[Samba] User names not replicating to secondary DC
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 28 15:23:24 UTC 2020
Can you run this script on both DC's.
https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh
Anonimize where needed but keep thing like.
You.dom.tld like that, dont change that to example.tld.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Durwin via samba
> Verzonden: vrijdag 28 februari 2020 16:19
> Aan: Rowland penny
> CC: sambalist; samba
> Onderwerp: Re: [Samba] User names not replicating to secondary DC
>
> > >
> > > > Why are you using the internal dns server on one DC and
> Bind9 on the
>
> > > other ?
> > > I am very familiar with configuring Named on Fedora. I
> thought it
> > > would be
> > > just as easy on Ubuntu. After discovering the files were
> in different
>
> > > places
> > > and so many more being 'included', I decided to use
> internal on the
> > > second
> > > one. I believe there is a command to switch over to internal,
> correct?
> >
> > There is, samba_upgradedns, but in your case, I would suggest you
> > upgrade the internal dns to bind9. Every DC is
> authoritative for the dns
>
> > domain, there are no slaves. this means that your
> forwarders must be
> > outside the AD dns domain.
> >
> > Try this /etc/bind/named.conf.options:
> >
> > acl "trusted" {
> > 172.23.93.0/24;
> > 127.0.0.1;
> > };
> >
> > options {
> > directory "/var/cache/bind";
> > notify no;
> > empty-zones-enable no;
> > allow-query { trusted;};
> > allow-recursion { trusted;};
> > forwarders { 8.8.8.8; };
> > allow-transfer { none;};
> > dnssec-validation no;
> > dnssec-enable no;
> > dnssec-lookaside no;
> > listen-on-v6 { none; };
> > listen-on port 53 { 172.23.93.25; 127.0.0.1; };
> >
> > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > };
>
> I made these changes as well as converting dc1 to bind_dlz.
> Still on replication of new user to secondary DC.
>
> Here is output from 'samba-tool drs showrepl'
>
> Ubuntu18.04> samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 891b31bc-f3a6-45c8-acf8-a5416c669084
> DSA invocationId: 58a95aa5-5fb2-4983-94aa-18f06698383a
>
> ==== INBOUND NEIGHBORS ====
>
> CN=Configuration,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ Fri Feb 28 08:09:58 2020 MST was successful
> 0 consecutive failure(s).
> Last success @ Fri Feb 28 08:09:58 2020 MST
>
> CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ Fri Feb 28 08:10:00 2020 MST was successful
> 0 consecutive failure(s).
> Last success @ Fri Feb 28 08:10:00 2020 MST
>
> DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ Fri Feb 28 08:10:01 2020 MST was successful
> 0 consecutive failure(s).
> Last success @ Fri Feb 28 08:10:01 2020 MST
>
> DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ Fri Feb 28 08:09:55 2020 MST was successful
> 0 consecutive failure(s).
> Last success @ Fri Feb 28 08:09:55 2020 MST
>
> DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ Fri Feb 28 08:11:10 2020 MST was successful
> 0 consecutive failure(s).
> Last success @ Fri Feb 28 08:11:10 2020 MST
>
> ==== OUTBOUND NEIGHBORS ====
>
> CN=Configuration,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
> Default-First-Site-Name\DC0 via RPC
> DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
> Last attempt @ NTTIME(0) was successful
> 0 consecutive failure(s).
> Last success @ NTTIME(0)
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: 79339f2a-0afd-4378-b77d-55e32c253ece
> Enabled : TRUE
> Server DNS name : dc0.msi.mydomain.com
> Server DN name : CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=msi,DC=mydomain,DC=com
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> This email message and any attachments are for the sole use of the
> intended recipient(s) and may contain proprietary and/or confidential
> information which may be privileged or otherwise protected from
> disclosure. Any unauthorized review, use, disclosure or
> distribution is
> prohibited. If you are not the intended recipient(s), please
> contact the
> sender by reply email and destroy the original message and
> any copies of
> the message as well as any attachments to the original message.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list