Hello,
We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2)
server as a backup DC.
The system for the most-part works OK, but occasionally the Samba DC
goes wildly out of sync (with respect to group membership), normally
after a change to a large group.
I have noted previously before the out-of-sync event occurs, this
command always fails thus :
root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1
dc=inview,dc=local --sync-all --full-sync
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
line
350, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
line
83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
However immediately after the out-of-sync event occurred the above
command completed with no errors. It did not solve my issue, the groups
remained out of sync. So I then put the groups back together manually.
At some point during this process of adding members back to groups, the
abovec ommand start failing again.
Without the --full sync the command completes OK (always):
root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1
dc=inview,dc=local --sync-all
Replicate from inview-dc1 to inview-dc2 was successful.
This bug looks to be a similar issue:
https://bugzilla.samba.org/show_bug.cgi?id=11987
Any ideas what might be going on here?
Thanks in advance
Chris Lewis
PS Here is the full debug of the failing command:
root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local
inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync -d 8
INFO: Current debug levels:
all: 8
tdb: 8
printdrivers: 8
lanman: 8
smb: 8
rpc_parse: 8
rpc_srv: 8
rpc_cli: 8
passdb: 8
sam: 8
auth: 8
winbind: 8
vfs: 8
idmap: 8
quota: 8
acls: 8
locking: 8
msdfs: 8
dmapi: 8
registry: 8
scavenger: 8
dns: 8
ldb: 8
tevent: 8
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap
open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print]
Mapped to DCERPC endpoint 135
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
inview-dc2.inview.local<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
Mapped to DCERPC endpoint 1024
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
inview-dc2.inview.local<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 207
Received smb_krb5 packet of length 1365
Received smb_krb5 packet of length 1290
Received smb_krb5 packet of length 1312
../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
229f5470-27e6-4f0f-994b-4073a5fc4dc5
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
aba489c0-92cd-4a95-ba59-04b765e37884
result : WERR_OK
lpcfg_servicenumber: couldn't find ldb
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name
inview-dc2.inview.local<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in 36000 secs
Received smb_krb5 packet of length 1290
Received smb_krb5 packet of length 1312
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
aba489c0-92cd-4a95-ba59-04b765e37884
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x0000005e (94)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000012 (18)
dn :
'dc=inview,dc=local'
source_dsa_guid :
8be331d4-be37-43d6-9593-2ea1d095d504
source_dsa_dns : NULL
options : 0x00008018 (32792)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
1: DRSUAPI_DRS_SYNC_ALL
1: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
1: DRSUAPI_DRS_FULL_SYNC_NOW
1: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_BAD_NET_RESP
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP')
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py",
line
350, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py",
line
