I'm trying to upgrade our old DC's from samba 4.2 to samba 4.4. Rather
than upgrade in-place, I am creating new DCs and then joining them. This
generally seems to work as expected, except outbound replication seems to
fail.
[root at newDC samba-4.4.4]# samba-tool drs replicate newDC oldDC
CN=Configuration,DC=ad,DC=mydomain,DC=com -U Administrator
Replicate from oldDC to newDC was successful.
[root at newDC samba-4.4.4]# samba-tool drs replicate oldDC newDC
CN=Configuration,DC=ad,DC=mydomain,DC=com -U Administrator
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File "/lib64/python2.7/site-packages/samba/netcmd/drs.py", line
350, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File "/lib64/python2.7/site-packages/samba/drs_utils.py", line 83,
in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Just to rule out that this problem wasn't caused by the old DCs, I created
a second new DC and I get the same error with outbound replication from
one 4.4.4 DC to the other.
The reason for this particular version is because I'm on CentOS 7. The
old DCs are on 7.2, running a CentOS samba package rebuilt with DC
support. The new machines are on 7.3, also running a CentOS samba package
rebuilt with DC support. Just to make sure that this problem wasn't
caused by a patch in the CentOS package, I also downloaded both official
samba 4.4.4 and 4.4.9 from the samba website and compiled them, and both
gave me the same erorr. Exact configure options used (to more or less
match the CentOS build):
./configure --enable-fhs --prefix=/ --with-piddir=/run
--with-sockets-dir=/run/samba --with-modulesdir=/usr/lib64/samba
--with-pammodulesdir=/usr/lib64/security --with-lockdir=/var/lib/samba/lock
--with-statedir=/var/lib/samba --with-cachedir=/var/lib/samba
--disable-rpath-install --with-pam --with-pie --with-relro --without-fam
Any suggestions?