[Samba] Joining_a_Samba_DC_to_an_Existing_Active_Directory

Corrado Ravinetto corrado.ravinetto at lanificiocerruti.com
Tue Feb 26 13:44:07 UTC 2019


Hello all
this morning i followed wiki in subject to replicate my active 
directory, but it fails with this error:

[root at dc1 etc]#  samba-tool drs showrepl
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
DSA invocationId: 834770f4-c5a7-48c7-bc77-66e2cf37e557

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=lxcerruti,DC=com
         Default-First-Site-Name\DC2 via RPC
                 DSA object GUID: 2c8db74e-548c-43db-996a-a5287c6aa557
                 Last attempt @ Tue Feb 26 14:28:28 2019 CET failed, 
result 1232 (WERR_HOST_UNREACHABLE)
                 31 consecutive failure(s).
                 Last success @ NTTIME(0)

and many rows like this in log.smbd:
[2019/02/26 14:33:01.184413,  0] 
../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
   Failed to connect host 192.168.4.33 on port 135 - 
NT_STATUS_HOST_UNREACHABLE
[2019/02/26 14:33:01.184547,  0] 
../source4/librpc/rpc/dcerpc_sock.c:245(continue_ip_open_socket)
   Failed to connect host 192.168.4.33 
(2c8db74e-548c-43db-996a-a5287c6aa557._msdcs.lxcerruti.com) on port 135 
- NT_STATUS_HOST_UNREACHABLE.

I have 2 dc named dc1 and dc2

****** DC1 ******

OS: centos-release-7-6.1810.2.el7.centos.x86_64
SAMBA: Version 4.9.1
compiled from source

smb.conf :
[global]
         netbios name = DC1
         realm = LXCERRUTI.COM
         server role = active directory domain controller
         workgroup = LXCERRUTI

         idmap_ldb:use rfc2307 = yes

         dns forwarder = 192.168.1.1

resolv.conf:
search lxcerruti.com
nameserver 192.168.4.34
nameserver 192.168.4.33
nameserver 192.168.1.1

****** DC2 ******

OS: centos-release-7-6.1810.2.el7.centos.x86_64
SAMBA: Version 4.9.4
compiled from source

smb.conf:
[global]
         netbios name = DC2
         realm = LXCERRUTI.COM
         server role = active directory domain controller
         workgroup = LXCERRUTI
         idmap_ldb:use rfc2307 = yes

resolv.conf:
search lxcerruti.com
nameserver 192.168.4.34
nameserver 192.168.4.33
nameserver 192.168.1.1

[root at dc2 etc]# samba-tool drs showrepl
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: 2c8db74e-548c-43db-996a-a5287c6aa557
DSA invocationId: 7084538f-4122-4373-9d42-b19cce814997

==== INBOUND NEIGHBORS ====

DC=ForestDnsZones,DC=lxcerruti,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
                 Last attempt @ Tue Feb 26 14:37:00 2019 CET was successful
                 0 consecutive failure(s).
                 Last success @ Tue Feb 26 14:37:00 2019 CET

CN=Schema,CN=Configuration,DC=lxcerruti,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
                 Last attempt @ Tue Feb 26 14:37:00 2019 CET was successful
                 0 consecutive failure(s).
                 Last success @ Tue Feb 26 14:37:00 2019 CET

CN=Configuration,DC=lxcerruti,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
                 Last attempt @ Tue Feb 26 14:37:00 2019 CET was successful
                 0 consecutive failure(s).
                 Last success @ Tue Feb 26 14:37:00 2019 CET

DC=DomainDnsZones,DC=lxcerruti,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
                 Last attempt @ Tue Feb 26 14:37:00 2019 CET was successful
                 0 consecutive failure(s).
                 Last success @ Tue Feb 26 14:37:00 2019 CET

DC=lxcerruti,DC=com
         Default-First-Site-Name\DC1 via RPC
                 DSA object GUID: 8ba457e4-815d-4bd3-a748-8b5ddb53fd5f
                 Last attempt @ Tue Feb 26 14:37:00 2019 CET was successful
                 0 consecutive failure(s).
                 Last success @ Tue Feb 26 14:37:00 2019 CET

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====

Connection --
         Connection name: 4e04fffb-e248-4fec-b254-47338f1d01a1
         Enabled        : TRUE
         Server DNS name : dc1.lxcerruti.com
         Server DN name  : CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lxcerruti,DC=com
                 TransportType: RPC
                 options: 0x00000001
Warning: No NC replicated for Connection!


Any suggestions are appreciated :-)

br

-- 

*Corrado Ravinetto *




More information about the samba mailing list