Hi! I have 2 DC, now add one more DC, but all dcs dont view between they. New DC is "DC2" DC1 - vlan10 -> OK to DC3(Connectad by openvpn) DC1 -> vlan10 -> OK to DC2(vlan50) DC2-> vlan50 -> OK to DC1(vlan10) DC2-> Openvpn -> Dont "see" DC3 DC3 -> Openvpn -> OK to DC1(vlan10) DC3 -> Openvpn -> Dont "view" DC2(vlan50) All version Dcs Samba 4.7.7 Firewall is allow between they. ----- DC1 samba-tool drs showrepl I see only DC2 and DC3 is OK Is correct. DC2 samba-tool drs showrepl I see only DC1 DC3 samba-tool drs showrepl I see only DC1 ------------------------ Any Ideia ? Regards
Hi! More information: ldbsearch -H /usr/local/samba/private/sam.ldb '(fromServer=*CN=DC*)' --cross-ncs dn # record 1 dn: CN=b992befb-8cea-47f4-9154-ce1c36c81099,CN=NTDS Settings,CN=DC2,CN=Servers,CN=Matriz,CN=Sites,CN=Configuration,DC=interno,DC=XXXX,DC=XXX,DC=XX # record 2 dn: CN=abb58e8b-4a1d-4347-8b78-34a8009b9df3,CN=NTDS Settings,CN=DC3,CN=Servers,CN=Filial-09,CN=Sites,CN=Configuration,DC=interno,DC=XXX,DC=XXX,DC=XXX # record 3 dn: CN=bc8100ee-4c1e-47b6-bf2a-f865cc771709,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Matriz,CN=Sites,CN=Configuration,DC=interno,DC=XXX,DC=XXX,DC=XXX # record 4 dn: CN=2fd555a0-0720-4fbf-aa2b-ba3b9f7e0bf7,CN=NTDS Settings,CN=DC1,CN=Servers,CN=Matriz,CN=Sites,CN=Configuration,DC=interno,DC=XXXX,DC=XXX,DC=XXX # returned 4 records # 4 entries # 0 referrals Regards; On 17-05-2018 11:30, Carlos wrote:> Hi! > > I have 2 DC, now add one more DC, but all dcs dont view between they. > > New DC is "DC2" > > DC1 - vlan10 -> OK to DC3(Connectad by openvpn) > > DC1 -> vlan10 -> OK to DC2(vlan50) > > DC2-> vlan50 -> OK to DC1(vlan10) > > DC2-> Openvpn -> Dont "see" DC3 > > DC3 -> Openvpn -> OK to DC1(vlan10) > > DC3 -> Openvpn -> Dont "view" DC2(vlan50) > > All version Dcs Samba 4.7.7 > Firewall is allow between they. > > ----- > > DC1 > > samba-tool drs showrepl > > I see only DC2 and DC3 is OK > Is correct. > > DC2 > > samba-tool drs showrepl > > I see only DC1 > > DC3 > > samba-tool drs showrepl > > I see only DC1 > ------------------------ > > Any Ideia ? > > > Regards >
On 5/17/2018 10:30 AM, Carlos via samba wrote:> Hi! > > I have 2 DC, now add one more DC, but all dcs dont view between they. > > New DC is "DC2" > > DC1 - vlan10 -> OK to DC3(Connectad by openvpn) > > DC1 -> vlan10 -> OK to DC2(vlan50) > > DC2-> vlan50 -> OK to DC1(vlan10) > > DC2-> Openvpn -> Dont "see" DC3 > > DC3 -> Openvpn -> OK to DC1(vlan10) > > DC3 -> Openvpn -> Dont "view" DC2(vlan50) > > All version Dcs Samba 4.7.7 > Firewall is allow between they. > > ----- > > DC1 > > samba-tool drs showrepl > > I see only DC2 and DC3 is OK > Is correct. > > DC2 > > samba-tool drs showrepl > > I see only DC1 > > DC3 > > samba-tool drs showrepl > > I see only DC1 > ------------------------ > > Any Ideia ? > > > Regards > >Carlos, This is normal if your firewall is working correctly. The KCC checks and creates replication links to optimize latency and cost where needed. You can override this and create a full mesh topology with the following in your smb.conf under 'Global'. kccsrv:samba_kcc=No I advise not doing this but instead ensure sites and services are setup correctly for your IP Inter-Site-Transports. You can define cost and interval for the links here. -James
Hi! Thanks for answer. But, i allowed all ports in my firewall... I tested, shutdown my DC1 DC2 dont comunication with DC3 I create user in DC2, dont replication with DC3... I waited more in 20 minutes Why ?? Regards; On 17-05-2018 12:01, lingpanda101 wrote:> On 5/17/2018 10:30 AM, Carlos via samba wrote: >> Hi! >> >> I have 2 DC, now add one more DC, but all dcs dont view between they. >> >> New DC is "DC2" >> >> DC1 - vlan10 -> OK to DC3(Connectad by openvpn) >> >> DC1 -> vlan10 -> OK to DC2(vlan50) >> >> DC2-> vlan50 -> OK to DC1(vlan10) >> >> DC2-> Openvpn -> Dont "see" DC3 >> >> DC3 -> Openvpn -> OK to DC1(vlan10) >> >> DC3 -> Openvpn -> Dont "view" DC2(vlan50) >> >> All version Dcs Samba 4.7.7 >> Firewall is allow between they. >> >> ----- >> >> DC1 >> >> samba-tool drs showrepl >> >> I see only DC2 and DC3 is OK >> Is correct. >> >> DC2 >> >> samba-tool drs showrepl >> >> I see only DC1 >> >> DC3 >> >> samba-tool drs showrepl >> >> I see only DC1 >> ------------------------ >> >> Any Ideia ? >> >> >> Regards >> >> > Carlos, > > This is normal if your firewall is working correctly. The KCC > checks and creates replication links to optimize latency and cost > where needed. You can override this and create a full mesh topology > with the following in your smb.conf under 'Global'. > > kccsrv:samba_kcc=No > > I advise not doing this but instead ensure sites and services are > setup correctly for your IP Inter-Site-Transports. You can define cost > and interval for the links here. > > > -James > >