[Samba] Automate Kerberized SSH Connections using Samba 4 as the KDC??
Zombie Ryushu
zombie_ryushu at yahoo.com
Wed Oct 30 01:03:13 UTC 2019
On 10/29/19 6:14 AM, L.P.H. van Belle via samba wrote:
> I'm pretty sure this is a resolving problem.
>
> Can you verify this:
> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
> Especialy these : for both guids and cross check if from both servers.
> host -t CNAME 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa._msdcs.....
>
> Can you post from both server.
> /etc/hosts
> /etc/resolv.conf
>
> host servername
> host fqdn
>
> host servername @dns othere server
> host fqdn @dns othere server
>
> repeat the post part for the other host.
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Zombie Ryushu via samba
>> Verzonden: dinsdag 29 oktober 2019 10:23
>> Aan: Rowland penny; samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba Replication problem between two DCs
>>
>> On 10/29/19 5:17 AM, Rowland penny via samba wrote:
>>> On 29/10/2019 00:47, Zombie Ryushu via samba wrote:
>>>> I am having issues with Samba DC replication between two directly
>>>> connected DCs.
>>>>
>>>> I don't understand what is wrong or how to fix it. Can
>> someone advise?
>>>> $ sudo samba-tool drs showrepl
>>>> Default-First-Site-Name\OLYMPIA
>>>> DSA Options: 0x00000001
>>>> DSA object GUID: 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> DSA invocationId: d7f3c683-fcf2-473c-be01-a6f58af6cb88
>>>>
>>>> ==== INBOUND NEIGHBORS ====
>>>>
>>>> DC=DomainDnsZones,DC=pukey
>>>> ?????????????? Default-First-Site-Name\KEFKA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> a35b2245-3340-4182-aaf8-dd344725805e
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 21813 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23
>>>> 2019 EDT
>>>>
>>>> DC=pukey
>>>> ?????????????? Default-First-Site-Name\KEFKA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> a35b2245-3340-4182-aaf8-dd344725805e
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 21806 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:19
>>>> 2019 EDT
>>>>
>>>> DC=ForestDnsZones,DC=pukey
>>>> ?????????????? Default-First-Site-Name\KEFKA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> a35b2245-3340-4182-aaf8-dd344725805e
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 21812 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23
>>>> 2019 EDT
>>>>
>>>> CN=Configuration,DC=pukey
>>>> ?????????????? Default-First-Site-Name\KEFKA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> a35b2245-3340-4182-aaf8-dd344725805e
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 21813 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:18
>>>> 2019 EDT
>>>>
>>>> CN=Schema,CN=Configuration,DC=pukey
>>>> ?????????????? Default-First-Site-Name\KEFKA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> a35b2245-3340-4182-aaf8-dd344725805e
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 21811 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:14
>>>> 2019 EDT
>>>>
>>>> ==== OUTBOUND NEIGHBORS ====
>>>>
>>>> ==== KCC CONNECTION OBJECTS ====
>>>>
>>>> Connection --
>>>> ?????????????? Connection name:
>> 306b7c01-f16d-4a26-855b-516dd5f12f33
>>>> ?????????????? Enabled?????????????? : TRUE
>>>> ?????????????? Server DNS name : kefka.pukey
>>>> ?????????????? Server DN name?? : CN=NTDS
>>>>
>> Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sit
> es,CN=Configuration,DC=pukey
>>>> ?????????????????????????????? TransportType: RPC
>>>> ?????????????????????????????? options: 0x00000001
>>>> Warning: No NC replicated for Connection!
>>>>
>>>> Here is the other DC,
>>>>
>>>> $ sudo samba-tool drs showrepl
>>>> Default-First-Site-Name\KEFKA
>>>> DSA Options: 0x00000001
>>>> DSA object GUID: a35b2245-3340-4182-aaf8-dd344725805e
>>>> DSA invocationId: 07b63046-64e7-43c1-84a2-8ba3541c712a
>>>>
>>>> ==== INBOUND NEIGHBORS ====
>>>>
>>>> DC=DomainDnsZones,DC=pukey
>>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 1934 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ NTTIME(0)
>>>>
>>>> DC=pukey
>>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 1934 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ NTTIME(0)
>>>>
>>>> DC=ForestDnsZones,DC=pukey
>>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 1934 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ NTTIME(0)
>>>>
>>>> CN=Configuration,DC=pukey
>>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 1934 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ NTTIME(0)
>>>>
>>>> CN=Schema,CN=Configuration,DC=pukey
>>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC
>>>> ?????????????????????????????? DSA object GUID:
>>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa
>>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04
>>>> 2019 EDT failed,
>>>> result 2 (WERR_FILE_NOT_FOUND)
>>>> ?????????????????????????????? 1933 consecutive failure(s).
>>>> ?????????????????????????????? Last success @ NTTIME(0)
>>>>
>>>> ==== OUTBOUND NEIGHBORS ====
>>>>
>>>> ==== KCC CONNECTION OBJECTS ====
>>>>
>>>> Connection --
>>>> ?????????????? Connection name:
>> 163a6f30-e1d3-4255-8b75-85fce23bb4c4
>>>> ?????????????? Enabled?????????????? : TRUE
>>>> ?????????????? Server DNS name : olympia.pukey
>>>> ?????????????? Server DN name?? : CN=NTDS
>>>>
>> Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site-Name,CN=S
> ites,CN=Configuration,DC=pukey
>>>> ?????????????????????????????? TransportType: RPC
>>>> ?????????????????????????????? options: 0x00000001
>>>> Warning: No NC replicated for Connection!
>>>>
>>>>
>>> You can start by running 'samba-tool dbcheck', but you are going to
>>> have to give us more info, what OS ? What Samba version ?
>> What is the
>>> smb.conf files ?
>>>
>>> Rowland
>>>
>>>
>>>
>> On Olympia:
>>
>> $ sudo samba-tool dbcheck
>> Checking 313 objects
>> Checked 313 objects (0 errors)
>>
>> On Kefka
>>
>> $ sudo samba-tool dbcheck
>> Checking 312 objects
>> Checked 312 objects (0 errors)
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
Success! After adding the entries, Replication is working.
Is it possible to use Samba to automate Kerberized SSH for keytab based
Sign in by Unison? I want to use Unison to Sync OwnCloud/NextCloud.
More information about the samba
mailing list