thr3ads.net - samba - [Samba] Doubts about synchronization between DC [Jul 2017]

If this information is useful, please help other people find it:
Share via:

Marcio Demetrio Bacci

2017-Jul-04 12:24 UTC

[Samba] Doubts about synchronization between DC

Hi,

I have 2 DC (both with Samba 4.6.5) and apparently the secondary DC is
receiving information of the main DC, according to information below:


root at dc2:/root samba-tool drs showrepl
Default-First-Site-Name\DC2
DSA Options: 0x00000001
DSA object GUID: b3061034-9e5c-452d-a215-43e8a83b90ec
DSA invocationId: 4010374c-e457-49ed-9b6d-24c6e40eb737

==== INBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ Tue Jul  4 09:00:46 2017 -03 was successful
        0 consecutive failure(s).
        Last success @ Tue Jul  4 09:00:46 2017 -03

CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ Tue Jul  4 09:00:46 2017 -03 was successful
        0 consecutive failure(s).
        Last success @ Tue Jul  4 09:00:46 2017 -03

DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ Tue Jul  4 09:00:46 2017 -03 was successful
        0 consecutive failure(s).
        Last success @ Tue Jul  4 09:00:46 2017 -03

DC=DomainDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ Tue Jul  4 09:00:53 2017 -03 was successful
        0 consecutive failure(s).
        Last success @ Tue Jul  4 09:00:53 2017 -03

DC=ForestDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ Tue Jul  4 09:00:46 2017 -03 was successful
        0 consecutive failure(s).
        Last success @ Tue Jul  4 09:00:46 2017 -03

==== OUTBOUND NEIGHBORS ===
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

CN=Configuration,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

DC=DomainDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

DC=ForestDnsZones,DC=empresa,DC=com,DC=br
    Default-First-Site-Name\dc1 via RPC
        DSA object GUID: 85f48d3e-ca2a-4c26-a04c-27ef820e0b7d
        Last attempt @ NTTIME(0) was successful
        0 consecutive failure(s).
        Last success @ NTTIME(0)

==== KCC CONNECTION OBJECTS ===
Connection --
    Connection name: 1e059648-0fe2-48d2-9bae-e85803d6af02
    Enabled        : TRUE
    Server DNS name : dc1.empresa.com.br
    Server DN name  : CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
        TransportType: RPC
        options: 0x00000001
Warning: No NC replicated for Connection!



However, I have verified the following:

A) the permissions on sysvol folder of DC2 are different from DC1
DC1: drwxrwxrwx  3 10060 30028   4096 Jul  4 01:15 sysvol
DC2: drwxr-sr-x 3 root staff     4096 Mai 22 18:58 sysvol

B) in DC2 there isn't "Policies" folder in
/usr/local/samba/var/locks/sysvol/empresa.com.br/

Should not they sync those permissions too? Is there any problem?

Regards,

Márcio Bacci

Rowland Penny

2017-Jul-04 12:41 UTC

head link

[Samba] Doubts about synchronization between DC

On Tue, 4 Jul 2017 09:24:49 -0300
Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:
> However, I have verified the following:
> 
> A) the permissions on sysvol folder of DC2 are different from DC1
> DC1: drwxrwxrwx  3 10060 30028   4096 Jul  4 01:15 sysvol
> DC2: drwxr-sr-x 3 root staff     4096 Mai 22 18:58 sysvol
> 
> B) in DC2 there isn't "Policies" folder in
> /usr/local/samba/var/locks/sysvol/empresa.com.br/
> 
> Should not they sync those permissions too? 
No (well, yes they should, but they don't)
> Is there any problem?
You haven't removed the uidNumber from 'Administrator' as you where
advised to ;-)

You should also read this:

https://wiki.samba.org/index.php/SysVol_replication_%28DFS-R%29

The contents of sysvol aren't created on a second DC, you will need to
sync from the first DC.

Rowland

Apparently Analagous Threads

Search for more apparently analagous threads

samba - Jul 2017 - Doubts about synchronization between DC

[Samba] Doubts about synchronization between DC

[Samba] Doubts about synchronization between DC

Apparently Analagous Threads