Денис Полещук
2016-Dec-10 09:57 UTC
[Samba] can't replicate ForestDnsZones and DomainDnsZones
I have DC on samba 4.5.2 (pdc) Also I have additional DC on Win2008 R2. (bdc) pdc and bdc just host names When I trying to replicate samba to windows: pdc:~ # samba-tool drs replicate bdc pdc DC=tidykzn,DC=local Replicate from pdc to bdc was successful. pdc:~ # samba-tool drs replicate bdc pdc CN=Schema,CN=Configuration,DC=tidykzn,DC=local Replicate from pdc to bdc was successful. pdc:~ # samba-tool drs replicate bdc pdc CN=Configuration,DC=tidykzn,DC=local Replicate from pdc to bdc was successful. But: pdc:~ # samba-tool drs replicate bdc pdc DC=ForestDnsZones,DC=tidykzn,DC=local ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER') File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 368, in run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) pdc:~ # samba-tool drs replicate bdc pdc DC=DomainDnsZones,DC=tidykzn,DC=local ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER') File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 368, in run drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options) File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync raise drsException("DsReplicaSync failed %s" % estr) What I need not do to fix this situation?
mathias dufresne
2016-Dec-15 16:43 UTC
[Samba] can't replicate ForestDnsZones and DomainDnsZones
2016-12-10 10:57 GMT+01:00 Денис Полещук via samba <samba at lists.samba.org>:> I have DC on samba 4.5.2 (pdc) > Also I have additional DC on Win2008 R2. (bdc) > pdc and bdc just host names > > When I trying to replicate samba to windows: > > pdc:~ # samba-tool drs replicate bdc pdc DC=tidykzn,DC=local > Replicate from pdc to bdc was successful. > pdc:~ # samba-tool drs replicate bdc pdc > CN=Schema,CN=Configuration,DC=tidykzn,DC=local > Replicate from pdc to bdc was successful. > pdc:~ # samba-tool drs replicate bdc pdc > CN=Configuration,DC=tidykzn,DC=local > Replicate from pdc to bdc was successful. > > But: > > pdc:~ # samba-tool drs replicate bdc pdc > DC=ForestDnsZones,DC=tidykzn,DC=local > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER') > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line > 368, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/ > drs_utils.py", > line 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > pdc:~ # samba-tool drs replicate bdc pdc > DC=DomainDnsZones,DC=tidykzn,DC=local > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (8437, 'WERR_DS_DRA_INVALID_PARAMETER') > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line > 368, in run > drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, > source_dsa_guid, NC, req_options) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/ > drs_utils.py", > line 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > What I need not do to fix this situation?First note that what I'll propose was not advised by Samba team months ago. No idea what is the status of that right now. Anyway, let's go : ) In private/sam.ldb.d you will find DIT files. These files are different on each DC and for that reason it not advised to copy them between DC. Now when DB replication is working fine between DC "samba-tool ldapcmp" shows only attribute which is not synchronized between DC: "whenChanged" attribute. The reason of this difference is because MS (and Samba team) decided it is not an important attribute which worth replication. So our DIT files are different but nobody care about that difference. So you can simply copy DIT files from one DC to another. Please perform the copy with Samba services on your DCs (both, source and destination) stopped to avoid any change into the DB during the copy. Making a copy/backup of the file you're about to replace seems also a (very very) good idea : ) I have to copy both DIT DomainDnsZones and ForestDnsZones here at work and now all my DC are working like charms. Remember the note at the beginning ;) Have fun and good luck! mathias