[Samba] Replication between Samba DCs (on different sites)?

[Lorenzo Milesi]

> If you can do a bit of investigation, this will help to make Samba
> better in the long term, I was just focussing on fixing your immediate
> problem.

I appreciate! Thank you.

> Problem is, your replication is failing because it cannot find a file
> (but what file ?) and your searches above only searched
> 'DC=DomainDnsZones,DC=wdc,DC=domain,DC=it'.
> Can you try with the base 'DC=ForestDnsZones,DC=wdc,DC=domain,DC=it'

Here you are

root at dc1:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b DC=ForestDnsZones,DC=wdc,DC=domain,DC=it '(cn=Infrastructure)'
# record 1
dn: CN=Infrastructure,DC=ForestDnsZones,DC=wdc,DC=domain,DC=it
objectClass: top
objectClass: infrastructureUpdate
cn: Infrastructure
instanceType: 4
whenCreated: 20200723054831.0Z
uSNCreated: 5876
showInAdvancedViewOnly: TRUE
name: Infrastructure
objectGUID: ea16b4db-beeb-45ed-829f-fd2a8f1fab02
systemFlags: -1946157056
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=wdc,DC=
 domain,DC=it
isCriticalSystemObject: TRUE
whenChanged: 20230208100444.0Z
uSNChanged: 6661
fSMORoleOwner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,C
 N=Sites,CN=Configuration,DC=wdc,DC=domain,DC=it
distinguishedName: CN=Infrastructure,DC=ForestDnsZones,DC=wdc,DC=domain,D
 C=it

# returned 1 records
# 1 entries
# 0 referrals


root at dc2:~# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b DC=ForestDnsZones,DC=wdc,DC=domain,DC=it '(cn=Infrastructure)'
# record 1
dn: CN=Infrastructure,DC=ForestDnsZones,DC=wdc,DC=domain,DC=it
objectClass: top
objectClass: infrastructureUpdate
cn: Infrastructure
instanceType: 4
whenCreated: 20200723054831.0Z
uSNCreated: 5831
showInAdvancedViewOnly: TRUE
name: Infrastructure
objectGUID: ea16b4db-beeb-45ed-829f-fd2a8f1fab02
systemFlags: -1946157056
objectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=wdc,DC=
 domain,DC=it
isCriticalSystemObject: TRUE
fSMORoleOwner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,C
 N=Sites,CN=Configuration,DC=wdc,DC=domain,DC=it
whenChanged: 20230208100444.0Z
uSNChanged: 6535
distinguishedName: CN=Infrastructure,DC=ForestDnsZones,DC=wdc,DC=domain,D
 C=it

# returned 1 records
# 1 entries
# 0 referrals


>> So I should now have a sane domain, correct me if I'm wrong.
> 
> No, not in my opinion, not when 'samba-tool drs replicate' doesn't seem
> to be working.

Can we call it "usable in read only"? 
-- 
Lorenzo Milesi - lorenzo.milesi at yetopen.com 
CTO @ YetOpen Srl

Corso Martiri della Liberazione 114 - 23900 Lecco - ITALY - | 4801 Glenwood Avenue - Suite 200 - Raleigh, NC 27612 - USA -
Tel +39 0341 220 205 - info.it at yetopen.com  | Phone +1 919-817-8106 - info.us at yetopen.com

Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary

-------- D.Lgs. 196/2003 e GDPR 679/2016 --------
Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario.
Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini
del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata.
Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile.
Grazie.

Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information;
pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible.
Thank you.