[Samba] Problem with a domain controller that is located in a separate site

james.atwell365 at gmail.com james.atwell365 at gmail.com
Fri Oct 11 15:37:15 UTC 2024


Adam,

 

When you have one DC in a site, the sole DC automatically considers itself a bridgehead server to other DC’s once the site links have been setup.  Should be no need to manually configure this. 

 

I see you have NTDS connections for WIN2019-2 and Samba on each DC. In theory you shouldn’t be having an issue with no outbound neighbors. What I would do is delete the automatically generated NTDS connections for WIN2019-2 and Samba on each DC. Let the KCC regenerate and see if outbound neighbor replication begins. 

 

The KCC may take time to create these connections once you delete. You can force the KCC check, but I wouldn’t do so at this stage. Let it gracefully create. 

 

Do Samba logs show any errors with replication? 

 

-James

 

 

From: Adam Abramson <abramsona30 at gmail.com> 
Sent: Friday, October 11, 2024 10:41 AM
To: james.atwell365 at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site

 

OK, I'm sending a screenshot specifically from win2019-2 .  Looking at all the connections, they are of course displayed

https://ibb.co/Qbz3PZz

 

On Fri, Oct 11, 2024 at 5:36 PM James Atwell via samba <samba at lists.samba.org> wrote:

Thanks for the images, however I need to see your NTDS settings for server WIN2019-2. If you open this, you should see automatically generated connections to servers in Default-First-Site-Name and Test-Samba sites. This assumes you have servers in Default-First-Site-Name. Otherwise you should just see the Samba server. 



-James



From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > 
Sent: Friday, October 11, 2024 9:50 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> 
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> 
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site



in my case, there is exactly one controller in the site and therefore the attribute is not filled in. in your case, it seems to me that your repsFrom repsTo attributes are filled because there are 2 controllers in the site
, but on the windows side, even when 1 controller is filled, both attributes are filled



On Fri, Oct 11, 2024 at 4:44 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > wrote:

Adam,



While you’re confirming your sites and services setup. See the link for how I have my sites setup. I have sanitized some if it and it’s from a Samba only environment but should still be setup similarly for Samba or mixed environments. 



https://ibb.co/hZPJkxw



I have 2 DC’s per site. The Site “D” and Server “D5” has outbound neighbors of “D4” and S6” of site “S”.   Site “S” if I was to show you its NTDS settings for server “S6”,has automatically generated connections to server “D5” in site “D”. If for whatever reason the KCC did not auto create, I would manually need to create the connections to site “D” for server “D5” if I wanted it to be an outbound neighbor.  



-James





From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com>  <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > > 
Sent: Friday, October 11, 2024 8:48 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com>  <mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> > 
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > 
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site



Hi, James, yes, I set up sites through the sites and services tool. It's not that it's fully connected replication, but that the RepsTo attribute, under equal conditions with windows, is not filled on the samba side, which in turn entails that the outbound neighbors are not displayed on the samba side. But let me clarify that I even made each server (there is only one in each site) a bridgehead, that is, connections should be built and the attributes of repsTo repsFrom should be fully filled even if the domain controller is alone on its site. Maybe I'm wrong and can you tell me where my mistake is? In the correspondence above, there are screenshots with the difference of attributes between windows and samba



On Fri, Oct 11, 2024 at 3:37 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > > wrote:



> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org>  <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> >  <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org>  <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> > > > On Behalf Of Adam
> Abramson via samba
> Sent: Friday, October 11, 2024 6:26 AM
> To: samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > 
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
> 
> Thanks a lot Rowland I hope we will fix this issue soon
> 
> On Fri, Oct 11, 2024 at 1:14 PM Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > > wrote:
> 
> > On Fri, 11 Oct 2024 13:06:40 +0300
> > Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com>  <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> >  <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com>  <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > > > wrote:
> >
> > > yes, above I have attached screenshots of testing from the windows
> > > side, which show the difference between the behavior of samba and
> > > windows servers, on windows this attribute is filled in although
> > > these servers are also located on separate sites, I think that this
> > > difference in operation is problematic to some extent possible, tell
> > > me where I can leave a bug report
> > >
> >
> > https://bugzilla.samba.org/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hi Adam,

Apologies as I might have overlooked you stating this but did you setup your sites using Active Directory Sites & Services Tool? This tool is necessary for correct site replication. 

Prior to Samba 4.5, I believe full mesh replication was the standard. In 4.5 https://www.samba.org/samba/history/samba-4.5.0.html  samba introduced KCC improvements for sparse network replication. At that time, you could use the command "kccsrv:samba_kcc = yes" in your smb.conf to turn this on and off. Setting this to off will result in full mesh replication. I advise against turning this off especially in larger networks. Instead, I would look to properly configure sites and services. 




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list