[Samba] Replication only working one way

Peter Pollock peter.pollock at kingschristian.org
Tue Jul 14 02:35:21 UTC 2020 

Hi,

I have been trying for days to solve this to no avail. I have taken over
the IT responsibilities at a small school and am trying to get my head
around their network and why they are having problems.
They have 3 servers, Matthew, Genesis and Luke.

Matthew is a Windows 2008 R2 server and holds all the FSMO roles but
appears to be screwed up. It won't replicate with anything and randomly
restarts itself. It wasn't doing much anyway so I want to decommission it.

Genesis and Luke are both running Ubuntu 18.04.4 LTS and Samba 4.7.6

When I replicate from genesis to luke, everything works fine (or says it
does)

When I replicate from luke to genesis though, I get a failure message:

sudo samba-tool drs replicate genesis luke dc=kcs,dc=local
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:genesis[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

However, new users I create on either genesis or luke replicate to the
other with no problems.

I have no idea what is wrong or how to go about fixing it. Can anyone help?

More information about the samba mailing list