83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Hi, Many of these syncing problems were solved in Samba 4.7 (and probably a few more in 4.8). There were a number of unresolved locking issues that we uncovered as well as some inconsistencies with Windows replication. I would try join a DC with one of the latest Samba versions and see if your problems persist. Cheers, Garming On 21/06/18 21:35, Chris Lewis via samba wrote:> Hello, > > We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) > server as a backup DC. > > The system for the most-part works OK, but occasionally the Samba DC > goes wildly out of sync (with respect to group membership), normally > after a change to a large group. > > I have noted previously before the out-of-sync event occurs, this > command always fails thus : > > > > root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 > dc=inview,dc=local --sync-all --full-sync > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", > line 350, in run > drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, > source_dsa_guid, NC, req_options) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", > line 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > > > However immediately after the out-of-sync event occurred the above > command completed with no errors. It did not solve my issue, the > groups remained out of sync. So I then put the groups back together > manually. At some point during this process of adding members back to > groups, the abovec ommand start failing again. > > > Without the --full sync the command completes OK (always): > > > root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 > dc=inview,dc=local --sync-all > Replicate from inview-dc1 to inview-dc2 was successful. > > > > This bug looks to be a similar issue: > https://bugzilla.samba.org/show_bug.cgi?id=11987 > > > Any ideas what might be going on here? > > > Thanks in advance > > > Chris Lewis > > > > > PS Here is the full debug of the failing command: > > root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local > inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync -d 8 > INFO: Current debug levels: > all: 8 > tdb: 8 > printdrivers: 8 > lanman: 8 > smb: 8 > rpc_parse: 8 > rpc_srv: 8 > rpc_cli: 8 > passdb: 8 > sam: 8 > auth: 8 > winbind: 8 > vfs: 8 > idmap: 8 > quota: 8 > acls: 8 > locking: 8 > msdfs: 8 > dmapi: 8 > registry: 8 > scavenger: 8 > dns: 8 > ldb: 8 > tevent: 8 > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > Processing section "[global]" > Processing section "[netlogon]" > Processing section "[sysvol]" > pm_process() returned Yes > Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap > open of secrets.ldb > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print] > Mapped to DCERPC endpoint 135 > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > inview-dc2.inview.local<0x20> > startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. > Error was No such file or directory > Mapped to DCERPC endpoint 1024 > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > inview-dc2.inview.local<0x20> > startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. > Error was No such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > Received smb_krb5 packet of length 207 > Received smb_krb5 packet of length 1365 > Received smb_krb5 packet of length 1290 > Received smb_krb5 packet of length 1312 > ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically sealed > ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 > drsuapi_DsBind: struct drsuapi_DsBind > in: struct drsuapi_DsBind > bind_guid : * > bind_guid : > e24d201a-4fd6-11d1-a3da-0000f875ae0d > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x0fefff7f (267386751) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 00000000-0000-0000-0000-000000000000 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 > drsuapi_DsBind: struct drsuapi_DsBind > out: struct drsuapi_DsBind > bind_info : * > bind_info: struct drsuapi_DsBindInfoCtr > length : 0x0000001c (28) > __ndr_length : 0x0000001c (28) > info : union > drsuapi_DsBindInfo(case 28) > info28: struct drsuapi_DsBindInfo28 > supported_extensions : 0x2fffff6f (805306223) > 1: DRSUAPI_SUPPORTED_EXTENSION_BASE > 1: > DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI > 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 > 1: > DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION > 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY > 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE > 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD > 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO > 1: > DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION > 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 > 1: > DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY > 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 > 1: > DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 > 1: > DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT > 0: > DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS > 1: > DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 > 0: > DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 > site_guid : > 229f5470-27e6-4f0f-994b-4073a5fc4dc5 > pid : 0x00000000 (0) > repl_epoch : 0x00000000 (0) > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > aba489c0-92cd-4a95-ba59-04b765e37884 > result : WERR_OK > lpcfg_servicenumber: couldn't find ldb > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 > netmask=255.255.255.0 > resolve_lmhosts: Attempting lmhosts lookup for name > inview-dc2.inview.local<0x20> > startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. > Error was No such file or directory > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in 36000 secs > Received smb_krb5 packet of length 1290 > Received smb_krb5 packet of length 1312 > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > in: struct drsuapi_DsReplicaSync > bind_handle : * > bind_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > aba489c0-92cd-4a95-ba59-04b765e37884 > level : 0x00000001 (1) > req : * > req : union > drsuapi_DsReplicaSyncRequest(case 1) > req1: struct drsuapi_DsReplicaSyncRequest1 > naming_context : * > naming_context: struct > drsuapi_DsReplicaObjectIdentifier > __ndr_size : 0x0000005e (94) > __ndr_size_sid : 0x00000000 (0) > guid : > 00000000-0000-0000-0000-000000000000 > sid : S-0-0 > __ndr_size_dn : 0x00000012 (18) > dn : > 'dc=inview,dc=local' > source_dsa_guid : > 8be331d4-be37-43d6-9593-2ea1d095d504 > source_dsa_dns : NULL > options : 0x00008018 (32792) > 0: DRSUAPI_DRS_ASYNC_OP > 0: DRSUAPI_DRS_GETCHG_CHECK > 0: DRSUAPI_DRS_UPDATE_NOTIFICATION > 0: DRSUAPI_DRS_ADD_REF > 1: DRSUAPI_DRS_SYNC_ALL > 1: DRSUAPI_DRS_DEL_REF > 1: DRSUAPI_DRS_WRIT_REP > 0: DRSUAPI_DRS_INIT_SYNC > 0: DRSUAPI_DRS_PER_SYNC > 0: DRSUAPI_DRS_MAIL_REP > 0: DRSUAPI_DRS_ASYNC_REP > 0: DRSUAPI_DRS_IGNORE_ERROR > 0: DRSUAPI_DRS_TWOWAY_SYNC > 0: DRSUAPI_DRS_CRITICAL_ONLY > 0: DRSUAPI_DRS_GET_ANC > 0: DRSUAPI_DRS_GET_NC_SIZE > 0: DRSUAPI_DRS_LOCAL_ONLY > 0: DRSUAPI_DRS_NONGC_RO_REP > 0: DRSUAPI_DRS_SYNC_BYNAME > 0: DRSUAPI_DRS_REF_OK > 1: DRSUAPI_DRS_FULL_SYNC_NOW > 1: DRSUAPI_DRS_NO_SOURCE > 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS > 0: DRSUAPI_DRS_FULL_SYNC_PACKET > 0: DRSUAPI_DRS_SYNC_REQUEUE > 0: DRSUAPI_DRS_SYNC_URGENT > 0: DRSUAPI_DRS_REF_GCSPN > 0: DRSUAPI_DRS_NO_DISCARD > 0: DRSUAPI_DRS_NEVER_SYNCED > 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING > 0: DRSUAPI_DRS_INIT_SYNC_NOW > 0: DRSUAPI_DRS_PREEMPTED > 0: DRSUAPI_DRS_SYNC_FORCED > 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC > 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC > 0: DRSUAPI_DRS_USE_COMPRESSION > 0: DRSUAPI_DRS_NEVER_NOTIFY > 0: DRSUAPI_DRS_SYNC_PAS > 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP > ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12 > drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync > out: struct drsuapi_DsReplicaSync > result : WERR_BAD_NET_RESP > ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - > drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", > line 350, in run > drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, > source_dsa_guid, NC, req_options) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", > line 83, in sendDsReplicaSync > raise drsException("DsReplicaSync failed %s" % estr) > > > > > > > >
