Thanks Garming. We currently use a standalone bind DNS server. Will the later version of samba work without the integrated DNS backend? Cheers Chris On 21/06/18 23:41, Garming Sam wrote:> Hi, > > Many of these syncing problems were solved in Samba 4.7 (and probably a > few more in 4.8). There were a number of unresolved locking issues that > we uncovered as well as some inconsistencies with Windows replication. I > would try join a DC with one of the latest Samba versions and see if > your problems persist. > > > Cheers, > > Garming > > > On 21/06/18 21:35, Chris Lewis via samba wrote: >> Hello, >> >> We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) >> server as a backup DC. >> >> The system for the most-part works OK, but occasionally the Samba DC >> goes wildly out of sync (with respect to group membership), normally >> after a change to a large group. >> >> I have noted previously before the out-of-sync event occurs, this >> command always fails thus : >> >> >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >> dc=inview,dc=local --sync-all --full-sync >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >> line 350, in run >> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >> source_dsa_guid, NC, req_options) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >> line 83, in sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> >> >> However immediately after the out-of-sync event occurred the above >> command completed with no errors. It did not solve my issue, the >> groups remained out of sync. So I then put the groups back together >> manually. At some point during this process of adding members back to >> groups, the abovec ommand start failing again. >> >> >> Without the --full sync the command completes OK (always): >> >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >> dc=inview,dc=local --sync-all >> Replicate from inview-dc1 to inview-dc2 was successful. >> >> >> >> This bug looks to be a similar issue: >> https://bugzilla.samba.org/show_bug.cgi?id=11987 >> >> >> Any ideas what might be going on here? >> >> >> Thanks in advance >> >> >> Chris Lewis >> >> >> >> >> PS Here is the full debug of the failing command: >> >> root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local >> inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync -d 8 >> INFO: Current debug levels: >> all: 8 >> tdb: 8 >> printdrivers: 8 >> lanman: 8 >> smb: 8 >> rpc_parse: 8 >> rpc_srv: 8 >> rpc_cli: 8 >> passdb: 8 >> sam: 8 >> auth: 8 >> winbind: 8 >> vfs: 8 >> idmap: 8 >> quota: 8 >> acls: 8 >> locking: 8 >> msdfs: 8 >> dmapi: 8 >> registry: 8 >> scavenger: 8 >> dns: 8 >> ldb: 8 >> tevent: 8 >> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >> Processing section "[global]" >> Processing section "[netlogon]" >> Processing section "[sysvol]" >> pm_process() returned Yes >> Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap >> open of secrets.ldb >> GENSEC backend 'gssapi_spnego' registered >> GENSEC backend 'gssapi_krb5' registered >> GENSEC backend 'gssapi_krb5_sasl' registered >> GENSEC backend 'spnego' registered >> GENSEC backend 'schannel' registered >> GENSEC backend 'naclrpc_as_system' registered >> GENSEC backend 'sasl-EXTERNAL' registered >> GENSEC backend 'ntlmssp' registered >> GENSEC backend 'ntlmssp_resume_ccache' registered >> GENSEC backend 'http_basic' registered >> GENSEC backend 'http_ntlm' registered >> GENSEC backend 'krb5' registered >> GENSEC backend 'fake_gssapi_krb5' registered >> Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print] >> Mapped to DCERPC endpoint 135 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Mapped to DCERPC endpoint 1024 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Starting GENSEC mechanism spnego >> Starting GENSEC submechanism gssapi_krb5 >> Received smb_krb5 packet of length 207 >> Received smb_krb5 packet of length 1365 >> Received smb_krb5 packet of length 1290 >> Received smb_krb5 packet of length 1312 >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> gensec_gssapi: NO credentials were delegated >> GSSAPI Connection will be cryptographically sealed >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> drsuapi_DsBind: struct drsuapi_DsBind >> in: struct drsuapi_DsBind >> bind_guid : * >> bind_guid : >> e24d201a-4fd6-11d1-a3da-0000f875ae0d >> bind_info : * >> bind_info: struct drsuapi_DsBindInfoCtr >> length : 0x0000001c (28) >> __ndr_length : 0x0000001c (28) >> info : union >> drsuapi_DsBindInfo(case 28) >> info28: struct drsuapi_DsBindInfo28 >> supported_extensions : 0x0fefff7f (267386751) >> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >> site_guid : >> 00000000-0000-0000-0000-000000000000 >> pid : 0x00000000 (0) >> repl_epoch : 0x00000000 (0) >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >> drsuapi_DsBind: struct drsuapi_DsBind >> out: struct drsuapi_DsBind >> bind_info : * >> bind_info: struct drsuapi_DsBindInfoCtr >> length : 0x0000001c (28) >> __ndr_length : 0x0000001c (28) >> info : union >> drsuapi_DsBindInfo(case 28) >> info28: struct drsuapi_DsBindInfo28 >> supported_extensions : 0x2fffff6f (805306223) >> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >> 1: >> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >> 0: >> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >> site_guid : >> 229f5470-27e6-4f0f-994b-4073a5fc4dc5 >> pid : 0x00000000 (0) >> repl_epoch : 0x00000000 (0) >> bind_handle : * >> bind_handle: struct policy_handle >> handle_type : 0x00000000 (0) >> uuid : >> aba489c0-92cd-4a95-ba59-04b765e37884 >> result : WERR_OK >> lpcfg_servicenumber: couldn't find ldb >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >> netmask=255.255.255.0 >> resolve_lmhosts: Attempting lmhosts lookup for name >> inview-dc2.inview.local<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >> Error was No such file or directory >> Starting GENSEC mechanism spnego >> Starting GENSEC submechanism gssapi_krb5 >> GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in 36000 secs >> Received smb_krb5 packet of length 1290 >> Received smb_krb5 packet of length 1312 >> gensec_gssapi: NO credentials were delegated >> GSSAPI Connection will be cryptographically signed >> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >> in: struct drsuapi_DsReplicaSync >> bind_handle : * >> bind_handle: struct policy_handle >> handle_type : 0x00000000 (0) >> uuid : >> aba489c0-92cd-4a95-ba59-04b765e37884 >> level : 0x00000001 (1) >> req : * >> req : union >> drsuapi_DsReplicaSyncRequest(case 1) >> req1: struct drsuapi_DsReplicaSyncRequest1 >> naming_context : * >> naming_context: struct >> drsuapi_DsReplicaObjectIdentifier >> __ndr_size : 0x0000005e (94) >> __ndr_size_sid : 0x00000000 (0) >> guid : >> 00000000-0000-0000-0000-000000000000 >> sid : S-0-0 >> __ndr_size_dn : 0x00000012 (18) >> dn : >> 'dc=inview,dc=local' >> source_dsa_guid : >> 8be331d4-be37-43d6-9593-2ea1d095d504 >> source_dsa_dns : NULL >> options : 0x00008018 (32792) >> 0: DRSUAPI_DRS_ASYNC_OP >> 0: DRSUAPI_DRS_GETCHG_CHECK >> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION >> 0: DRSUAPI_DRS_ADD_REF >> 1: DRSUAPI_DRS_SYNC_ALL >> 1: DRSUAPI_DRS_DEL_REF >> 1: DRSUAPI_DRS_WRIT_REP >> 0: DRSUAPI_DRS_INIT_SYNC >> 0: DRSUAPI_DRS_PER_SYNC >> 0: DRSUAPI_DRS_MAIL_REP >> 0: DRSUAPI_DRS_ASYNC_REP >> 0: DRSUAPI_DRS_IGNORE_ERROR >> 0: DRSUAPI_DRS_TWOWAY_SYNC >> 0: DRSUAPI_DRS_CRITICAL_ONLY >> 0: DRSUAPI_DRS_GET_ANC >> 0: DRSUAPI_DRS_GET_NC_SIZE >> 0: DRSUAPI_DRS_LOCAL_ONLY >> 0: DRSUAPI_DRS_NONGC_RO_REP >> 0: DRSUAPI_DRS_SYNC_BYNAME >> 0: DRSUAPI_DRS_REF_OK >> 1: DRSUAPI_DRS_FULL_SYNC_NOW >> 1: DRSUAPI_DRS_NO_SOURCE >> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS >> 0: DRSUAPI_DRS_FULL_SYNC_PACKET >> 0: DRSUAPI_DRS_SYNC_REQUEUE >> 0: DRSUAPI_DRS_SYNC_URGENT >> 0: DRSUAPI_DRS_REF_GCSPN >> 0: DRSUAPI_DRS_NO_DISCARD >> 0: DRSUAPI_DRS_NEVER_SYNCED >> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING >> 0: DRSUAPI_DRS_INIT_SYNC_NOW >> 0: DRSUAPI_DRS_PREEMPTED >> 0: DRSUAPI_DRS_SYNC_FORCED >> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC >> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC >> 0: DRSUAPI_DRS_USE_COMPRESSION >> 0: DRSUAPI_DRS_NEVER_NOTIFY >> 0: DRSUAPI_DRS_SYNC_PAS >> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12 >> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >> out: struct drsuapi_DsReplicaSync >> result : WERR_BAD_NET_RESP >> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >> line 350, in run >> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >> source_dsa_guid, NC, req_options) >> File >> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >> line 83, in sendDsReplicaSync >> raise drsException("DsReplicaSync failed %s" % estr) >> >> >> >> >> >> >> >>-- Chris Lewis Systems Administrator Inview Technology Ltd. T: +44 (0) 1606 812500 M: +44 (0) 7980 446907
Vinicius Bones Silva
2018-Jul-02 16:39 UTC
[Samba] WERR_BAD_NET_RESP on replication (--full-sync)
What does the WERR_BAD_NET_RESP means? I'm currently upgrading our DCs to 4.8.3 and I've noticed that the off-site DC has a sync problem of the CN=Configuration NC. The FSMO DC is still in the 4.5.5, but all other DCs, including the off-site are already on 4.8.3. Trying to sync the off-site DC with one of the updated DCs does not work either. The WERR_BAD_NET_RESP message already happened under the older version, but I've not seen an impact yet. Att, Vinicius; Em 22/06/2018 10:12, Chris Lewis via samba escreveu:> Thanks Garming. > > We currently use a standalone bind DNS server. Will the later version of samba work > without the integrated DNS backend? > > Cheers > > Chris > > > > On 21/06/18 23:41, Garming Sam wrote: >> Hi, >> >> Many of these syncing problems were solved in Samba 4.7 (and probably a >> few more in 4.8). There were a number of unresolved locking issues that >> we uncovered as well as some inconsistencies with Windows replication. I >> would try join a DC with one of the latest Samba versions and see if >> your problems persist. >> >> >> Cheers, >> >> Garming >> >> >> On 21/06/18 21:35, Chris Lewis via samba wrote: >>> Hello, >>> >>> We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) >>> server as a backup DC. >>> >>> The system for the most-part works OK, but occasionally the Samba DC >>> goes wildly out of sync (with respect to group membership), normally >>> after a change to a large group. >>> >>> I have noted previously before the out-of-sync event occurs, this >>> command always fails thus : >>> >>> >>> >>> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >>> dc=inview,dc=local --sync-all --full-sync >>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >>> File >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >>> line 350, in run >>> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >>> source_dsa_guid, NC, req_options) >>> File >>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >>> line 83, in sendDsReplicaSync >>> raise drsException("DsReplicaSync failed %s" % estr) >>> >>> >>> >>> However immediately after the out-of-sync event occurred the above >>> command completed with no errors. It did not solve my issue, the >>> groups remained out of sync. So I then put the groups back together >>> manually. At some point during this process of adding members back to >>> groups, the abovec ommand start failing again. >>> >>> >>> Without the --full sync the command completes OK (always): >>> >>> >>> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >>> dc=inview,dc=local --sync-all >>> Replicate from inview-dc1 to inview-dc2 was successful. >>> >>> >>> >>> This bug looks to be a similar issue: >>> https://bugzilla.samba.org/show_bug.cgi?id=11987 >>> >>> >>> Any ideas what might be going on here? >>> >>> >>> Thanks in advance >>> >>> >>> Chris Lewis >>> >>> >>> >>> >>> PS Here is the full debug of the failing command: >>> >>> root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local >>> inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync -d 8 >>> INFO: Current debug levels: >>> all: 8 >>> tdb: 8 >>> printdrivers: 8 >>> lanman: 8 >>> smb: 8 >>> rpc_parse: 8 >>> rpc_srv: 8 >>> rpc_cli: 8 >>> passdb: 8 >>> sam: 8 >>> auth: 8 >>> winbind: 8 >>> vfs: 8 >>> idmap: 8 >>> quota: 8 >>> acls: 8 >>> locking: 8 >>> msdfs: 8 >>> dmapi: 8 >>> registry: 8 >>> scavenger: 8 >>> dns: 8 >>> ldb: 8 >>> tevent: 8 >>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >>> Processing section "[global]" >>> Processing section "[netlogon]" >>> Processing section "[sysvol]" >>> pm_process() returned Yes >>> Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap >>> open of secrets.ldb >>> GENSEC backend 'gssapi_spnego' registered >>> GENSEC backend 'gssapi_krb5' registered >>> GENSEC backend 'gssapi_krb5_sasl' registered >>> GENSEC backend 'spnego' registered >>> GENSEC backend 'schannel' registered >>> GENSEC backend 'naclrpc_as_system' registered >>> GENSEC backend 'sasl-EXTERNAL' registered >>> GENSEC backend 'ntlmssp' registered >>> GENSEC backend 'ntlmssp_resume_ccache' registered >>> GENSEC backend 'http_basic' registered >>> GENSEC backend 'http_ntlm' registered >>> GENSEC backend 'krb5' registered >>> GENSEC backend 'fake_gssapi_krb5' registered >>> Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print] >>> Mapped to DCERPC endpoint 135 >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> resolve_lmhosts: Attempting lmhosts lookup for name >>> inview-dc2.inview.local<0x20> >>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>> Error was No such file or directory >>> Mapped to DCERPC endpoint 1024 >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> resolve_lmhosts: Attempting lmhosts lookup for name >>> inview-dc2.inview.local<0x20> >>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>> Error was No such file or directory >>> Starting GENSEC mechanism spnego >>> Starting GENSEC submechanism gssapi_krb5 >>> Received smb_krb5 packet of length 207 >>> Received smb_krb5 packet of length 1365 >>> Received smb_krb5 packet of length 1290 >>> Received smb_krb5 packet of length 1312 >>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>> gensec_gssapi: NO credentials were delegated >>> GSSAPI Connection will be cryptographically sealed >>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>> drsuapi_DsBind: struct drsuapi_DsBind >>> in: struct drsuapi_DsBind >>> bind_guid : * >>> bind_guid : >>> e24d201a-4fd6-11d1-a3da-0000f875ae0d >>> bind_info : * >>> bind_info: struct drsuapi_DsBindInfoCtr >>> length : 0x0000001c (28) >>> __ndr_length : 0x0000001c (28) >>> info : union >>> drsuapi_DsBindInfo(case 28) >>> info28: struct drsuapi_DsBindInfo28 >>> supported_extensions : 0x0fefff7f (267386751) >>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >>> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >>> site_guid : >>> 00000000-0000-0000-0000-000000000000 >>> pid : 0x00000000 (0) >>> repl_epoch : 0x00000000 (0) >>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>> drsuapi_DsBind: struct drsuapi_DsBind >>> out: struct drsuapi_DsBind >>> bind_info : * >>> bind_info: struct drsuapi_DsBindInfoCtr >>> length : 0x0000001c (28) >>> __ndr_length : 0x0000001c (28) >>> info : union >>> drsuapi_DsBindInfo(case 28) >>> info28: struct drsuapi_DsBindInfo28 >>> supported_extensions : 0x2fffff6f (805306223) >>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>> 1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>> 0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >>> 1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>> 1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>> 1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>> 1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>> 1: >>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >>> 0: >>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >>> site_guid : >>> 229f5470-27e6-4f0f-994b-4073a5fc4dc5 >>> pid : 0x00000000 (0) >>> repl_epoch : 0x00000000 (0) >>> bind_handle : * >>> bind_handle: struct policy_handle >>> handle_type : 0x00000000 (0) >>> uuid : >>> aba489c0-92cd-4a95-ba59-04b765e37884 >>> result : WERR_OK >>> lpcfg_servicenumber: couldn't find ldb >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>> netmask=255.255.255.0 >>> resolve_lmhosts: Attempting lmhosts lookup for name >>> inview-dc2.inview.local<0x20> >>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>> Error was No such file or directory >>> Starting GENSEC mechanism spnego >>> Starting GENSEC submechanism gssapi_krb5 >>> GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in 36000 secs >>> Received smb_krb5 packet of length 1290 >>> Received smb_krb5 packet of length 1312 >>> gensec_gssapi: NO credentials were delegated >>> GSSAPI Connection will be cryptographically signed >>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>> in: struct drsuapi_DsReplicaSync >>> bind_handle : * >>> bind_handle: struct policy_handle >>> handle_type : 0x00000000 (0) >>> uuid : >>> aba489c0-92cd-4a95-ba59-04b765e37884 >>> level : 0x00000001 (1) >>> req : * >>> req : union >>> drsuapi_DsReplicaSyncRequest(case 1) >>> req1: struct drsuapi_DsReplicaSyncRequest1 >>> naming_context : * >>> naming_context: struct >>> drsuapi_DsReplicaObjectIdentifier >>> __ndr_size : 0x0000005e (94) >>> __ndr_size_sid : 0x00000000 (0) >>> guid : >>> 00000000-0000-0000-0000-000000000000 >>> sid : S-0-0 >>> __ndr_size_dn : 0x00000012 (18) >>> dn : >>> 'dc=inview,dc=local' >>> source_dsa_guid : >>> 8be331d4-be37-43d6-9593-2ea1d095d504 >>> source_dsa_dns : NULL >>> options : 0x00008018 (32792)>>> 0: DRSUAPI_DRS_ASYNC_OP >>> 0: DRSUAPI_DRS_GETCHG_CHECK >>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION >>> 0: DRSUAPI_DRS_ADD_REF >>> 1: DRSUAPI_DRS_SYNC_ALL >>> 1: DRSUAPI_DRS_DEL_REF >>> 1: DRSUAPI_DRS_WRIT_REP >>> 0: DRSUAPI_DRS_INIT_SYNC >>> 0: DRSUAPI_DRS_PER_SYNC >>> 0: DRSUAPI_DRS_MAIL_REP >>> 0: DRSUAPI_DRS_ASYNC_REP >>> 0: DRSUAPI_DRS_IGNORE_ERROR >>> 0: DRSUAPI_DRS_TWOWAY_SYNC >>> 0: DRSUAPI_DRS_CRITICAL_ONLY >>> 0: DRSUAPI_DRS_GET_ANC >>> 0: DRSUAPI_DRS_GET_NC_SIZE >>> 0: DRSUAPI_DRS_LOCAL_ONLY >>> 0: DRSUAPI_DRS_NONGC_RO_REP >>> 0: DRSUAPI_DRS_SYNC_BYNAME >>> 0: DRSUAPI_DRS_REF_OK >>> 1: DRSUAPI_DRS_FULL_SYNC_NOW >>> 1: DRSUAPI_DRS_NO_SOURCE >>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS >>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET >>> 0: DRSUAPI_DRS_SYNC_REQUEUE >>> 0: DRSUAPI_DRS_SYNC_URGENT >>> 0: DRSUAPI_DRS_REF_GCSPN >>> 0: DRSUAPI_DRS_NO_DISCARD >>> 0: DRSUAPI_DRS_NEVER_SYNCED >>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING >>> 0: DRSUAPI_DRS_INIT_SYNC_NOW >>> 0: DRSUAPI_DRS_PREEMPTED >>> 0: DRSUAPI_DRS_SYNC_FORCED >>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC >>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC >>> 0: DRSUAPI_DRS_USE_COMPRESSION >>> 0: DRSUAPI_DRS_NEVER_NOTIFY >>> 0: DRSUAPI_DRS_SYNC_PAS >>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12 >>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>> out: struct drsuapi_DsReplicaSync >>> result : WERR_BAD_NET_RESP >>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >>> File >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >>> line 350, in run >>> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >>> source_dsa_guid, NC, req_options) >>> File >>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >>> line 83, in sendDsReplicaSync >>> raise drsException("DsReplicaSync failed %s" % estr) >>> >>> >>> >>> >>> >>> >>> >>> >-- Vinicius Silva SOC,PCNSE <https://www.certmetrics.com/paloaltonetworks/public/badge.aspx?t=c&d=2018-05-02&i=12&ci=PAN00158552> BRA: + 55 51 2117.1000 | 55 11 5521.2021 USA: + 1 888 259.5801 soc at e-trust.com.br skype: vinicius.bones.silva Smiley face www.e-trust.com.br <http://www.e-trust.com.br/> Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou informações contidas nesta mensagem não necessariamente refletem a