thr3ads.net - samba - [Samba] Replication problems bdc to pdc [Dec 2017]

If this information is useful, please help other people find it:
Share via:

Jiří Knotek

2017-Dec-11 13:33 UTC

[Samba] Replication problems bdc to pdc

Hello,

Replication from backup Active Directory Domain Controler to primary 
Active Directory Domain Controler does not work, reporting error ' 
WERR_BADFILE '. The reverse works.

  * Linux: Raspbian, debian stretch lite
  * Samba version 4.5.12-Debian
  * DNS: BIND9_DLZ 9.10.x
  * Installed packages: ntp ntpdate samba smbclient winbind libcups2
    samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user

root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc 
dc=ry11cit,dc=local
Replicate from ry11citdc to ry11citsdc was successful.


root at ry11citdc:~# root at ry11citdc:~# samba-tool drs replicate ry11citsdc 
ry11citdc dc=ry11cit,dc=local
-bash: root at ry11citdc:~#: command not found
root at ry11citdc:~# samba-tool drs replicate ry11citdc ry11citsdc 
dc=ry11cit,dc=local
*ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')**
**  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 
368, in run**
**    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
source_dsa_guid, NC, req_options)**
**  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83,
in sendDsReplicaSync**
**    raise drsException("DsReplicaSync failed %s" % estr)*

Please help, I don 't know the advice.

System integrator Jiří Knotek


Primary Active Directory Domain 
Controler:---------------------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------------------------------------------------------------------

krb5.conf:

[libdefaults]
     default_realm = RY11CIT.LOCAL
     dns_lookup_realm = false
     dns_lookup_kdc = true

[realms]
RY11CIT.LOCAL = {
     kdc = ry11citdc.ry11cit.local
     admin_server = ry11citdc.ry11cit.local
     default_domain = ry11cit.local
}

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
     directory "/var/cache/bind";

     dnssec-validation auto;

     auth-nxdomain no;    # conform to RFC1035
     listen-on-v6 { none; };
     tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

smb.conf:------------------------------

# Global parameters
[global]
     netbios name = RY11CITDC
     realm = RY11CIT.LOCAL
     workgroup = RY11CIT
     server role = active directory domain controller

[netlogon]
     path = /var/lib/samba/sysvol/ry11cit.local/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No


Samba Provision---------------:

     samba-tool domain provision --realm=RY11CIT.LOCAL --domain=RY11CIT 
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'

samba_dnsupdate --verbose --all-names 
:-------------------------------------------------------------------------

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citdc.ry11cit.local. 900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    NS ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local.    900    IN    NS ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900    IN    SRV    0 100 389 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900    IN SRV    0 100 389 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local. 
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN    SRV    0 100 88 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN    SRV    0 100 88 
ry11citdc.ry11cit.local.

IPs: ['10.44.1.10']
force update: A ry11citdc.ry11cit.local 10.44.1.10
force update: NS ry11cit.local ry11citdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
force update: A ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citdc.ry11cit.local 464
force update: CNAME 
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local 
ry11citdc.ry11cit.local
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 88
force update: SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 88
force update: SRV _ldap._tcp.pdc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: A gc._msdcs.ry11cit.local 10.44.1.10
force update: SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 3268
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as 
RY11CITDC$
update(nsupdate): A ry11citdc.ry11cit.local 10.44.1.10
Calling nsupdate for A ry11citdc.ry11cit.local 10.44.1.10 (add)
update(nsupdate): NS ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.10
Calling nsupdate for A ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV _kerberos._tcp.ry11cit.local 
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.ry11cit.local 
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._udp.ry11cit.local 
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._udp.ry11cit.local 
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerbeOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local.    900 IN SRV 0 100 88 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN    SRV    0 100 464 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN    SRV    0 100 464 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local. 900 IN 
CNAME    ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN    SRV 0 
100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 
IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN 
SRV    0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 
900 IN SRV 0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.pdc._msdcs.ry11cit.local. 900 IN SRV    0 100 389 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local.    900    IN    SRV    0 100 3268 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900    IN SRV    0 100 3268 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100 
3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900 
IN SRV 0 100 3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local. 
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 
ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local. 
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

ros._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local 
ry11citdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local 
ry11citdc.ry11cit.local 464 (add)
update(nsupdate): SRV _kpasswd._udp.ry11cit.local 
ry11citdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._udp.ry11cit.local 
ry11citdc.ry11cit.local 464 (add)
update(nsupdate): CNAME 
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local 
ry11citdc.ry11cit.local
Calling nsupdate for CNAME 
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local 
ry11citdc.ry11cit.local (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.10
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 
3268 (add)
update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): SRV 
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV 
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citdc.ry11cit.local 389 (add)