Thanks Garming. We currently use a standalone bind DNS server. Will the later version of samba work without the integrated DNS backend? Cheers Chris On 21/06/18 23:41, Garming Sam wrote:> Hi, > > Many of these syncing problems were solved in Samba 4.7 (and probably a > few more in 4.8). There were a number of unresolved locking issues that > we uncovered as well as some inconsistencies with Windows replication. I > would try join a DC with one of the latest Samba versions and see if > your problems persist. > > > Cheers, > > Garming > > > On 21/06/18 21:35, Chris Lewis via samba wrote: >> Hello, >> >> We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) >> server as a backup DC. >> >> The system for the most-part works OK, but occasionally the Samba DC >> goes wildly out of sync (with respect to group membership), normally >> after a change to a large group. >> >> I have noted previously before the out-of-sync event occurs, this >> command always fails thus : >> >> >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >> dc=inview,dc=local --sync-all --full-sync >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >> line 350, in run >> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >> source_dsa_guid, NC, req_options) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >> line 83, in sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> >> >> However immediately after the out-of-sync event occurred the above >> command completed with no errors. It did not solve my issue, the >> groups remained out of sync. So I then put the groups back together >> manually. At some point during this process of adding members back to >> groups, the abovec ommand start failing again. >> >> >> Without the --full sync the command completes OK (always): >> >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >> dc=inview,dc=local --sync-all >> Replicate from inview-dc1 to inview-dc2 was successful. >> >> >> >> This bug looks to be a similar issue: >> https://bugzilla.samba.org/show_bug.cgi?id=11987 >> >> >> Any ideas what might be going on here? >> >> >> Thanks in advance >> >> >> Chris Lewis >> >> >> >> >> PS Here is the full debug of the failing command: >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local >> inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync -d 8 >> INFO: Current debug levels: >> all: 8 >> tdb: 8 >> printdrivers: 8 >> lanman: 8 >> smb: 8 >> rpc_parse: 8 >> rpc_srv: 8 >> rpc_cli: 8 >> passdb: 8 >> sam: 8 >> auth: 8 >> winbind: 8 >> vfs: 8 >> idmap: 8 >> quota: 8 >> acls: 8 >> locking: 8 >> msdfs: 8 >> dmapi: 8 >> registry: 8 >> scavenger: 8 >> dns: 8 >> ldb: 8 >> tevent: 8 >> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >> Processing section "[global]" >> Processing section "[netlogon]" >> Processing section "[sysvol]" >> pm_process() returned Yes >> Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap >> open of secrets.ldb >> GENSEC backend 'gssapi_spnego' registered >> GENSEC backend 'gssapi_krb5' registered >> GENSEC backend 'gssapi_krb5_sasl' registered >> GENSEC backend 'spnego' registered >> GENSEC backend 'schannel' registered >> GENSEC backend 'naclrpc_as_system' registered >> GENSEC backend 'sasl-EXTERNAL' registered >> GENSEC backend 'ntlmssp' registered >> GENSEC backend 'ntlmssp_resume_ccache' registered >> GENSEC backend 'http_basic' registered >> GENSEC backend 'http_ntlm' registered >> GENSEC backend 'krb5' registered >> GENSEC backend 'fake_gssapi_krb5' registered >> Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print] >> Mapped to DCERPC endpoint 135 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Mapped to DCERPC endpoint 1024 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Starting GENSEC mechanism spnego >> Starting GENSEC submechanism gssapi_krb5 >> Received smb_krb5 packet of length 207 >> Received smb_krb5 packet of length 1365 >> Received smb_krb5 packet of length 1290 >> Received smb_krb5 packet of length 1312 >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> gensec_gssapi: NO credentials were delegated >> GSSAPI Connection will be cryptographically sealed >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> drsuapi_DsBind: struct drsuapi_DsBind >> in: struct drsuapi_DsBind >> bind_guid : * >> bind_guid : >> e24d201a-4fd6-11d1-a3da-0000f875ae0d >> bind_info : * >> bind_info: struct drsuapi_DsBindInfoCtr >> length : 0x0000001c (28) >> __ndr_length : 0x0000001c (28) >> info : union >> drsuapi_DsBindInfo(case 28) >> info28: struct drsuapi_DsBindInfo28 >> supported_extensions : 0x0fefff7f (267386751) >> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >> site_guid : >> 00000000-0000-0000-0000-000000000000 >> pid : 0x00000000 (0) >> repl_epoch : 0x00000000 (0) >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> drsuapi_DsBind: struct drsuapi_DsBind >> out: struct drsuapi_DsBind >> bind_info : * >> bind_info: struct drsuapi_DsBindInfoCtr >> length : 0x0000001c (28) >> __ndr_length : 0x0000001c (28) >> info : union >> drsuapi_DsBindInfo(case 28) >> info28: struct drsuapi_DsBindInfo28 >> supported_extensions : 0x2fffff6f (805306223) >> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >> site_guid : >> 229f5470-27e6-4f0f-994b-4073a5fc4dc5 >> pid : 0x00000000 (0) >> repl_epoch : 0x00000000 (0) >> bind_handle : * >> bind_handle: struct policy_handle >> handle_type : 0x00000000 (0) >> uuid : >> aba489c0-92cd-4a95-ba59-04b765e37884 >> result : WERR_OK >> lpcfg_servicenumber: couldn't find ldb >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Starting GENSEC mechanism spnego >> Starting GENSEC submechanism gssapi_krb5 >> GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in 36000 secs >> Received smb_krb5 packet of length 1290 >> Received smb_krb5 packet of length 1312 >> gensec_gssapi: NO credentials were delegated >> GSSAPI Connection will be cryptographically signed >> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >> in: struct drsuapi_DsReplicaSync >> bind_handle : * >> bind_handle: struct policy_handle >> handle_type : 0x00000000 (0) >> uuid : >> aba489c0-92cd-4a95-ba59-04b765e37884 >> level : 0x00000001 (1) >> req : * >> req : union >> drsuapi_DsReplicaSyncRequest(case 1) >> req1: struct drsuapi_DsReplicaSyncRequest1 >> naming_context : * >> naming_context: struct >> drsuapi_DsReplicaObjectIdentifier >> __ndr_size : 0x0000005e (94) >> __ndr_size_sid : 0x00000000 (0) >> guid : >> 00000000-0000-0000-0000-000000000000 >> sid : S-0-0 >> __ndr_size_dn : 0x00000012 (18) >> dn : >> 'dc=inview,dc=local' >> source_dsa_guid : >> 8be331d4-be37-43d6-9593-2ea1d095d504 >> source_dsa_dns : NULL >> options : 0x00008018 (32792) >> 0: DRSUAPI_DRS_ASYNC_OP >> 0: DRSUAPI_DRS_GETCHG_CHECK >> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION >> 0: DRSUAPI_DRS_ADD_REF >> 1: DRSUAPI_DRS_SYNC_ALL >> 1: DRSUAPI_DRS_DEL_REF >> 1: DRSUAPI_DRS_WRIT_REP >> 0: DRSUAPI_DRS_INIT_SYNC >> 0: DRSUAPI_DRS_PER_SYNC >> 0: DRSUAPI_DRS_MAIL_REP >> 0: DRSUAPI_DRS_ASYNC_REP >> 0: DRSUAPI_DRS_IGNORE_ERROR >> 0: DRSUAPI_DRS_TWOWAY_SYNC >> 0: DRSUAPI_DRS_CRITICAL_ONLY >> 0: DRSUAPI_DRS_GET_ANC >> 0: DRSUAPI_DRS_GET_NC_SIZE >> 0: DRSUAPI_DRS_LOCAL_ONLY >> 0: DRSUAPI_DRS_NONGC_RO_REP >> 0: DRSUAPI_DRS_SYNC_BYNAME >> 0: DRSUAPI_DRS_REF_OK >> 1: DRSUAPI_DRS_FULL_SYNC_NOW >> 1: DRSUAPI_DRS_NO_SOURCE >> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS >> 0: DRSUAPI_DRS_FULL_SYNC_PACKET >> 0: DRSUAPI_DRS_SYNC_REQUEUE >> 0: DRSUAPI_DRS_SYNC_URGENT >> 0: DRSUAPI_DRS_REF_GCSPN >> 0: DRSUAPI_DRS_NO_DISCARD >> 0: DRSUAPI_DRS_NEVER_SYNCED >> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING >> 0: DRSUAPI_DRS_INIT_SYNC_NOW >> 0: DRSUAPI_DRS_PREEMPTED >> 0: DRSUAPI_DRS_SYNC_FORCED >> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC >> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC >> 0: DRSUAPI_DRS_USE_COMPRESSION >> 0: DRSUAPI_DRS_NEVER_NOTIFY >> 0: DRSUAPI_DRS_SYNC_PAS >> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12 >> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >> out: struct drsuapi_DsReplicaSync >> result : WERR_BAD_NET_RESP >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >> line 350, in run >> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >> source_dsa_guid, NC, req_options) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >> line 83, in sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> >> >> >> >> >> >>-- Chris Lewis Systems Administrator Inview Technology Ltd. T: +44 (0) 1606 812500 M: +44 (0) 7980 446907