posição oficial da E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br. This message may contain privileged and confidential information for the use of the intended recipients only. If you are not an intended recipient then you should not disseminate, copy, or take any action based on its contents. If you have received this message in error then please notify E-TRUST by sending an e-mail message to suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not necessarily reflect the position of E-TRUST. If this message is digitally signed, its authenticity can be confirmed by E-TRUST Private Certificate Authority, available at www.e-trust.com.br.
I've been on leave, so sorry about a late reply. It usually means some form of database consistency issue. Upgrading directly can often fail to fix issues like these, and so rejoining and resyncing is often the best choice (assuming that there are no objects stuck on the DC you're about to wipe -- you can check this with samba-tool ldapcmp normally, but if you're fine with the objects stored on the other DCs then you may even be able to skip that). Hope this might be helpful anyways. Cheers, Garming On 03/07/18 04:39, Vinicius Bones Silva via samba wrote:> What does the WERR_BAD_NET_RESP means? I'm currently upgrading our DCs > to 4.8.3 and I've noticed that the off-site DC has a sync problem of > the CN=Configuration NC. > > The FSMO DC is still in the 4.5.5, but all other DCs, including the > off-site are already on 4.8.3. Trying to sync the off-site DC with one > of the updated DCs does not work either. > > The WERR_BAD_NET_RESP message already happened under the older > version, but I've not seen an impact yet. > > Att, > Vinicius; > > Em 22/06/2018 10:12, Chris Lewis via samba escreveu: >> Thanks Garming. >> >> We currently use a standalone bind DNS server. Will the later version >> of samba work without the integrated DNS backend? >> >> Cheers >> >> Chris >> >> >> >> On 21/06/18 23:41, Garming Sam wrote: >>> Hi, >>> >>> Many of these syncing problems were solved in Samba 4.7 (and probably a >>> few more in 4.8). There were a number of unresolved locking issues that >>> we uncovered as well as some inconsistencies with Windows >>> replication. I >>> would try join a DC with one of the latest Samba versions and see if >>> your problems persist. >>> >>> >>> Cheers, >>> >>> Garming >>> >>> >>> On 21/06/18 21:35, Chris Lewis via samba wrote: >>>> Hello, >>>> >>>> We have a Windows 2008 DC (inview-dc1 and a samba 4.4.16 (inview-dc2) >>>> server as a backup DC. >>>> >>>> The system for the most-part works OK, but occasionally the Samba DC >>>> goes wildly out of sync (with respect to group membership), normally >>>> after a change to a large group. >>>> >>>> I have noted previously before the out-of-sync event occurs, this >>>> command always fails thus : >>>> >>>> >>>> >>>> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >>>> dc=inview,dc=local --sync-all --full-sync >>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >>>> File >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >>>> line 350, in run >>>> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >>>> source_dsa_guid, NC, req_options) >>>> File >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >>>> line 83, in sendDsReplicaSync >>>> raise drsException("DsReplicaSync failed %s" % estr) >>>> >>>> >>>> >>>> However immediately after the out-of-sync event occurred the above >>>> command completed with no errors. It did not solve my issue, the >>>> groups remained out of sync. So I then put the groups back together >>>> manually. At some point during this process of adding members back to >>>> groups, the abovec ommand start failing again. >>>> >>>> >>>> Without the --full sync the command completes OK (always): >>>> >>>> >>>> root at inview-dc2:~# samba-tool drs replicate inview-dc2 inview-dc1 >>>> dc=inview,dc=local --sync-all >>>> Replicate from inview-dc1 to inview-dc2 was