[Samba] No RID Set found for this server. Can't self-allocate

Felipe Martínez Hermo felipe at galicia.ugt.org
Thu May 23 08:29:54 UTC 2024 


The Samba ports are not filtered. The firewall is between STG-DC and 
SAMBADC (both of them sync correctly). The sync problems happen in 
VIG-DC3, which is behind the same firewall of STG-DC.

Here's nmap output (SAMBADC is 172.16.50.9):

root at vig-dc3:~# nmap -Pn 172.16.50.9
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-23 08:22 UTC
Nmap scan report for SAMBADC.ugt.ldap (172.16.50.9)
Host is up (0.035s latency).
Not shown: 986 closed tcp ports (reset)
PORT      STATE SERVICE
22/tcp    open  ssh
53/tcp    open  domain
88/tcp    open  kerberos-sec
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
389/tcp   open  ldap
445/tcp   open  microsoft-ds
464/tcp   open  kpasswd5
636/tcp   open  ldapssl
3268/tcp  open  globalcatLDAP
3269/tcp  open  globalcatLDAPssl
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds


Regards,

Felipe

El 23/05/2024 a las 9:50, Rowland Penny via samba escribió:
> On Wed, 22 May 2024 18:11:17 +0200
> Felipe Martínez Hermo via samba<samba at lists.samba.org>  wrote:
>
>> Hi, there
>>
>> I have been checking connections between my servers, trying to find
>> the reason why my trouble server (VIG-DC3) does not reach the RID
>> Madster.
>>
>> I have to describe my topology a little better.
>>
>> These are my servers:
>>
>> (Root) SAMBADC -> FSMO Roles Owner, including RID Master
>>
>> (First level node) STG-DC -> Syncs correctly with SAMBADC (samba-tool
>> drs replicate reports successful)
>>
>> (Second level nodes)
>> OUR-DC (DOES have a RID set). Replicates with both SAMBADC and STG-DC
>> ===================================
>> samba-tool drs replicate our-dc sambadc dc=ugt,dc=ldap
>> Replicate from sambadc to our-dc was successful.
>> samba-tool drs replicate our-dc sambadc
>> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> cn=configuration,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> cn=Schema,cn=configuration,dc=ugt,dc=ldap
>> Replicate from sambadc to our-dc was successful.
>> ===================================
>>
>> VIG-DC3 (does NOT have a RID set). Replicates with STG-DC, fails to
>> replicate with SAMBA-DC
>> ===================================
>> samba-tool drs replicate vig-dc3 stg-dc dc=ugt,dc=ldap
>> Replicate from stg-dc to vig-dc3 was successful.
>> samba-tool drs replicate vig-dc3 stg-dc
>> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> cn=configuration,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> cn=Schema,cn=configuration,dc=ugt,dc=ldap
>> Replicate from stg-dc to vig-dc3 was successful.
>>
>> root at vig-dc3:~# adsync.sh sambadc vig-dc3
>>
>> samba-tool drs replicate vig-dc3 sambadc dc=ugt,dc=ldap
>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
>> drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
> Have you checked the firewall isn't blocking any required ports ?
>
> Rowland
>

-- 
Firma

Felipe Martínez Hermo

Servizos Informáticos

felipe at galicia.ugt.org

981 577 171

*Unión Xeral de Traballadoras e Traballadores*

Miguel Ferro Caaveiro, 12 - 15707, Santiago de Compostela

<https://twitter.com/UGT_Galicia> 
<https://www.youtube.com/channel/UCvmQas6GB5fWAuxc1UM8XVg> 
<https://www.facebook.com/ugtgalicia> 
<https://www.instagram.com/ugt_galicia> www.ugtgalicia.org 
<https://www.ugtgalicia.org/>


--
Este mensaje y los ficheros anexos que pueda contener son confidenciales. Los mismos pueden contener información reservada que no puede ser difundida. Si usted ha recibido este correo por error, tenga la amabilidad de eliminarlo de su sistema. No deberá copiar el mensaje ni divulgar su contenido.Su dirección de correo electrónico, junto a sus datos personales recibidos, serán gestionados por UGT Galicia con la finalidad de la gestión de la comunicación recibida y el contacto con usted, y se adoptarán sobre los mismos las medidas de seguridad oportunas en garantía del RGPD y la LOPDGDD. Para cualquier información adicional o cuestión relacionada con Protección de Datos, diríjase a dpo at galicia.ugt.org o a nuestras Políticas de Privacidad ubicadas en www.ugt.es/clausulas-rgpd

More information about the samba mailing list