[Samba] Testing replication between 4 DCs

Michael Tokarev mjt at tls.msk.ru
Wed Nov 23 19:10:26 UTC 2022

23.11.2022 20:02, Rowland Penny via samba wrote:
> On 23/11/2022 16:04, Michael Tokarev via samba wrote:
>> Are you sure DC3 and DC4 *have* to replicate between each other?
> Yes, all DC's have to replicate to all other DC's
>> I'm new to this stuff, but I had to add extra links 
> You shouldn't have to, Samba should add them for you.

Does it add all to all links, ie, one link with two DCs,
3 links with 3 DCs, 6 links with 4 DCs and so on (hopefully
I counted it correctly), so every DC is connected to every
other DC (provided everything is on the same site)?

>> (how is that,
>> NTDS? I forgot) between two out of 3 DCs here in order to enable
>> replication between them. In "Sites and Subnets" snap, under each
>> DC, there's one more level with the links. Some links are created
>> automatically, some have to be created explicitly.  I don't know
>> if that's how it is supposed to work, but this is what I've seen
>> when doing experiments here.
> You seem to be having problems, oh yes, aren't you the person using unbound ?

Yeah, I did have problems. For example, Windows explorer crashes
when opening "Security" tab of a file located on a DC.  Is it due
to unbound, are you sure?

The rest was no problem, just minor annoyances.  For example, user IDs
were different on different servers because I didn't copy idmap.tdb,
and bug in samba-tool ntacl sysvolcheck vs sysvolreset.  Is this due
to unbound too?

SPN must be unique, - I didn't know this.  Is it due to unbound?

>> - I'd
>> avoid this one because of a very simple reason: if replication to
>> this DC doesn't work for some reason, DNS replication doesn't work
>> too, so it wont see new names in the net (which might be required
>> for the replication to work).  This is one of the reasons I don't
>> use samba-provided DNS, 
> No, that is one of the reasons you are having problems with replication.

Which problems? I don't know problems I have with replication.
So far, replication works here fine, multiple sities, multiple
DCs in each. Changes are propagated to all the network quite

>> - to keep it simple and avoid such sort
>> of issues.  DNS is already well set up with replication and
>> reservation to ensure it is always working.  YMMV.
> It does, my domain works.

What it and what it does? The fact that your domain work - this
is excellent. My domain works too, quite well. This too is


