Hi Folks If I have 2 x Samba4 AD DCs, a primary and secondary, am I correct in assuming that if I add a Windows Client to the DOMAIN it should eventually replicate to the secondary DC? Paully
Hi Folks If I have 2 x Samba4 AD DCs, a primary and secondary, am I correct in assuming that if I add a Windows Client to the DOMAIN it should eventually replicate to the secondary DC? Paully
On 30/05/13 19:18, Marc Muehlfeld wrote:> From that history I can't say, if you followed the HowTo, because it doesn't give any results of the commands. Also the DNS addings should be done on the existing DC, said in the HowTo. This looks like you had done it on the new one.Yes, sorry I forgot to include my command history from DC1 and say that I had already added the IP address of DC2 successfully by following the instructions :-) samba.xyz.com ~ $ host -t A samba2.xyz.com. samba2.xyz.com has address 192.168.0.209 Yes, it seems I followed the web page by running the commands on DC2 and not DC1. However, it DOES mention the "IP-of-your-DNS" which ofcourse _is_ DC1 :-) $ /usr/local/samba/bin/samba-tool dns add 192.168.0.208 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator This I did successfully, and the ldbsearch ran successfully too... $ /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=SAMBA2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com objectGUID: f0605966-1d4f-4fef-8a75-2a24863dbaa9 # record 2 dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com objectGUID: 5813325c-fa80-4e0e-b76e-4666f6afe1e2 Now, let's try that on DC1. Ah, I have just discovered something. Bizarrely, I do not have the binary 'ldbsearch' in my /usr/local/samba/bin/ folder on DC1. I have it on DC2, but not on DC1... and yet I followed the wiki exactly. OK, I need to fix that. How do I get the 'ldbsearch' binary on the DC1? Run 'make' again? Also... What the web page doesn't say is what the /etc/resolv.conf should be for the new DC2... DC1: /etc/resolv.conf domain xyz.com nameserver 192.168.0.208 DC2: /etc/resolv.conf domain xyz.com nameserver 192.168.0.209> I quickly added a new DC to my test environment (all 4.0.6), by exactly following the HowTo. And replication works, like expected (I also changed an attribute of an user account and it was automatically on the new DC).Wow, excellent, so it should work for me then. Good to know.> Warning: No NC replicated for Connection!I see you get this too. Should I worry about it?> Can you re-read the HowTo and make sure, that everything was done like described? And that both hosts can resolve the A record of each other and that the CNAME from {objectGUID}._msdcs.samdom.example.com. also?Ah, that may be what's wrong. root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209 Using domain server: Name: 192.168.0.209 Address: 192.168.0.209#53 Aliases: Host f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com not found: 3(NXDOMAIN) OK, I have now added the CNAME to DC2 as well as DC1. root at samba2:~# /usr/local/samba/bin/samba-tool dns add 192.168.0.209 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator It resolves OK now on DC2. root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209 f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com is an alias for samba2.xyz.com. :-) I have restarted Samba on both DC1 and DC2. I think my next job is to check what the /etc/resolv.conf should be on DC2. Then, try and get 'ldbsearch' binary on DC1. Does that sound like a plan? Thanks for your help on this everyone. Paully
On 30/05/13 19:18, Marc Muehlfeld wrote:> From that history I can't say, if you followed the HowTo, because it doesn't give any results of the commands. Also the DNS addings should be done on the existing DC, said in the HowTo. This looks like you had done it on the new one.Yes, sorry I forgot to include my command history from DC1 and say that I had already added the IP address of DC2 successfully by following the instructions :-) samba.xyz.com ~ $ host -t A samba2.xyz.com. samba2.xyz.com has address 192.168.0.209 Yes, it seems I followed the web page by running the commands on DC2 and not DC1. However, it DOES mention the "IP-of-your-DNS" which ofcourse _is_ DC1 :-) $ /usr/local/samba/bin/samba-tool dns add 192.168.0.208 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator This I did successfully, and the ldbsearch ran successfully too... $ /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)' --cross-ncs