[Samba] replication stopped working after upgrade from 4.11 to 4.12.3
Christian
chanlists at googlemail.com
Fri Jun 5 22:54:28 UTC 2020
Dear all,
debian buster, two DCs (DC1 & DC2) samba packages updated from
4.11.9+dfsg-0.1buster1 to
4.12.3+dfsg-0.1buster1
this past Sunday night (Louis' packages). Since then, samba-tool drs
showrepl shows a replication failure. DNS updates with samba-tool fail,
example:
root at dc1:~# samba-tool dns add dc1 samdom.example.com testrec CNAME
afs3.samdom.example.com -k yes
Failed to bind to uuid 50abc2a4-574d-40b3-9d66-ee4fd5fba076 for
ncacn_ip_tcp:127.0.0.1[49153,sign,target_hostname=dc1,abstract_syntax=50abc2a4-574d-40b3-9d66-ee4fd5fba076/0x00000005,localaddress=127.0.0.1]
NT_STATUS_LOGON_FAILURE
ERROR: Connecting to DNS RPC server dc1 failed with (3221225581, 'The
attempted logon is invalid. This is either due to a bad username or
authentication information.')
However, I can still edit user accounts with LAM. Any help is appreciated...
Thanks,
Christian
Here is the output of samba-tool dns showrepl on DC1:
Default-First-Site-Name\DC1
DSA Options: 0x00000001
DSA object GUID: 9200d559-e808-4787-9f81-21442249ea1b
DSA invocationId: b0b6ca56-4c78-4574-8123-9088397f143e
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:37:26 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
1508 consecutive failure(s).
Last success @ Sun May 31 19:02:53 2020 CEST
DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:37:26 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
1563 consecutive failure(s).
Last success @ Sun May 31 19:02:53 2020 CEST
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:37:26 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
1581 consecutive failure(s).
Last success @ Sun May 31 19:02:53 2020 CEST
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:37:27 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
1508 consecutive failure(s).
Last success @ Sun May 31 19:02:53 2020 CEST
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:37:26 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
1508 consecutive failure(s).
Last success @ Sun May 31 19:02:53 2020 CEST
==== OUTBOUND NEIGHBORS ====
CN=Configuration,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:38:22 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
11203 consecutive failure(s).
Last success @ NTTIME(0)
DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:38:22 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
11203 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:38:22 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
11204 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:38:22 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
11203 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=samdom,DC=example,DC=com
Default-First-Site-Name\DC2 via RPC
DSA object GUID: c6976c59-7c7a-4f79-a3fe-29f5c80399f7
Last attempt @ Sat Jun 6 00:38:22 2020 CEST failed,
result 1326 (WERR_LOGON_FAILURE)
11204 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 5ebc1174-6482-429e-a86f-05bfbbca5b43
Enabled : TRUE
Server DNS name : dc2.samdom.example.com
Server DN name : CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
/etc/samba/smb.conf on DC1
==========================
[global]
bind interfaces only = Yes
interfaces = 127.0.0.1 AAA.BBB.103.1
netbios name = DC1
realm = SAMDOM.EXAMPLE.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
winbind expand groups = 2
wins support = yes
template shell = /bin/bash
template homedir = /afs/samdom.example.com/user/%U
winbind enum users = yes
winbind enum groups = yes
allow dns updates = disabled
kdc:service ticket lifetime = 24
kdc:user ticket lifetime = 24
kdc:renewal lifetime = 168
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
More information about the samba
mailing list