ldap._tcp.DomainDnsZones,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: 
DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com

There should also be a like this for every DC:

dn: 
DC=DC4,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com

Where did your domain come from ?

Was it provisioned as a Samba domain and if so, what Samba version was 
it ? Or was it originally a Windows domain and again, if it was, what 
was the original Windows version.

Rowland