[Samba] Replication issue after rejoining a DC
Luis Peromarta
lperoma at icloud.com
Thu Oct 9 12:36:14 UTC 2025
Glad it is working now.
On Oct 9, 2025 at 10:17 +0100, Cedric Puchalver via samba <samba at lists.samba.org>, wrote:
> Le 09/10/2025 à 09:40, Luis Peromarta via samba a écrit :
> > Hi there,
> >
> > Just as a precaution, and in order to double check all steps, please see
> > this and make sure you did not miss any step.
> >
> > http://samba.bigbird.es/doku.php?id=samba:aditional-dc
> >
> > On Oct 9, 2025 at 08:04 +0100, Cedric Puchalver via samba
> > <samba at lists.samba.org>, wrote:
> > > Le 08/10/2025 à 16:50, Rowland Penny via samba a écrit :
> > > > On Wed, 8 Oct 2025 15:53:43 +0200
> > > > Cedric Puchalver via samba<samba at lists.samba.org> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > I have 2 Samba DCs running on two different sites. They are both
> > > > > running Samba compiled from source and I decided to use Samba from
> > > > > Debian Bookworm backports instead.
> > > > >
> > > > >
> Hi Luis,
>
> I double-checked all the steps and I didn't miss any.
>
> When testing the AD replication, the command samba-tool visualize
> uptodateness -rS --utf8 returns an error :
>
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C:
> LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e,
> v1db1> <>
> Failed to connect to 'ldap://dc3.season-of-mist.intranet' with backend
> 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr:
> DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1> <>
> Could not contact ldap://dc3.season-of-mist.intranet ((49, 'LDAP error
> 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904DC,
> comment: AcceptSecurityContext error, data 52e, v1db1> <>'))
> missing dn
> CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet
> from UTD vector list
> missing dn
> CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet
> from UTD vector list
> ERROR(<class 'KeyError'>): uncaught exception -
> 'CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 356, in _run
> return self.run(*args, **kwargs)
> ^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/samba/netcmd/visualize.py", line
> 685, in run
> s = full_matrix(distances,
> ^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/samba/graph.py", line 725, in
> full_matrix
> rows2[vmap[vert]] = dict((vmap[k], v) for k, v in r.items())
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3/dist-packages/samba/graph.py", line 725, in
> <genexpr>
> rows2[vmap[vert]] = dict((vmap[k], v) for k, v in r.items())
>
> Then I decided to ping dc3 (which IP address is 192.168.10.5)
> supprisingly it was pinging 192.168.20.5 :
>
> PING dc3.season-of-mist.intranet (192.168.20.5) 56(84) bytes of data.
> 64 bytes from dc2.season-of-mist.intranet (192.168.20.5): icmp_seq=1
> ttl=64 time=0.023 ms
> 64 bytes from dc2.season-of-mist.intranet (192.168.20.5): icmp_seq=2
> ttl=64 time=0.045 ms
> 64 bytes from dc2.season-of-mist.intranet (192.168.20.5): icmp_seq=3
> ttl=64 time=0.031 ms
>
> The command host -t A dc3.season-of-mist.intranet returns :
>
> host -t A dc3.season-of-mist.intranet
> dc3.season-of-mist.intranet has address 192.168.10.5
> dc3.season-of-mist.intranet has address 192.168.20.5
>
> Obviously wrong...
>
> The AD replication seems fine after deleting the wrong A record for DC3.
>
> samba-tool drs showrepl shows no error. Same for samba-tool dbcheck
> --cross-ncs
>
> I ran samba-tool visualize uptodateness -rS --utf8 and to be honest I
> don't know how to interpret the result :
>
>
> DOMAIN
>
> out-of-date-ness
> ╭───────
> CN=DC3,**,CN=Default-First-Site-Name+
> DC │ ╭──── CN=DC2,**,CN=Chaos-Theory+
> CN=DC3,**,CN=Default-First-Site-Name+ · 13
> CN=DC2,**,CN=Chaos-Theory+ 16 ·
>
> '**' stands for 'CN=Servers'
> '+' stands for ',CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
>
> CONFIGURATION
>
> out-of-date-ness
> ╭───────
> CN=DC3,**,CN=Default-First-Site-Name+
> DC │ ╭──── CN=DC2,**,CN=Chaos-Theory+
> CN=DC3,**,CN=Default-First-Site-Name+ · 13
> CN=DC2,**,CN=Chaos-Theory+ 16 ·
>
> '**' stands for 'CN=Servers'
> '+' stands for ',CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
>
> SCHEMA
>
> out-of-date-ness
> ╭───────
> CN=DC3,**,CN=Default-First-Site-Name+
> DC │ ╭──── CN=DC2,**,CN=Chaos-Theory+
> CN=DC3,**,CN=Default-First-Site-Name+ · 13
> CN=DC2,**,CN=Chaos-Theory+ 16 ·
>
> '**' stands for 'CN=Servers'
> '+' stands for ',CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
>
> DNSDOMAIN
>
> out-of-date-ness
> ╭───────
> CN=DC3,**,CN=Default-First-Site-Name+
> DC │ ╭──── CN=DC2,**,CN=Chaos-Theory+
> CN=DC3,**,CN=Default-First-Site-Name+ · 13
> CN=DC2,**,CN=Chaos-Theory+ 0 ·
>
> '**' stands for 'CN=Servers'
> '+' stands for ',CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
>
> DNSFOREST
>
> out-of-date-ness
> ╭───────
> CN=DC3,**,CN=Default-First-Site-Name+
> DC │ ╭──── CN=DC2,**,CN=Chaos-Theory+
> CN=DC3,**,CN=Default-First-Site-Name+ · 13
> CN=DC2,**,CN=Chaos-Theory+ 16 ·
>
> '**' stands for 'CN=Servers'
> '+' stands for ',CN=Sites,CN=Configuration,DC=season-of-mist,DC=intranet'
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list