[Samba] User names not replicating to secondary DC

L.P.H. van Belle belle at bazuin.nl
Fri Feb 28 15:23:24 UTC 2020


Can you run this script on both DC's. 

https://github.com/thctlo/samba4/raw/master/samba-collect-debug-info.sh 

Anonimize where needed but keep thing like. 
You.dom.tld like that, dont change that to example.tld. 

Greetz, 

Louis 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Durwin via samba
> Verzonden: vrijdag 28 februari 2020 16:19
> Aan: Rowland penny
> CC: sambalist; samba
> Onderwerp: Re: [Samba] User names not replicating to secondary DC
> 
> > >
> > > > Why are you using the internal dns server on one DC and 
> Bind9 on the 
> 
> > > other ?
> > > I am very familiar with configuring Named on Fedora.  I 
> thought it 
> > > would be
> > > just as easy on Ubuntu.  After discovering the files were 
> in different 
> 
> > > places
> > > and so many more being 'included', I decided to use 
> internal on the 
> > > second
> > > one.  I believe there is a command to switch over to internal, 
> correct?
> > 
> > There is, samba_upgradedns, but in your case, I would suggest you 
> > upgrade the internal dns to bind9. Every DC is 
> authoritative for the dns 
> 
> > domain, there are no slaves. this means that your 
> forwarders must be 
> > outside the AD dns domain.
> > 
> > Try this /etc/bind/named.conf.options:
> > 
> > acl "trusted" {
> >          172.23.93.0/24;
> >          127.0.0.1;
> > };
> > 
> > options {
> >          directory "/var/cache/bind";
> >          notify no;
> >          empty-zones-enable no;
> >          allow-query { trusted;};
> >          allow-recursion { trusted;};
> >          forwarders { 8.8.8.8; };
> >          allow-transfer { none;};
> >          dnssec-validation no;
> >          dnssec-enable no;
> >          dnssec-lookaside no;
> >          listen-on-v6 { none; };
> >          listen-on port 53 { 172.23.93.25; 127.0.0.1; };
> > 
> >          tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > };
> 
> I made these changes as well as converting dc1 to bind_dlz.
> Still on replication of new user to secondary DC.
> 
> Here is output from 'samba-tool drs showrepl'
> 
> Ubuntu18.04> samba-tool drs showrepl
> Default-First-Site-Name\DC1
> DSA Options: 0x00000001
> DSA object GUID: 891b31bc-f3a6-45c8-acf8-a5416c669084
> DSA invocationId: 58a95aa5-5fb2-4983-94aa-18f06698383a
> 
> ==== INBOUND NEIGHBORS ====
> 
> CN=Configuration,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ Fri Feb 28 08:09:58 2020 MST was successful
>        0 consecutive failure(s).
>        Last success @ Fri Feb 28 08:09:58 2020 MST
> 
> CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ Fri Feb 28 08:10:00 2020 MST was successful
>        0 consecutive failure(s).
>        Last success @ Fri Feb 28 08:10:00 2020 MST
> 
> DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ Fri Feb 28 08:10:01 2020 MST was successful
>        0 consecutive failure(s).
>        Last success @ Fri Feb 28 08:10:01 2020 MST
> 
> DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ Fri Feb 28 08:09:55 2020 MST was successful
>        0 consecutive failure(s).
>        Last success @ Fri Feb 28 08:09:55 2020 MST
> 
> DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ Fri Feb 28 08:11:10 2020 MST was successful
>        0 consecutive failure(s).
>        Last success @ Fri Feb 28 08:11:10 2020 MST
> 
> ==== OUTBOUND NEIGHBORS ====
> 
> CN=Configuration,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ NTTIME(0) was successful
>        0 consecutive failure(s).
>        Last success @ NTTIME(0)
> 
> CN=Schema,CN=Configuration,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ NTTIME(0) was successful
>        0 consecutive failure(s).
>        Last success @ NTTIME(0)
> 
> DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ NTTIME(0) was successful
>        0 consecutive failure(s).
>        Last success @ NTTIME(0)
> 
> DC=ForestDnsZones,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ NTTIME(0) was successful
>        0 consecutive failure(s).
>        Last success @ NTTIME(0)
> 
> DC=DomainDnsZones,DC=msi,DC=mydomain,DC=com
>    Default-First-Site-Name\DC0 via RPC
>        DSA object GUID: 41220c65-9a03-4980-a359-69154250ec0d
>        Last attempt @ NTTIME(0) was successful
>        0 consecutive failure(s).
>        Last success @ NTTIME(0)
> 
> ==== KCC CONNECTION OBJECTS ====
> 
> Connection --
>    Connection name: 79339f2a-0afd-4378-b77d-55e32c253ece
>    Enabled        : TRUE
>    Server DNS name : dc0.msi.mydomain.com
>    Server DN name  : CN=NTDS 
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=msi,DC=mydomain,DC=com
>        TransportType: RPC
>        options: 0x00000001
> Warning: No NC replicated for Connection!
> 
> > 
> > Rowland
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> 
> This email message and any attachments are for the sole use of the 
> intended recipient(s) and may contain proprietary and/or confidential 
> information which may be privileged or otherwise protected from 
> disclosure. Any unauthorized review, use, disclosure or 
> distribution is 
> prohibited. If you are not the intended recipient(s), please 
> contact the 
> sender by reply email and destroy the original message and 
> any copies of 
> the message as well as any attachments to the original message.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list