[Samba] Replication problem when adding new DC member
Piers Kittel
piers at centrefordeaf.org.uk
Mon Mar 25 14:28:52 UTC 2019
Hi all,
So we have a single AD-DC master, and I'm trying to join a fresh new DC
(DOMAIN-ad.DOMAIN.intranet, 192.168.0.11) to the master
(ad.DOMAIN.intranet, 192.168.0.17), and I'm using the HOWTO here:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
and I've hit a problem in the section "Built-in User & Group ID
Mappings" - when doing the following after copying over the idmap.ldb
manually (note, ntacls.py was modified to output the file the script is
trying to open):
samba-tool ntacl sysvolreset
I get:
root at DOMAIN-ad:/var/lib/samba/private# samba-tool ntacl sysvolreset
>>>>>>>>>>> /var/lib/samba/sysvol
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet/scripts
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet/Policies
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line
239, in run
lp, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1609, in setsysvolacl
set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
use_ntvfs, passdb=s4_passdb)
File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line 1502, in set_gpos_acl
use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb,
service=SYSVOL_SERVICE)
File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 163, in
setntacl
smbd.set_nt_acl(file, security.SECINFO_OWNER |
security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL,
sd, service=service)
So I try to check the replication status but as the samba service isn't
currently running (as per HOWTO) it unsurprisingly fails:
root at DOMAIN-ad:/var/lib/samba/sysvol/DOMAIN.intranet# samba-tool drs
showrepl
Failed to connect host 192.168.0.11 on port 135 -
NT_STATUS_CONNECTION_REFUSED
Failed to connect host 192.168.0.11 (DOMAIN-ad.DOMAIN.intranet) on port
135 - NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
DOMAIN-ad.DOMAIN.intranet failed - drsException: DRS connection to
DOMAIN-ad.DOMAIN.intranet failed: (-1073741258, 'The connection was
refused')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 41,
in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54,
in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
How do I fix this issue please? Both servers are running the exact same
version of Debian 9, Samba updated to version 4.5.16-Debian.
Many thanks for your time!
With kind regards - Piers
More information about the samba
mailing list