[Samba] Error adding second DC over slow conection: The specified I/O operation on %hs was not completed before the time-out period expired.')
Rowland Penny
rpenny at samba.org
Mon Jul 18 10:22:54 UTC 2022
On Mon, 2022-07-18 at 10:55 +0200, Lorenzo Milesi via samba wrote:
> I'm trying to add a second remote DC over a VPN (and possibly a not-
> so-fast connection), but it fails with the following message:
> ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout}
> The specified I/O operation on %hs was not completed before the time-
> out period expired.')
>
> I've seen the NT_STATUS_NO_LOGON_SERVERS but I cannot figure out
> why... kinit works on the second server.
>
>
> Debug info on the FIRST SERVER:
> Config collected --- 2022-07-18-10:02 -----------
>
> Hostname: dc-lan
> DNS Domain: wdc.domain.it
> Realm: WDC.DOMAIN.IT
> FQDN: dc-lan.wdc.domain.it
> ipaddress: 192.168.1.206
>
> -----------
>
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> 192.168.1.206 dc-lan.wdc.domain.it dc-lan
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> nameserver 127.0.0.1
> nameserver 192.168.1.1
Your nameservers are incorrect, you do not use '127.0.0.1', you should
be using '192.168.1.206' and the second nameserver is really useless,
if something goes wrong with Samba, you certainly do not want it asking
something else.
> search wdc.domain.it
>
> -----------
>
> Kerberos SRV _kerberos._tcp.wdc.domain.it record(s) verified ok,
> sample output:
> Server: 127.0.0.1
> Address: 127.0.0.1#53
That is an artefact of using '127.0.0.1' as the first nameserver.
>
> _kerberos._tcp.wdc.domain.it service = 0 100 88 dc-
> lan.wdc.domain.it.
>
> -----------
>
>
>
> -----------
>
>
> Debug info on the SECOND server:
> Config collected --- 2022-07-18-10:00 -----------
>
> Hostname: dc-contabo
> DNS Domain: wdc.domain.it
> Realm: WDC.DOMAIN.IT
> FQDN: dc-contabo.wdc.domain.it
> ipaddress: 75.119.1.2 192.168.8.1 10.8.0.1 10.9.0.2
>
> -----------
>
>
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 192.168.8.1 dc-contabo.wdc.domain.it dc-contabo
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> search wdc.domain.it
> nameserver 192.168.1.206
> nameserver 192.168.8.1
> nameserver 1.0.0.1
>
> -----------
>
> Kerberos SRV _kerberos._tcp.wdc.domain.it record(s) verified ok,
> sample output:
> Server: 192.168.1.206
> Address: 192.168.1.206#53
>
> _kerberos._tcp.wdc.domain.it service = 0 100 88 dc-
> lan.wdc.domain.it.
>
> -----------
>
>
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = WDC.DOMAIN.IT
> dns_lookup_kdc = false
> dns_lookup_realm = false
> [realms]
> WDC.DOMAIN.IT = {
> kdc = 192.168.8.1
> kdc = 192.168.1.206
> }
>
You got it right on the first DC, just copy the krb5.conf from the
first DC to the second DC.
Rowland
More information about the samba
mailing list