[Samba] Problem with a domain controller that is located in a separate site
james.atwell365 at gmail.com
james.atwell365 at gmail.com
Tue Oct 15 12:01:27 UTC 2024
Adam,
Using Windows tools for Samba administration can be a mixed bag at times. My experience has been most features work just fine, but other times odd error messages seem to pop up for no reason. Could be what you’re experiencing when trying to synchronize naming context.
One of your images shows the win2019-1 server as an outbound neighbor when previously there were none. I see you now have the configuration partition. Is the repsTo attribute now filled in?
-James
From: Adam Abramson <abramsona30 at gmail.com>
Sent: Tuesday, October 15, 2024 3:49 AM
To: james.atwell365 at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site
here's what else I noticed, I'm performing replication forcibly through windows and I get this context in outbound, but after a while it will disappear again, also if you do reps to server from windows, there will also be a problem in the dialog box, I attached an error screen, it's a little alarming and it seems all the same Are there any problems https://ibb.co/VYWbvgJ
https://ibb.co/m4ZqmzV
https://ibb.co/S6nZ6Qk
https://ibb.co/9hvGcDj
On Tue, Oct 15, 2024 at 10:38 AM Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > wrote:
I forcibly added --add-ref, but it did not give results, outbound still does not appear, then I decided to do another trick, I went into the connection that exists between samba and win2019-2 and changed the replication option, set it on notification, this is the OVERRIDE_NOTIFY_DEFAULT flag, but this also did not give any results
On Mon, Oct 14, 2024 at 5:48 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> > wrote:
Adam,
The only other option I can think of is to force replication and creation of the attribute with samba-tool drs replicate. You can view this old thread https://lists.samba.org/archive/samba/2016-September/203164.html back when I had similar conversations on a Samba only environment. I will point out I was not aware that Windows servers and repadmin don’t display outbound neighbors like Samba does with samba-tool drs showrepl. https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses#Outbound_Replication
From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> >
Sent: Monday, October 14, 2024 8:55 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com>
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org>
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site
yes, that's right, the display of outbound neighbors did not happen
On Mon, Oct 14, 2024 at 3:48 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > wrote:
Does Samba still not show the win server as an outbound neighbor?
From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > >
Sent: Monday, October 14, 2024 8:44 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> <mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> >
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site
I created the three entities that you told me to create and all of them were successfully replicated from samba dc to win2019-2. There were no problems
On Mon, Oct 14, 2024 at 2:48 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > > wrote:
Adam,
I suggest adding a user, dns hostname(A record), and computer on the Samba server and see if it gets replicated on the win2019-2 sever.
You can force replication by following the wiki here. https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions if the above doesn’t work.
-James
From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com> > > >
Sent: Monday, October 14, 2024 5:22 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> <mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> > <mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> <mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> > >
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > >
Subject: Re: [Samba] Problem with a domain controller that is located in a separate site
Hi, James, I did everything as you said, deleted all samba and win2019-2 connections on all domain controllers, after that I waited until they were all restored, but the outbound neighbors did not appear, maybe it makes sense to force them to display in some way? or any other ideas about this?
On Fri, Oct 11, 2024 at 7:45 PM James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > > > wrote:
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> > <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> > > <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> > <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> <mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at lists.samba.org> > > > > On Behalf Of Rowland
> Penny via samba
> Sent: Friday, October 11, 2024 11:56 AM
> To: samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > >
> Cc: Rowland Penny <rpenny at samba.org <mailto:rpenny at samba.org> <mailto:rpenny at samba.org <mailto:rpenny at samba.org> > <mailto:rpenny at samba.org <mailto:rpenny at samba.org> <mailto:rpenny at samba.org <mailto:rpenny at samba.org> > > <mailto:rpenny at samba.org <mailto:rpenny at samba.org> <mailto:rpenny at samba.org <mailto:rpenny at samba.org> > <mailto:rpenny at samba.org <mailto:rpenny at samba.org> <mailto:rpenny at samba.org <mailto:rpenny at samba.org> > > > >
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
>
> On Fri, 11 Oct 2024 11:37:15 -0400
> James Atwell via samba <samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> <mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> > > > > wrote:
>
> > Do Samba logs show any errors with replication?
>
> Probably not, because in his initial post, he said replication was
working, but
> 'repsTo' wasn't populated.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Hi Rowland,
I seen that, but that appears to come from a screenshot using ADSI Edit when
I reviewed the thread. I could be wrong, wouldn't be the first time.
The attribute repsTo is optional but it most cases should exists once a
replication partner has been established and actual replication takes place.
Reviewing the thread, I show initially Adam didn't have NTDS auto generated
connections to his Samba and Microsoft servers. He lowered the replication
time in the site link to 15 minutes(I wouldn't leave at that value) which
triggered the KCC and successfully created the NTDS connections on both.
The establishment of NTDS connections don't automatically trigger the repsTo
field to be populated. The KCC determines how replication occurs, but it
doesn't necessarily mean that outbound replication is actively occurring.
Even though Adam said replication was working.
It appears that the connection is primarily being used for inbound
replication or that the DC has not recently replicated changes to the
neighbor DC. I asked Adam to delete the NTDS connections and see if they get
reestablished on both DC's. If they do, I suggest next he add a user, dns
hostname, and computer on the Samba server and see if it gets replicated on
the Windows sever. Having verbose logging on during this time would be
helpful. These changes should trigger the repsTo attribute to become
populated.
I've seen in my own experience happen but only with a Samba environment.
When it did occur, I did the above except I used the samba-tool drs
replicate command to force the population of inbound and outbound neighbors.
-James
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list