[Samba] Replication only working one way

Rowland penny rpenny at samba.org
Tue Jul 14 06:31:25 UTC 2020


On 14/07/2020 03:35, Peter Pollock via samba wrote:
> Hi,
>
> I have been trying for days to solve this to no avail. I have taken over
> the IT responsibilities at a small school and am trying to get my head
> around their network and why they are having problems.
> They have 3 servers, Matthew, Genesis and Luke.
>
> Matthew is a Windows 2008 R2 server and holds all the FSMO roles but
> appears to be screwed up. It won't replicate with anything and randomly
> restarts itself. It wasn't doing much anyway so I want to decommission it.
>
> Genesis and Luke are both running Ubuntu 18.04.4 LTS and Samba 4.7.6
>
> When I replicate from genesis to luke, everything works fine (or says it
> does)
>
> When I replicate from luke to genesis though, I get a failure message:
>
> sudo samba-tool drs replicate genesis luke dc=kcs,dc=local
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:genesis[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 386, in
> run
>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
>    File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85, in
> sendDsReplicaSync
>      raise drsException("DsReplicaSync failed %s" % estr)
>
> However, new users I create on either genesis or luke replicate to the
> other with no problems.
>
> I have no idea what is wrong or how to go about fixing it. Can anyone help?

Try running the command again, but this time add '-UAdministrator' on 
the end.

Rowland





More information about the samba mailing list