[Samba] Replication between Samba DCs (on different sites)?

Michael Tokarev mjt at tls.msk.ru
Mon Nov 14 16:48:38 UTC 2022


Hi!

Should replication between two Samba DCs Just Work after joining
a second DC to the domain?  We always were running a single DC
(historically it was just a single server anyway), now I've added
another DC, located in a remove office, but there's no replication
of any kind.

Should it be configured somehow?

The initial data seems to be copied fine at the time of domain join,
but no further modifications are propagated.  In particular,
samba-tool drs showrepl shows empty lists:

One:
  Moscow-Office\AI
  DSA Options: 0x00000001
  DSA object GUID: 91a56cbe-38b3-493c-b132-d1042d0aa021
  DSA invocationId: 1cf73086-45c7-434e-a078-775c7f52bb0a

  ==== INBOUND NEIGHBORS ====

  ==== OUTBOUND NEIGHBORS ====

  ==== KCC CONNECTION OBJECTS ====

Two:
  Pereslavl-Office\SVDCP
  DSA Options: 0x00000001
  DSA object GUID: de3e7a5b-fff6-4413-8116-defd06ea1d3e
  DSA invocationId: b4b6c873-aa25-4c32-803c-732fefde131f

  ==== INBOUND NEIGHBORS ====

  ==== OUTBOUND NEIGHBORS ====

  ==== KCC CONNECTION OBJECTS ====


In the samba wiki there's a note, right below
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_Directory_Replication
, it is saying that Samba 4.5 and later no longer creates a fully-meshed
replication topology between all DCs, and refers to a non-existing
page "The Samba KCC".  I wonder maybe this is something which I need?

The smb.conf is the default as created by samba-tool domain join AD
command.


I'm trying to create another VM, with a 3rd DC, to see if having a
DC in the same site will help...

Thanks!

/mjt



More information about the samba mailing list