Backup (Standby) Active Directory Domain 
Controler:---------------------------------------------------------------------------------------------------

krb5.conf:

[libdefaults]
     default_realm = RY11CIT.LOCAL
     dns_lookup_realm = false
     dns_lookup_kdc = true

[realms]
RY11CIT.LOCAL = {
     kdc = ry11citsdc.ry11cit.local
     admin_server = ry11citsdc.ry11cit.local
     default_domain = ry11cit.local
}

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
     directory "/var/cache/bind";

     dnssec-validation auto;

     auth-nxdomain no;    # conform to RFC1035
     listen-on-v6 { none; };
     tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

smb.conf:------------------------------

# Global parameters
[global]
     netbios name = RY11CITSDC
     realm = RY11CIT.LOCAL
     workgroup = RY11CIT

     server role = active directory domain controller

[netlogon]
     path = /var/lib/samba/sysvol/ry11cit.local/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No


Samba join:----------------------------

samba-tool domain join RY11CIT DC -Uadministrator --realm=RY11CIT.LOCAL 
--dns-backend=BIND9_DLZ --adminpass='.....'


samba_dnsupdate --verbose --all-names 
:-------------------------------------------------------------------------

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citsdc.ry11cit.local. 900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    NS    ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local.    900    IN    NS ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900    IN    SRV    0 100 389 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900    IN SRV    0 100 389 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local. 
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN    SRV    0 100 88 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN    SRV    0 100 88 
ry11citsdc.ry11cit.local.

IPs: ['10.44.1.9']
force update: A ry11citsdc.ry11cit.local 10.44.1.9
force update: NS ry11cit.local ry11citsdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
force update: A ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: CNAME 
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 88
force update: SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 88
force update: A gc._msdcs.ry11cit.local 10.44.1.9
force update: SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 3268
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
force update: SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
28 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as 
RY11CITSDC$
update(nsupdate): A ry11citsdc.ry11cit.local 10.44.1.9
Calling nsupdate for A ry11citsdc.ry11cit.local 10.44.1.9 (add)
update(nsupdate): NS ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.9
Calling nsupdate for A ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV _kerberos._tcp.ry11cit.local 
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.ry11cit.local 
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._udp.ry11cit.local 
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._udp.ry11cit.local 
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.ry11cit.local 
ry11citsdc.ry11ciOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local.    900 IN SRV 0 100 88 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN    SRV    0 100 464 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN    SRV    0 100 464 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local. 900 IN 
CNAME    ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 
100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 
IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN 
SRV    0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 
900 IN SRV 0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local.    900    IN    SRV    0 100 3268 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900    IN SRV    0 100 3268 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100 
3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900 
IN SRV 0 100 3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local. 
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 
ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local. 
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

t.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local 
ry11citsdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local 
ry11citsdc.ry11cit.local 464 (add)
update(nsupdate): SRV _kpasswd._udp.ry11cit.local 
ry11citsdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._udp.ry11cit.local 
ry11citsdc.ry11cit.local 464 (add)
update(nsupdate): CNAME 
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local
Calling nsupdate for CNAME 
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV 
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV 
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.9
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 
3268 (add)
update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): SRV 
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV 
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local 
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local 
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV 
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local 
ry11citsdc.ry11cit.local 389 (add)

-- 

*Ing. Jiří Knotek*
programátor

*GEMA s.r.o. Automatizace technologických procesů*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>

