[Samba] Replication issues samba 4.10.11-SerNet-Debian-10.buster
Ilias Chasapakis forumZFD
chasapakis at forumZFD.de
Thu Dec 12 11:22:38 UTC 2019
Hello,
We added a new samba DC with 4.10.11-SerNet-Debian-10.buster to our
existing 5 ones and can´t obtain replication.
Comparing configuration with other functioning DCs did not show any
relevant difference.
The only difference during the configuration procedure was that DNS PTR
and A records were added after joining the domain and not before.
The sernet-samba-ad service is running but throws the following warnings:
> [2019/12/12 17:52:55.375238, 0]
> ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Dec 12 17:52:55 dchost samba[489]: /usr/sbin/samba_kcc:
> self.schedule = ndr_unpack(drsblobs.schedule, value)
> Dec 12 17:52:55 dchost samba[489]: [2019/12/12 17:52:55.375467, 0]
> ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Dec 12 17:52:55 dchost samba[489]: /usr/sbin/samba_kcc: File
> "/usr/lib/python2.7/dist-packages/samba/ndr.py", line 48, in ndr_unpack
> Dec 12 17:52:55 dchost samba[489]: [2019/12/12 17:52:55.375704, 0]
> ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Dec 12 17:52:55 dchost samba[489]: /usr/sbin/samba_kcc:
> ndr_unpack(data, allow_remaining=allow_remaining)
> Dec 12 17:52:55 dchost samba[489]: [2019/12/12 17:52:55.375955, 0]
> ../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> Dec 12 17:52:55 dchost samba[489]: /usr/sbin/samba_kcc:
> RuntimeError: (12, 'Allocation Error')
> Dec 12 17:52:55 dchost samba[489]: [2019/12/12 17:52:55.387666, 0]
> ../../source4/dsdb/kcc/kcc_periodic.c:768(samba_kcc_done)
> Dec 12 17:52:55 dchost samba[489]:
> ../../source4/dsdb/kcc/kcc_periodic.c:768: Failed samba_kcc -
> NT_STATUS_ACCESS_DENIED
The replication check output is "all good" though
> root at dchost:~# samba-tool drs showrepl --summary
> [ALL GOOD]
The replication command seems giving an OK output:
> samba-tool drs replicate dchost sourcedc dc=DC,dc=example,dc=com
> Replicate from sourcedc to dchost was successful.
Checking DNS seems to prove that replication was not instead succesful:
> host -t SRV _ldap._tcp.dc.example.com
> _ldap._tcp.dc.example.com has SRV record 0 100 389 addc01.dc.example.com
> _ldap._tcp.dc.example.com has SRV record 0 100 389 addc02.dc.example.com
> _ldap._tcp.dc.example.com has SRV record 0 100 389 addc3.dc.example.com
> _ldap._tcp.dc.example.com has SRV record 0 100 389 addc2.dc.example.com
> _ldap._tcp.dc.example.com has SRV record 0 100 389 addc03.dc.example.com
Authentication on new DC actually fails (so we suppose no replication
took place anyway).
--
forumZFD
Entschieden für Frieden|Committed to Peace
Ilias Chasapakis
IT-Systemadministrator
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list