[Samba] DC with outdated secrets
Matjaz Matjaz
matyaz at yahoo.com
Sun Nov 3 22:14:47 UTC 2019
for facebook mistakes if you get ]* you put paste someones head
Dne nedelja, 3. november 2019 21:22:37 GMT+1 je uporabnik Andrew Bartlett via samba <samba at lists.samba.org> napisal:
On Sun, 2019-11-03 at 18:58 +0100, Johannes Engel via samba wrote:
> Hi Andrew,
>
> thanks a lot, however, I am not entirely sure I understand your hint:
> I have 3 DCs in the domain, the third of which is having the issue
> described.
> Now, here is what I did:
> > samba-tool drs replicate DC3 DC2 dc=my,dc=domain --local -k no
>
> Partition[dc=my,dc=domain] objects[0] linked_values[0]
> Incremental replication of 0 objects and 0 links from DC2 to
> tdb:///var/lib/samba/private/sam.ldb was successful.
>
> > samba-tool drs replicate DC3 DC1 dc=my,dc=domain --local -k no
>
> Partition[dc=my,dc=domain] objects[0] linked_values[0]
> Incremental replication of 0 objects and 0 links from DC1 to
> tdb:///var/lib/samba/private/sam.ldb was successful.
>
> but:
> > samba-tool drs replicate DC1 DC3 dc=my,dc=domain
>
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
> File "/usr/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
> 389,
> in run
> drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
> File "/usr/lib64/python2.7/site-packages/samba/drs_utils.py", line
> 87, in
> sendDsReplicaSync
> raise drsException("DsReplicaSync failed %s" % estr)
>
> Did I miss anything?
Did you run this on each DC? --local ignores the target DC argument
and forces the replication into the local DB, whatever that happens to
be.
If you ran this on DC3 then "samba-tool drs replicate DC1 DC3" is
really "samba-tool drs replicate DC3 DC3" which makes no sense (hence
the failure). I'm glad it failed, as if it succeeded I have no idea
what it would have done :-)
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list