I'm pretty sure this is a resolving problem. Can you verify this: https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record Especialy these : for both guids and cross check if from both servers. host -t CNAME 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa._msdcs..... Can you post from both server. /etc/hosts /etc/resolv.conf host servername host fqdn host servername @dns othere server host fqdn @dns othere server repeat the post part for the other host. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Zombie Ryushu via samba > Verzonden: dinsdag 29 oktober 2019 10:23 > Aan: Rowland penny; samba at lists.samba.org > Onderwerp: Re: [Samba] Samba Replication problem between two DCs > > On 10/29/19 5:17 AM, Rowland penny via samba wrote: > > On 29/10/2019 00:47, Zombie Ryushu via samba wrote: > >> I am having issues with Samba DC replication between two directly > >> connected DCs. > >> > >> I don't understand what is wrong or how to fix it. Can > someone advise? > >> > >> $ sudo samba-tool drs showrepl > >> Default-First-Site-Name\OLYMPIA > >> DSA Options: 0x00000001 > >> DSA object GUID: 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> DSA invocationId: d7f3c683-fcf2-473c-be01-a6f58af6cb88 > >> > >> ==== INBOUND NEIGHBORS ===> >> > >> DC=DomainDnsZones,DC=pukey > >> ?????????????? Default-First-Site-Name\KEFKA via RPC > >> ?????????????????????????????? DSA object GUID: > >> a35b2245-3340-4182-aaf8-dd344725805e > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 21813 consecutive failure(s). > >> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23 > >> 2019 EDT > >> > >> DC=pukey > >> ?????????????? Default-First-Site-Name\KEFKA via RPC > >> ?????????????????????????????? DSA object GUID: > >> a35b2245-3340-4182-aaf8-dd344725805e > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 21806 consecutive failure(s). > >> ?????????????????????????????? Last success @ Wed Aug 14 01:19:19 > >> 2019 EDT > >> > >> DC=ForestDnsZones,DC=pukey > >> ?????????????? Default-First-Site-Name\KEFKA via RPC > >> ?????????????????????????????? DSA object GUID: > >> a35b2245-3340-4182-aaf8-dd344725805e > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 21812 consecutive failure(s). > >> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23 > >> 2019 EDT > >> > >> CN=Configuration,DC=pukey > >> ?????????????? Default-First-Site-Name\KEFKA via RPC > >> ?????????????????????????????? DSA object GUID: > >> a35b2245-3340-4182-aaf8-dd344725805e > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 21813 consecutive failure(s). > >> ?????????????????????????????? Last success @ Wed Aug 14 01:19:18 > >> 2019 EDT > >> > >> CN=Schema,CN=Configuration,DC=pukey > >> ?????????????? Default-First-Site-Name\KEFKA via RPC > >> ?????????????????????????????? DSA object GUID: > >> a35b2245-3340-4182-aaf8-dd344725805e > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 21811 consecutive failure(s). > >> ?????????????????????????????? Last success @ Wed Aug 14 01:19:14 > >> 2019 EDT > >> > >> ==== OUTBOUND NEIGHBORS ===> >> > >> ==== KCC CONNECTION OBJECTS ===> >> > >> Connection -- > >> ?????????????? Connection name: > 306b7c01-f16d-4a26-855b-516dd5f12f33 > >> ?????????????? Enabled?????????????? : TRUE > >> ?????????????? Server DNS name : kefka.pukey > >> ?????????????? Server DN name?? : CN=NTDS > >> > Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey> >> > >> ?????????????????????????????? TransportType: RPC > >> ?????????????????????????????? options: 0x00000001 > >> Warning: No NC replicated for Connection! > >> > >> Here is the other DC, > >> > >> $ sudo samba-tool drs showrepl > >> Default-First-Site-Name\KEFKA > >> DSA Options: 0x00000001 > >> DSA object GUID: a35b2245-3340-4182-aaf8-dd344725805e > >> DSA invocationId: 07b63046-64e7-43c1-84a2-8ba3541c712a > >> > >> ==== INBOUND NEIGHBORS ===> >> > >> DC=DomainDnsZones,DC=pukey > >> ?????????????? Default-First-Site-Name\OLYMPIA via RPC > >> ?????????????????????????????? DSA object GUID: > >> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 1934 consecutive failure(s). > >> ?????????????????????????????? Last success @ NTTIME(0) > >> > >> DC=pukey > >> ?????????????? Default-First-Site-Name\OLYMPIA via RPC > >> ?????????????????????????????? DSA object GUID: > >> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 1934 consecutive failure(s). > >> ?????????????????????????????? Last success @ NTTIME(0) > >> > >> DC=ForestDnsZones,DC=pukey > >> ?????????????? Default-First-Site-Name\OLYMPIA via RPC > >> ?????????????????????????????? DSA object GUID: > >> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 1934 consecutive failure(s). > >> ?????????????????????????????? Last success @ NTTIME(0) > >> > >> CN=Configuration,DC=pukey > >> ?????????????? Default-First-Site-Name\OLYMPIA via RPC > >> ?????????????????????????????? DSA object GUID: > >> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 1934 consecutive failure(s). > >> ?????????????????????????????? Last success @ NTTIME(0) > >> > >> CN=Schema,CN=Configuration,DC=pukey > >> ?????????????? Default-First-Site-Name\OLYMPIA via RPC > >> ?????????????????????????????? DSA object GUID: > >> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa > >> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 > >> 2019 EDT failed, > >> result 2 (WERR_FILE_NOT_FOUND) > >> ?????????????????????????????? 