samba - Jun 2010 - DC replication

So finally I got the net vampire to work.
I had to roll back to commit 62e0a74 bypassing all the updates done by mdw at
samba.org for now.

Now the replication

PDC1 is the first domain controller created by provision
PDC2 is the second is the second domain controller created by net vampire

on PDC1 I added user using "net newuser testuser1"
in few seconds it appeared on PDC2 using the command wbinfo -u

on PDC2 I added user using "net newuser testuser2"
it never appear on PDC1

Any idea what steps I'm missing here

Thanks
Ibrahim
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Just to clarify, you used "net vampire" to pull the info from PDC1 to
PDC2?

Are you using LDAP or TDBSAM backend for samba accounts?  Are you using NIS
or LDAP or /etc/passwd for unix accounts?   I found that LDAP backend for
both samba and unix accounts  was the best way to make sure all the samba
DC's  had the identical unix and samba id's for accounts across all
machines.   

When you run wbinfo on PDC2 it may actually be querying PDC1.     If I
remember correctly, if you are using an TDBSAM backend with a BDC you need
to create the samba account separately on the PDC and BDC.    I don't think
there is any reliable TDB replication in either direction.

Instead of configuring the 2nd samba server as a BDC you may want to
configure it as a member server.   


-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Ibrahim Hamouda
Sent: Wednesday, June 09, 2010 4:16 PM
To: samba list
Subject: [Samba] DC replication

So finally I got the net vampire to work.
I had to roll back to commit 62e0a74 bypassing all the updates done by
mdw at samba.org for now.

Now the replication

PDC1 is the first domain controller created by provision
PDC2 is the second is the second domain controller created by net vampire

on PDC1 I added user using "net newuser testuser1"
in few seconds it appeared on PDC2 using the command wbinfo -u

on PDC2 I added user using "net newuser testuser2"
it never appear on PDC1

Any idea what steps I'm missing here

Thanks
Ibrahim
-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Hi Ibrahim

On 16 June 2010 18:57, Ibrahim Hamouda <ihamouda at itcanint.net>
wrote:
> Michael
> ? ? ? ?Thanks for all your help
> ? ? ? ?I think I found out the problem with replication.
>
> ? ? ? ?when I run net vapire on the second DC (pdc2), let's say
it's ip address is 192.168.254.202
>
> ? ? ? ?as soon as samba starts samba_dnsupdate runs
> ? ? ? ?it reads the dns_update_list file and start updating the dns on
(pdc1), let's say its address 192.168.254.201
>
> ? ? ? ?the first record in the dns_update_list adds a A record for the
domain name with 192.168.254.202.
> ? ? ? ?This record succeeds, then nsupdate gets confused because now there
are two records for the domain and it works on the nearest one (local)
> ? ? ? ?So the rest of the samba update fails, and subsequently the
replication fails.
>
> ? ? ? ?commenting out this first line in dns_update_list befor starting
samba for the first time on pdc2 solves the problem
OK, that sounds like a workaround rather than a problem.  If PDC2 is
not the name server then nsupdate shouldn't send it the update
requests.  Not sure what the right solution is, though.
> On 2010-06-12, at 4:56 PM, Michael Wood wrote:
>
>> On 12 June 2010 23:37, Gaiseric Vandal <gaiseric.vandal at
gmail.com> wrote:
>>> Just to clarify, you used "net vampire" to pull the info
from PDC1 to PDC2?
>>
>> He's using Samba4, so he provisioned a DC and then vampired that to
>> create another DC.
>>
>>> Are you using LDAP or TDBSAM backend for samba accounts? ?Are you
using NIS
>>
>> I suspect he's using the default Samba4 LDB.
>>
>>> or LDAP or /etc/passwd for unix accounts? ? I found that LDAP
backend for
>>> both samba and unix accounts ?was the best way to make sure all the
samba
>>> DC's ?had the identical unix and samba id's for accounts
across all
>>> machines.
>>>
>>> When you run wbinfo on PDC2 it may actually be querying PDC1. ? ?
If I
>>> remember correctly, if you are using an TDBSAM backend with a BDC
you need
>>> to create the samba account separately on the PDC and BDC. ? ?I
don't think
>>> there is any reliable TDB replication in either direction.
>>
>> Since he's using Samba4 they should definitely replicate.
>>
>> Ibrahim, perhaps you should specify that you are using Samba4 instead
>> of just implying it :)
>>
>>> Instead of configuring the 2nd samba server as a BDC you may want
to
>>> configure it as a member server.
>>
>> I'm afraid I haven't tried replication between two Samba4
instances,
>> but are there any errors in the logs that might point you in the right
>> direction? ?Maybe increase the debug level.
-- 
Michael Wood <esiotrot at gmail.com>