objectguid # record 1 dn: CN=NTDS Settings,CN=SAMBA2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com objectGUID: f0605966-1d4f-4fef-8a75-2a24863dbaa9 # record 2 dn: CN=NTDS Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xyz,DC=com objectGUID: 5813325c-fa80-4e0e-b76e-4666f6afe1e2 Now, let's try that on DC1. Ah, I have just discovered something. Bizarrely, I do not have the binary 'ldbsearch' in my /usr/local/samba/bin/ folder on DC1. I have it on DC2, but not on DC1... and yet I followed the wiki exactly. OK, I need to fix that. How do I get the 'ldbsearch' binary on the DC1? Run 'make' again? Also... What the web page doesn't say is what the /etc/resolv.conf should be for the new DC2... DC1: /etc/resolv.conf domain xyz.com nameserver 192.168.0.208 DC2: /etc/resolv.conf domain xyz.com nameserver 192.168.0.209> I quickly added a new DC to my test environment (all 4.0.6), by exactly following the HowTo. And replication works, like expected (I also changed an attribute of an user account and it was automatically on the new DC).Wow, excellent, so it should work for me then. Good to know.> Warning: No NC replicated for Connection!I see you get this too. Should I worry about it?> Can you re-read the HowTo and make sure, that everything was done like described? And that both hosts can resolve the A record of each other and that the CNAME from {objectGUID}._msdcs.samdom.example.com. also?Ah, that may be what's wrong. root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209 Using domain server: Name: 192.168.0.209 Address: 192.168.0.209#53 Aliases: Host f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com not found: 3(NXDOMAIN) OK, I have now added the CNAME to DC2 as well as DC1. root at samba2:~# /usr/local/samba/bin/samba-tool dns add 192.168.0.209 _msdcs.xyz.com f0605966-1d4f-4fef-8a75-2a24863dbaa9 CNAME samba2.xyz.com -UAdministrator It resolves OK now on DC2. root at samba2:~# host -t CNAME f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com 192.168.0.209 f0605966-1d4f-4fef-8a75-2a24863dbaa9._msdcs.xyz.com is an alias for samba2.xyz.com. :-) I have restarted Samba on both DC1 and DC2. I think my next job is to check what the /etc/resolv.conf should be on DC2. Then, try and get 'ldbsearch' binary on DC1. Does that sound like a plan? Thanks for your help on this everyone. Paully
On 31/05/13 12:25, Paul Littlefield wrote:> Workaround: put guid names in /etc/hosts if you experience this bug.I don't believe it. That has fixed it. No more WERR_BADFILE errors in /usr/local/samba/var/log.samba Domain Computers that were not in DC2 now are. Many thanks Giedrius <giedrius+samba at su.lt> Replication now works.> Aaahhh, interesting. I will eat my hat if this fixes it.It's a bit chewy, but well worth it. :) That's my lunch sorted, and my Windows Serverless network. Amazing... and so typical of Linux. The solution is there, you just need someone to point it out. Thanks to everyone. PS: ok, so who is going to add it to the official Samba wiki page now? -- Paul Littlefield Telephone: 07801 125705 Email: info at paully.co.uk Web: www.paully.co.uk Twitter: https://twitter.com/paullittlefield Wiki: http://wiki.indie-it.com/index.php?title=Special:AllPages Blog: http://www.littlefield.info Photo: http://gravatar.com/plittlefield LinkedIn: http://uk.linkedin.com/in/paullittlefield Paul Littlefield is environmentally responsible. Please consider the environment before printing this email. This email and any attachment is intended for the named addressee only, or person authorised to receive it on their behalf. The content should be treated as confidential and the recipient may not disclose this message or any attachment to anyone else without authorisation. If this transmission is received in error please notify the sender immediately and delete this message from your email system. All electronic transmissions to and from me are recorded and may be monitored. Finally, the recipient should check this email and any attachments for viruses. Paul Littlefield accepts no liability for any damage caused by any virus transmitted by this email. Notebook LENOVO ThinkPad Edge Intel(R) Core(TM) i3 CPU U 380 @ 1.33GHz Portage 2.1.11.62 (default/linux/amd64/13.0/desktop, gcc-4.7.2, glibc-2.15-r3, 3.7.9-gentoo x86_64) Gentoo Base System release 2.1 X.Org X Server 1.14.0 xfce-base/xfdesktop-4.10.2 x11-drivers/xf86-video-intel-2.21.6