Rowland Penny

2017-Dec-11 14:48 UTC

head link

[Samba] Replication problems bdc to pdc

On Mon, 11 Dec 2017 14:33:48 +0100
Jiří Knotek via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> Replication from backup Active Directory Domain Controler to primary 
> Active Directory Domain Controler does not work, reporting error ' 
> WERR_BADFILE '. The reverse works.
You do not have a backup AD DC, or a primary AD DC, you just have two
AD DCs
> 
>   * Linux: Raspbian, debian stretch lite
>   * Samba version 4.5.12-Debian
>   * DNS: BIND9_DLZ 9.10.x
>   * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>     samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
> 
> root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc 
> dc=ry11cit,dc=local
> Replicate from ry11citdc to ry11citsdc was successful.
> 
> 
> root at ry11citdc:~# samba-tool drs replicate
> ry11citsdc ry11citdc dc=ry11cit,dc=local
> -bash: root at ry11citdc:~#: command not found
> root at ry11citdc:~# samba-tool drs replicate ry11citdc ry11citsdc 
> dc=ry11cit,dc=local
> *ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed
> - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')**
> **  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py",
line
> 368, in run**
> **    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
> source_dsa_guid, NC, req_options)**
> **  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py",
line
> 83, in sendDsReplicaSync**
> **    raise drsException("DsReplicaSync failed %s" % estr)*
> 
There is something strange here, you seem to be running the commands on
the same DC, the first time it works, then it cannot find the command,
then after you switched the order of the DCs to replicate to & from,
it throws an error 
> First Active Directory Domain Controler:
> 
> krb5.conf:
> 
> [libdefaults]
>      default_realm = RY11CIT.LOCAL
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
> 
You only need the above
> named.conf:------------------------
> 
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
> 
> named.conf.options:-----------------------
> 
> options {
>      directory "/var/cache/bind";
> 
>      dnssec-validation auto;
> 
>      auth-nxdomain no;    # conform to RFC1035
>      listen-on-v6 { none; };
>      tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
You haven't set any forwarders.
> 
> smb.conf:------------------------------
> 
> # Global parameters
> [global]
>      netbios name = RY11CITDC
>      realm = RY11CIT.LOCAL
>      workgroup = RY11CIT
>      server role = active directory domain controller
> 
Why haven't you got a 'server services' line ?
you should have if you are using Bind9


 > 
> Another (Standby) Active Directory Domain Controler:
What do mean by 'standby' ?
> 
> krb5.conf:
> 
> [libdefaults]
>      default_realm = RY11CIT.LOCAL
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
> 
You only need the above

> [realms]
 named.conf.options:-----------------------> 
> options {
>      directory "/var/cache/bind";
> 
>      dnssec-validation auto;
> 
>      auth-nxdomain no;    # conform to RFC1035
>      listen-on-v6 { none; };
>      tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
> 
Still no forwarders
> smb.conf:------------------------------
> 
> # Global parameters
> [global]
>      netbios name = RY11CITSDC
>      realm = RY11CIT.LOCAL
>      workgroup = RY11CIT
> 
>      server role = active directory domain controller
> 
Again there is no 'server services' line

Finally, I see that you are not aware that using '.local' is a bad
idea.

Rowland

Jiří Knotek

2017-Dec-11 20:59 UTC

head link

[Samba] Replication problems bdc to pdc

Hello Rowland,
     thank You for a quick response.


