I just checked the SOA records on my samba DCs and noticed a few oddities:
michael at sles-bree:~> for i in ad{1..4} sles-bree sles-shire; do host -t
soa main.adlab.netdirect.ca $i | grep SOA; done
main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 177 900 600 86400 3600
main.adlab.netdirect.ca has SOA record ad2.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 176 900 600 86400 3600
main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 176 900 600 86400 3600
main.adlab.netdirect.ca has SOA record ad1.main.adlab.netdirect.ca.
hostmaster.main.adlab.netdirect.ca. 171 900 600 86400 3600
main.adlab.netdirect.ca has SOA record
sles-bree.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca.
24 900 600 86400 3600
main.adlab.netdirect.ca has SOA record
sles-shire.main.adlab.netdirect.ca. hostmaster.main.adlab.netdirect.ca.
24 900 600 86400 3600
* ad1 and ad2 and the DCs
* ad3, ad4, sles-bree, sles-shire are RODCs
Issues:
* SOA authority on the samba4 boxes should be ad1 or ad2, not itself
* The serial number isn't updating
What should I be running to validate AD & DNS replication on these
samba4 RODCs? I thought that this would do it:
sles-bree:/home/michael # samba-tool drs showrepl
Bree\SLES-BREE
DSA Options: 0x00000025
DSA object GUID: 7ea641b0-d418-4c74-a4fa-c15b852467b8
DSA invocationId: 1017ff29-756c-4777-b395-b481f4b5387c
==== INBOUND NEIGHBORS ===
ERROR(runtime): DsReplicaGetInfo of type 0 failed - (8453,
'WERR_DS_DRA_ACCESS_DENIED')
M.
--
Michael Brown | `One of the main causes of the fall of
Systems Consultant | the Roman Empire was that, lacking zero,
Net Direct Inc. | they had no way to indicate successful
?: +1 519 883 1172 x5106 | termination of their C programs.' - Firth
