[Samba] User names not replicating to secondary DC

durwin at mgtsciences.com durwin at mgtsciences.com
Mon Mar 2 20:51:35 UTC 2020 

> On 02/03/2020 18:59, Durwin via samba wrote:
> >> Can you run this script on both DC's.
> 
> OK, dc0 seems to have the ipaddress: 172.23.93.25
> 
>         dc1 seems to have the ipaddress: 172.23.93.26

Yes

> 
> So why does dc1 use 172.23.93.3 as its nameserver ? and what is 
> 172.23.93.3 ?

This is a DNS server *not* a member of domain.  I removed this from
both dc0, and dc1.

> 
> The /etc/krb5.conf files should be the same on both machines, I prefer 
> this format:
> 
> [libdefaults]
>          default_realm = MSI.MYDOMAIN.COM
>          dns_lookup_realm = false
>          dns_lookup_kdc = true

They both are the same now as in your example above.

> 
> You are missing:
> 
> include "/var/lib/samba/bind-dns/named.conf";
> 
>  From '/etc/bind/named.conf.local' on dc1
> 
> Which leads us to this in '/etc/bind/named.conf.options' (on both DCs):
> 
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> 
> If you do have '/var/lib/samba/bind-dns' , then you are using the wrong 
> dns.keytab, you should be using:
> 
> /var/lib/samba/bind-dns/dns.keytab

This is corrected. I would have to look back into my notes to discover
why wrong keytab was used.

Now, for something interesting.  If I create a user on dc1, it shows up
right away on dc0.  If I create user on dc0, it does *not* show up at
all on dc1.

I am using Microsoft 'Active Directory Users and Computers' from
Windows 10 to add users.

Thank you,
Durwin

> 
> Rowland
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.

More information about the samba mailing list