[Samba] Testing replication between 4 DCs

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Wed Nov 23 22:05:08 UTC 2022 

On 24/11/22 03:04, Luis Peromarta via samba wrote:
> Hi there,
> 
> I am in the process of replacing two old machines running as DCs with Debian 11 and samba 4.16.6 from back ports. DC1 and DC2
> 
> I have installed 2 VMs, Debian 11, 4.17.3 from back ports. DC3 and DC4. Domain join when OK, idmap copied, sysvol sync’d demo DC1, and replication working away.
> 
> However:
> 
> DC1 replicates correctly with DC2, DC3 and DC4.
> DC2 replicates correctly with DC1, DC3 and DC4.
> 
> DC3 replicates *only* with DC1 and DC2
> DC4 replicates *only* with DC1 and DC2

If these are all in the same site, the expected behaviour is that replication 
forms a bidirectional ring with the occasional cross-ring connection. The order 
of the ring is GUID order, which is to say random but stable. So you might 
expect something like this:

           A <-----------> B
           ^  \            ^
           |   \           |
           |    \          |
           |     \         |
           v      \----->  v
           D <-----------> C

with an arbitrary mapping between A, B, C, D and DC1, DC2, DC3, DC4. The 
diagonal arrow from A to C might not exist. The exact rules for creating those 
are complex, and they kind of gather up over time as you add and remove DCs.

Now, you say "replicates with", but the system doesn't really think like that. 
There's only "replicates to" and "replicates from"; what looks like a 
bidirectional link is really two separate unidirectional links. The cross-ring 
links like A->C above are unidirectional, not mirrored (though they can be 
accidentally mirrored if the opposite link exists by coincidence).

In any case, if you assume A and C are DC1 and DC2, and B and D are DC3 and DC4, 
this looks quite a lot like what you describe.

If the DCs are not all in the same site, you could expect a sparser graph. 
Inter-site replication is supposed to look like a tree.

The only thing you should *really* care about is whether changes are getting 
replicated about in a timely fashion, and to quickly check that, see if

  samba-tool visualize uptodateness -rS --utf8

shows you a lot of green zeros, or some very big numbers in other colours.

cheers,
Douglas

More information about the samba mailing list