successful. >>>> >>>> >>>> >>>> This bug looks to be a similar issue: >>>> https://bugzilla.samba.org/show_bug.cgi?id=11987 >>>> >>>> >>>> Any ideas what might be going on here? >>>> >>>> >>>> Thanks in advance >>>> >>>> >>>> Chris Lewis >>>> >>>> >>>> >>>> >>>> PS Here is the full debug of the failing command: >>>> >>>> root at inview-dc2:~# samba-tool drs replicate inview-dc2.inview.local >>>> inview-dc1.inview.local dc=inview,dc=local --sync-all --full-sync >>>> -d 8 >>>> INFO: Current debug levels: >>>> all: 8 >>>> tdb: 8 >>>> printdrivers: 8 >>>> lanman: 8 >>>> smb: 8 >>>> rpc_parse: 8 >>>> rpc_srv: 8 >>>> rpc_cli: 8 >>>> passdb: 8 >>>> sam: 8 >>>> auth: 8 >>>> winbind: 8 >>>> vfs: 8 >>>> idmap: 8 >>>> quota: 8 >>>> acls: 8 >>>> locking: 8 >>>> msdfs: 8 >>>> dmapi: 8 >>>> registry: 8 >>>> scavenger: 8 >>>> dns: 8 >>>> ldb: 8 >>>> tevent: 8 >>>> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf >>>> Processing section "[global]" >>>> Processing section "[netlogon]" >>>> Processing section "[sysvol]" >>>> pm_process() returned Yes >>>> Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap >>>> open of secrets.ldb >>>> GENSEC backend 'gssapi_spnego' registered >>>> GENSEC backend 'gssapi_krb5' registered >>>> GENSEC backend 'gssapi_krb5_sasl' registered >>>> GENSEC backend 'spnego' registered >>>> GENSEC backend 'schannel' registered >>>> GENSEC backend 'naclrpc_as_system' registered >>>> GENSEC backend 'sasl-EXTERNAL' registered >>>> GENSEC backend 'ntlmssp' registered >>>> GENSEC backend 'ntlmssp_resume_ccache' registered >>>> GENSEC backend 'http_basic' registered >>>> GENSEC backend 'http_ntlm' registered >>>> GENSEC backend 'krb5' registered >>>> GENSEC backend 'fake_gssapi_krb5' registered >>>> Using binding ncacn_ip_tcp:inview-dc2.inview.local[,seal,print] >>>> Mapped to DCERPC endpoint 135 >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>> inview-dc2.inview.local<0x20> >>>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>>> Error was No such file or directory >>>> Mapped to DCERPC endpoint 1024 >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>> inview-dc2.inview.local<0x20> >>>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>>> Error was No such file or directory >>>> Starting GENSEC mechanism spnego >>>> Starting GENSEC submechanism gssapi_krb5 >>>> Received smb_krb5 packet of length 207 >>>> Received smb_krb5 packet of length 1365 >>>> Received smb_krb5 packet of length 1290 >>>> Received smb_krb5 packet of length 1312 >>>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>>> gensec_gssapi: NO credentials were delegated >>>> GSSAPI Connection will be cryptographically sealed >>>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>>> drsuapi_DsBind: struct drsuapi_DsBind >>>> in: struct drsuapi_DsBind >>>> bind_guid : * >>>> bind_guid : >>>> e24d201a-4fd6-11d1-a3da-0000f875ae0d >>>> bind_info : * >>>> bind_info: struct drsuapi_DsBindInfoCtr >>>> length : 0x0000001c (28) >>>> __ndr_length : 0x0000001c (28) >>>> info : union >>>> drsuapi_DsBindInfo(case 28) >>>> info28: struct drsuapi_DsBindInfo28 >>>> supported_extensions : 0x0fefff7f >>>> (267386751) >>>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >>>> site_guid : >>>> 00000000-0000-0000-0000-000000000000 >>>> pid : 0x00000000 (0) >>>> repl_epoch : 0x00000000 (0) >>>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 0 >>>> drsuapi_DsBind: struct drsuapi_DsBind >>>> out: struct drsuapi_DsBind >>>> bind_info : * >>>> bind_info: struct drsuapi_DsBindInfoCtr >>>> length : 0x0000001c (28) >>>> __ndr_length : 0x0000001c (28) >>>> info : union >>>> drsuapi_DsBindInfo(case 28) >>>> info28: struct drsuapi_DsBindInfo28 >>>> supported_extensions : 0x2fffff6f >>>> (805306223) >>>> 1: DRSUAPI_SUPPORTED_EXTENSION_BASE >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7 >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS >>>> 1: >>>> DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2 >>>> 0: >>>> DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3 >>>> site_guid : >>>> 229f5470-27e6-4f0f-994b-4073a5fc4dc5 >>>> pid : 0x00000000 (0) >>>> repl_epoch : 0x00000000 (0) >>>> bind_handle : * >>>> bind_handle: struct policy_handle >>>> handle_type : 0x00000000 (0) >>>> uuid : >>>> aba489c0-92cd-4a95-ba59-04b765e37884 >>>> result : WERR_OK >>>> lpcfg_servicenumber: couldn't find ldb >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> added interface eth0 ip=10.1.100.30 bcast=10.1.100.255 >>>> netmask=255.255.255.0 >>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>> inview-dc2.inview.local<0x20> >>>> startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts. >>>> Error was No such file or directory >>>> Starting GENSEC mechanism spnego >>>> Starting GENSEC submechanism gssapi_krb5 >>>> GSSAPI credentials for INVIEW-DC2$@INVIEW.LOCAL will expire in >>>> 36000 secs >>>> Received smb_krb5 packet of length 1290 >>>> Received smb_krb5 packet of length 1312 >>>> gensec_gssapi: NO credentials were delegated >>>> GSSAPI Connection will be cryptographically signed >>>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>>> in: struct drsuapi_DsReplicaSync >>>> bind_handle : * >>>> bind_handle: struct policy_handle >>>> handle_type : 0x00000000 (0) >>>> uuid : >>>> aba489c0-92cd-4a95-ba59-04b765e37884 >>>> level : 0x00000001 (1) >>>> req : * >>>> req : union >>>> drsuapi_DsReplicaSyncRequest(case 1) >>>> req1: struct drsuapi_DsReplicaSyncRequest1 >>>> naming_context : * >>>> naming_context: struct >>>> drsuapi_DsReplicaObjectIdentifier >>>> __ndr_size : 0x0000005e >>>> (94) >>>> __ndr_size_sid : 0x00000000 (0) >>>> guid : >>>> 00000000-0000-0000-0000-000000000000 >>>> sid : S-0-0 >>>> __ndr_size_dn : 0x00000012 >>>> (18) >>>> dn : >>>> 'dc=inview,dc=local' >>>> source_dsa_guid : >>>> 8be331d4-be37-43d6-9593-2ea1d095d504 >>>> source_dsa_dns : NULL >>>> options : 0x00008018 (32792) > >>>> 0: DRSUAPI_DRS_ASYNC_OP >>>> 0: DRSUAPI_DRS_GETCHG_CHECK >>>> 0: DRSUAPI_DRS_UPDATE_NOTIFICATION >>>> 0: DRSUAPI_DRS_ADD_REF >>>> 1: DRSUAPI_DRS_SYNC_ALL >>>> 1: DRSUAPI_DRS_DEL_REF >>>> 1: DRSUAPI_DRS_WRIT_REP >>>> 0: DRSUAPI_DRS_INIT_SYNC >>>> 0: DRSUAPI_DRS_PER_SYNC >>>> 0: DRSUAPI_DRS_MAIL_REP >>>> 0: DRSUAPI_DRS_ASYNC_REP >>>> 0: DRSUAPI_DRS_IGNORE_ERROR >>>> 0: DRSUAPI_DRS_TWOWAY_SYNC >>>> 0: DRSUAPI_DRS_CRITICAL_ONLY >>>> 0: DRSUAPI_DRS_GET_ANC >>>> 0: DRSUAPI_DRS_GET_NC_SIZE >>>> 0: DRSUAPI_DRS_LOCAL_ONLY >>>> 0: DRSUAPI_DRS_NONGC_RO_REP >>>> 0: DRSUAPI_DRS_SYNC_BYNAME >>>> 0: DRSUAPI_DRS_REF_OK >>>> 1: DRSUAPI_DRS_FULL_SYNC_NOW >>>> 1: DRSUAPI_DRS_NO_SOURCE >>>> 0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS >>>> 0: DRSUAPI_DRS_FULL_SYNC_PACKET >>>> 0: DRSUAPI_DRS_SYNC_REQUEUE >>>> 0: DRSUAPI_DRS_SYNC_URGENT >>>> 0: DRSUAPI_DRS_REF_GCSPN >>>> 0: DRSUAPI_DRS_NO_DISCARD >>>> 0: DRSUAPI_DRS_NEVER_SYNCED >>>> 0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING >>>> 0: DRSUAPI_DRS_INIT_SYNC_NOW >>>> 0: DRSUAPI_DRS_PREEMPTED >>>> 0: DRSUAPI_DRS_SYNC_FORCED >>>> 0: DRSUAPI_DRS_DISABLE_AUTO_SYNC >>>> 0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC >>>> 0: DRSUAPI_DRS_USE_COMPRESSION >>>> 0: DRSUAPI_DRS_NEVER_NOTIFY >>>> 0: DRSUAPI_DRS_SYNC_PAS >>>> 0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP >>>> ../librpc/rpc/dcerpc_util.c:234: auth_pad_length 12 >>>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync >>>> out: struct drsuapi_DsReplicaSync >>>> result : WERR_BAD_NET_RESP >>>> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - >>>> drsException: DsReplicaSync failed (58, 'WERR_BAD_NET_RESP') >>>> File >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/drs.py", >>>> line 350, in run >>>> drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, >>>> source_dsa_guid, NC, req_options) >>>> File >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", >>>> line 83, in sendDsReplicaSync >>>> raise drsException("DsReplicaSync failed %s" % estr) >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> > > >