On 11. 12. 2017 15:48, Rowland Penny via samba wrote:> On Mon, 11 Dec 2017 14:33:48 +0100
> Jiří Knotek via samba<samba at lists.samba.org>  wrote:
>
>> Hello,
>>
>> Replication from backup Active Directory Domain Controler to primary
>> Active Directory Domain Controler does not work, reporting error '
>> WERR_BADFILE '. The reverse works.
> You do not have a backup AD DC, or a primary AD DC, you just have two
> AD DCs
OK, thank you for correcting the nomenclature
>>    * Linux: Raspbian, debian stretch lite
>>    * Samba version 4.5.12-Debian
>>    * DNS: BIND9_DLZ 9.10.x
>>    * Installed packages: ntp ntpdate samba smbclient winbind libcups2
>>      samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
>>
>> root at ry11citdc:~# samba-tool drs replicate_ry11citsdc_  ry11citdc
dc=ry11cit,dc=local
>> Replicate from ry11citdc to ry11citsdc was successful.
>> root at ry11citdc:~# samba-tool drs replicate ry11citdc_ry11citsdc_ 
dc=ry11cit,dc=local
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed - drsException: DsReplicaSync failed (2,
'WERR_BADFILE')
>>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in
run
>>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
>>    File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in
sendDsReplicaSync
>>      raise drsException("DsReplicaSync failed %s" % estr)
>>
>>
> There is something strange here, you seem to be running the commands on
> the same DC, the first time it works, then it cannot find the command,
> then after you switched the order of the DCs to replicate to & from,
> it throws an error
I copied it badly, I corrected it. The second command demonstrates 
malfunctioning replication.
>   
>
>> First Active Directory Domain Controler:
>>
>> krb5.conf:
>>
>> [libdefaults]
>>       default_realm = RY11CIT.LOCAL
>>       dns_lookup_realm = false
>>       dns_lookup_kdc = true
>>
> You only need the aboveOK, i corrected it.
>> named.conf:------------------------
>>
>> include "/etc/bind/named.conf.options";
>> include "/etc/bind/named.conf.local";
>> include "/etc/bind/named.conf.default-zones";
>> include "/var/lib/samba/private/named.conf";
>>
>> named.conf.options:-----------------------
>>
>> options {
>>       directory "/var/cache/bind";
>>
>>       dnssec-validation auto;
>>
>>       auth-nxdomain no;    # conform to RFC1035
>>       listen-on-v6 { none; };
>>       tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
> You haven't set any forwarders.
My network has only 10 stations and can not access the Internet. I just 
need Windows domain users. Bind9 I chose for future use.>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>>       netbios name = RY11CITDC
>>       realm = RY11CIT.LOCAL
>>       workgroup = RY11CIT
>>       server role = active directory domain controller
>>
> Why haven't you got a 'server services' line ?
> you should have if you are using Bind9
Because of 
"https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they
write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap 
cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /".

But according to 
"https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC"
here I will add "server services = -dns". It is
correct?>
>   
>> Another (Standby) Active Directory Domain Controler:
> What do mean by 'standby' ?Standby server is an expression using SCADA / HMI SW CitectSCADA. It's a 
DC backup, here one DC.>> krb5.conf:
>>
>> [libdefaults]
>>       default_realm = RY11CIT.LOCAL
>>       dns_lookup_realm = false
>>       dns_lookup_kdc = true
>>
> You only need the above
OK, i corrected it.>
>
>> [realms]
>   named.conf.options:-----------------------
>> options {
>>       directory "/var/cache/bind";
>>
>>       dnssec-validation auto;
>>
>>       auth-nxdomain no;    # conform to RFC1035
>>       listen-on-v6 { none; };
>>       tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>> };
>>
> Still no forwardersMy network has only 10 stations and can not access the Internet. I just 
need Windows domain users. Bind9 I chose for future use.>
>> smb.conf:------------------------------
>>
>> # Global parameters
>> [global]
>>       netbios name = RY11CITSDC
>>       realm = RY11CIT.LOCAL
>>       workgroup = RY11CIT
>>
>>       server role = active directory domain controller
>>
> Again there is no 'server services' lineBecause of 
"https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html" they
write that "Default: //|server services|/ = |s3fs rpc nbt wrepl ldap 
cldap kdc drepl winbind ntp_signd kcc dnsupdate dns| /".

But according to 
"https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC"
here I will add "server services = -dns". It is
correct?>   
>
> Finally, I see that you are not aware that using '.local' is a bad
> idea.My network has only 10 stations and can not access the Internet. I 
thought that .local is just a name. Do you recommend a different
name?>
> Rowland
>   
>
Unfortunately, the changes made did not correct replication from 
ry11citsdc to ry11citdc. Do you have any other advice or do you need 
more information?

Thanks J.Knotek

-- 

*Ing. Jiří Knotek*
programátor

*GEMA s.r.o. Automatizace technologických procesů*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>

Possibly Parallel Threads

Search for more maybe matching threads

samba - Dec 2017 - Replication problems bdc to pdc

[Samba] Replication problems bdc to pdc

[Samba] Replication problems bdc to pdc

[Samba] Replication problems bdc to pdc

Possibly Parallel Threads