Problems with Secondary DC
My scenario:
DC1 = = SRV14=primary DC + DHCP Bind9
DC2 = SRV15=secondary DC + Bind9
Both running Samba 4.4.5.
Through the Group Policy Management, when switching DC, when I try to connect to
DC2, I get error message:
"There was an error processing to collect data using this base domain
controller. Change the base domain controller and try again."
When I connect the "Active Users and Computers Diretory" I can not
connect normally.
When I run the following command, I get inconsistencies errors:
# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator
# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator
...
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes with different values:
whenChanged
* Comparing [SCHEMA] context...
* Objects to be compared: 1739
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 243
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 25
* Result for [DNSFOREST]: SUCCESS
ERROR: Compare failed: -1
# samba-tool ldapcmp ldap://srv14 ldap://srv15 -Uadministrator configuration...
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes with different values:
whenChanged
ERROR: Compare failed: -1
The contents of the smb.conf DC2:
# Global parameters
[global]
bind interfaces only = Yes
interfaces = lo eth0
netbios name = SRV15
realm = DOMAIN.LOCAL
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = DOMAIN
server role = active directory domain controller
comment =
log file = /var/log/samba/%m.log
log level = 1
#
winbind enum users = yes
winbind enum groups = yes
#
client ldap sasl wrapping = sign
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
The contents of the smb.conf DC1:
# Global parameters
[global]
#bind interfaces only = Yes
interfaces = lo eth0
netbios name = SRV14
realm = DOMAIN.LOCAL
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = DOMAIN
server role = active directory domain controller
comment =
log file = /var/log/samba/%m.log
log level = 1
#
idmap_ldb:use rfc2307 = yes
#
allow dns updates = secure only
nsupdate command = /usr/bin/nsupdate -g
#
client ldap sasl wrapping = sign
[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
How can I solve these problems?
Thank you!