thr3ads.net - samba - [Samba] Refusing to replicate from a read-only repilca into a read-write replica. [Nov 2012]

If this information is useful, please help other people find it:
Share via:

Murray Fraser

2012-Nov-22 02:49 UTC

[Samba] Refusing to replicate from a read-only repilca into a read-write replica.

Testing with Samba4 rc5, I ran into the following problem trying to join
samba 4 to an existing (parent) domain.

# /usr/local/samba/bin/samba-tool domain join example.com DC
-Uadministrator --realm=example.com
Finding a writeable DC for domain 'example.com'
Found DC server01.example.com
Password for [example\administrator]:
workgroup is example
realm is example.com
checking sAMAccountName
Adding CN=SAMBADC1,OU=Domain Controllers,DC=example,DC=com,DC=au
Adding
CN=SAMBADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com,DC=au
Adding CN=NTDS
Settings,CN=SAMBADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com,DC=au
Adding SPNs to CN=SAMBADC1,OU=Domain Controllers,DC=example,DC=com,DC=au
Setting account password for SAMBADC1$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=example,DC=com,DC=au
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com,DC=au] objects[402]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com,DC=au] objects[804]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com,DC=au] objects[1206]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com,DC=au] objects[1521]
linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=example,DC=com,DC=au] objects[402]
linked_values[0]
Partition[CN=Configuration,DC=example,DC=com,DC=au] objects[804]
linked_values[0]
Partition[CN=Configuration,DC=example,DC=com,DC=au] objects[1206]
linked_values[0]
Partition[CN=Configuration,DC=example,DC=com,DC=au] objects[1608]
linked_values[5]
Partition[CN=Configuration,DC=example,DC=com,DC=au] objects[1669]
linked_values[101]
Replicating critical objects from the base DN of the domain
Partition[DC=example,DC=com,DC=au] objects[103] linked_values[32]
Partition[DC=example,DC=com,DC=au] objects[389] linked_values[36]
Refusing to replicate DC=child,DC=example,DC=com,DC=au from a read-only
repilca into a read-write replica!
Failed to convert object DC=child,DC=example,DC=com,DC=au:
WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA
Join failed - cleaning up
checking sAMAccountName
Deleted CN=SAMBADC1,OU=Domain Controllers,DC=example,DC=com,DC=au
Deleted CN=NTDS
Settings,CN=SAMBADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com,DC=au
Deleted
CN=SAMBADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com,DC=au
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed
to
process chunk: NT code 0xc0002111
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1104, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1009, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
748, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
line 252, in replicate
    schema=schema, req_level=req_level, req=req)

I don't know where in Active Directory I should be checking for a
'read-only' replica of the child domain (child.example.com), or how to
disable it.

Also there is a typo in the spelling of 'repilca' in the error message.

Matthieu Patou

2012-Nov-23 22:13 UTC

head link

[Samba] Refusing to replicate from a read-only repilca into a read-write replica.

On 11/21/2012 06:49 PM, Murray Fraser wrote:> Testing with Samba4 rc5, I ran into the following problem trying to join
> samba 4 to an existing (parent) domain.
>
> # /usr/local/samba/bin/samba-tool domain join example.com DC
> -Uadministrator --realm=example.com
> Finding a writeable DC for domain 'example.com'
> Found DC server01.example.com
Normally this indicate that we found a RW DC> Password for [example\administrator]:
> workgroup is example
> realm is example.com
> checking sAMAccountName
> Adding CN=SAMBADC1,OU=Domain Controllers,DC=example,DC=com,DC=auHow can it be that you ask to join example.com but your domain seems to 
be example.com.au ... something looks wrong here.


Matthieu.

-- 
Matthieu Patou
Samba Team
http://samba.org

Possibly Parallel Threads

Search for more seemingly similar threads

samba - Nov 2012 - Refusing to replicate from a read-only repilca into a read-write replica.

[Samba] Refusing to replicate from a read-only repilca into a read-write replica.

[Samba] Refusing to replicate from a read-only repilca into a read-write replica.

Possibly Parallel Threads