[Samba] User names not replicating to secondary DC

durwin at mgtsciences.com durwin at mgtsciences.com
Fri Feb 28 15:19:04 UTC 2020 

> >
> > > Why are you using the internal dns server on one DC and Bind9 on the 

> > other ?
> > I am very familiar with configuring Named on Fedora.  I thought it 
> > would be
> > just as easy on Ubuntu.  After discovering the files were in different 

> > places
> > and so many more being 'included', I decided to use internal on the 
> > second
> > one.  I believe there is a command to switch over to internal, 
correct?
> 
> There is, samba_upgradedns, but in your case, I would suggest you 
> upgrade the internal dns to bind9. Every DC is authoritative for the dns 

> domain, there are no slaves. this means that your forwarders must be 
> outside the AD dns domain.
> 
> Try this /etc/bind/named.conf.options:
> 
> acl "trusted" {
>          172.23.93.0/24;
>          127.0.0.1;
> };
> 
> options {
>          directory "/var/cache/bind";
>          notify no;
>          empty-zones-enable no;
>          allow-query { trusted;};
>          allow-recursion { trusted;};
>          forwarders { 8.8.8.8; };
>          allow-transfer { none;};
>          dnssec-validation no;
>          dnssec-enable no;
>          dnssec-lookaside no;
>          listen-on-v6 { none; };
>          listen-on port 53 { 172.23.93.25; 127.0.0.1; };
> 
>          tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };

I made these changes as well as converting dc1 to bind_dlz.
Still on replication of new user to secondary DC.

Here is output from 'samba-tool drs showrepl'

Ubuntu18.04> samba-tool drs showrepl
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 891b31bc-f3a6-45c8-acf8-a5416c669084
DSA invocationId: 58a95aa5-5fb2-4983-94aa-18f06698383a

==== INBOUND NEIGHBORS ====

CN=Configuration,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ Fri Feb 28 08:09:58 2020 MST was successful
       0 consecutive failure(s).
       Last success @ Fri Feb 28 08:09:58 2020 MST

CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ Fri Feb 28 08:10:00 2020 MST was successful
       0 consecutive failure(s).
       Last success @ Fri Feb 28 08:10:00 2020 MST

DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ Fri Feb 28 08:10:01 2020 MST was successful
       0 consecutive failure(s).
       Last success @ Fri Feb 28 08:10:01 2020 MST

DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ Fri Feb 28 08:09:55 2020 MST was successful
       0 consecutive failure(s).
       Last success @ Fri Feb 28 08:09:55 2020 MST

DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ Fri Feb 28 08:11:10 2020 MST was successful
       0 consecutive failure(s).
       Last success @ Fri Feb 28 08:11:10 2020 MST

==== OUTBOUND NEIGHBORS ====

CN=Configuration,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ NTTIME(0) was successful
       0 consecutive failure(s).
       Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ NTTIME(0) was successful
       0 consecutive failure(s).
       Last success @ NTTIME(0)

DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ NTTIME(0) was successful
       0 consecutive failure(s).
       Last success @ NTTIME(0)

DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ NTTIME(0) was successful
       0 consecutive failure(s).
       Last success @ NTTIME(0)

DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
   Default-First-Site-Name\DC0 via RPC
       DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
       Last attempt @ NTTIME(0) was successful
       0 consecutive failure(s).
       Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ====

Connection --
   Connection name: 79339f2a-0afd-4378-b77d-55e32c253ece
   Enabled        : TRUE
   Server DNS name : dc0.msi.mydomain.com
   Server DN name  : CN=NTDS 
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=msi,DC=mydomain,DC=com
       TransportType: RPC
       options: 0x00000001
Warning: No NC replicated for Connection!

> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.

More information about the samba mailing list