[Samba] DC with outdated secrets
Johannes Engel
jcnengel at gmail.com
Mon Nov 4 07:51:00 UTC 2019
Hi Andrew,
thanks a lot for your help! Over night things seem to have settled, no more
error messages of that kind occur. :)
Best regards
Johannes
Am So., 3. Nov. 2019 um 21:21 Uhr schrieb Andrew Bartlett <
abartlet at samba.org>:
> On Sun, 2019-11-03 at 18:58 +0100, Johannes Engel via samba wrote:
> > Hi Andrew,
> >
> > thanks a lot, however, I am not entirely sure I understand your hint:
> > I have 3 DCs in the domain, the third of which is having the issue
> > described.
> > Now, here is what I did:
> > > samba-tool drs replicate DC3 DC2 dc=my,dc=domain --local -k no
> >
> > Partition[dc=my,dc=domain] objects[0] linked_values[0]
> > Incremental replication of 0 objects and 0 links from DC2 to
> > tdb:///var/lib/samba/private/sam.ldb was successful.
> >
> > > samba-tool drs replicate DC3 DC1 dc=my,dc=domain --local -k no
> >
> > Partition[dc=my,dc=domain] objects[0] linked_values[0]
> > Incremental replication of 0 objects and 0 links from DC1 to
> > tdb:///var/lib/samba/private/sam.ldb was successful.
> >
> > but:
> > > samba-tool drs replicate DC1 DC3 dc=my,dc=domain
> >
> > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> > drsException: DsReplicaSync failed (31, 'WERR_GEN_FAILURE')
> > File "/usr/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
> > 389,
> > in run
> > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> > source_dsa_guid, NC, req_options)
> > File "/usr/lib64/python2.7/site-packages/samba/drs_utils.py", line
> > 87, in
> > sendDsReplicaSync
> > raise drsException("DsReplicaSync failed %s" % estr)
> >
> > Did I miss anything?
>
> Did you run this on each DC? --local ignores the target DC argument
> and forces the replication into the local DB, whatever that happens to
> be.
>
> If you ran this on DC3 then "samba-tool drs replicate DC1 DC3" is
> really "samba-tool drs replicate DC3 DC3" which makes no sense (hence
> the failure). I'm glad it failed, as if it succeeded I have no idea
> what it would have done :-)
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
>
More information about the samba
mailing list