1933 consecutive failure(s). > >> ?????????????????????????????? Last success @ NTTIME(0) > >> > >> ==== OUTBOUND NEIGHBORS ===> >> > >> ==== KCC CONNECTION OBJECTS ===> >> > >> Connection -- > >> ?????????????? Connection name: > 163a6f30-e1d3-4255-8b75-85fce23bb4c4 > >> ?????????????? Enabled?????????????? : TRUE > >> ?????????????? Server DNS name : olympia.pukey > >> ?????????????? Server DN name?? : CN=NTDS > >> > Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pukey> >> > >> ?????????????????????????????? TransportType: RPC > >> ?????????????????????????????? options: 0x00000001 > >> Warning: No NC replicated for Connection! > >> > >> > > You can start by running 'samba-tool dbcheck', but you are going to > > have to give us more info, what OS ? What Samba version ? > What is the > > smb.conf files ? > > > > Rowland > > > > > > > On Olympia: > > $ sudo samba-tool dbcheck > Checking 313 objects > Checked 313 objects (0 errors) > > On Kefka > > $ sudo samba-tool dbcheck > Checking 312 objects > Checked 312 objects (0 errors) > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Zombie Ryushu
2019-Oct-30 01:03 UTC
[Samba] Automate Kerberized SSH Connections using Samba 4 as the KDC??
On 10/29/19 6:14 AM, L.P.H. van Belle via samba wrote:> I'm pretty sure this is a resolving problem. > > Can you verify this: > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > Especialy these : for both guids and cross check if from both servers. > host -t CNAME 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa._msdcs..... > > Can you post from both server. > /etc/hosts > /etc/resolv.conf > > host servername > host fqdn > > host servername @dns othere server > host fqdn @dns othere server > > repeat the post part for the other host. > > Greetz, > > Louis > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Zombie Ryushu via samba >> Verzonden: dinsdag 29 oktober 2019 10:23 >> Aan: Rowland penny; samba at lists.samba.org >> Onderwerp: Re: [Samba] Samba Replication problem between two DCs >> >> On 10/29/19 5:17 AM, Rowland penny via samba wrote: >>> On 29/10/2019 00:47, Zombie Ryushu via samba wrote: >>>> I am having issues with Samba DC replication between two directly >>>> connected DCs. >>>> >>>> I don't understand what is wrong or how to fix it. Can >> someone advise? >>>> $ sudo samba-tool drs showrepl >>>> Default-First-Site-Name\OLYMPIA >>>> DSA Options: 0x00000001 >>>> DSA object GUID: 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> DSA invocationId: d7f3c683-fcf2-473c-be01-a6f58af6cb88 >>>> >>>> ==== INBOUND NEIGHBORS ===>>>> >>>> DC=DomainDnsZones,DC=pukey >>>> ?????????????? Default-First-Site-Name\KEFKA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> a35b2245-3340-4182-aaf8-dd344725805e >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 21813 consecutive failure(s). >>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23 >>>> 2019 EDT >>>> >>>> DC=pukey >>>> ?????????????? Default-First-Site-Name\KEFKA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> a35b2245-3340-4182-aaf8-dd344725805e >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 21806 consecutive failure(s). >>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:19 >>>> 2019 EDT >>>> >>>> DC=ForestDnsZones,DC=pukey >>>> ?????????????? Default-First-Site-Name\KEFKA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> a35b2245-3340-4182-aaf8-dd344725805e >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 21812 consecutive failure(s). >>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:23 >>>> 2019 EDT >>>> >>>> CN=Configuration,DC=pukey >>>> ?????????????? Default-First-Site-Name\KEFKA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> a35b2245-3340-4182-aaf8-dd344725805e >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 21813 consecutive failure(s). >>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:18 >>>> 2019 EDT >>>> >>>> CN=Schema,CN=Configuration,DC=pukey >>>> ?????????????? Default-First-Site-Name\KEFKA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> a35b2245-3340-4182-aaf8-dd344725805e >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:25:21 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 21811 consecutive failure(s). >>>> ?????????????????????????????? Last success @ Wed Aug 14 01:19:14 >>>> 2019 EDT >>>> >>>> ==== OUTBOUND NEIGHBORS ===>>>> >>>> ==== KCC CONNECTION OBJECTS ===>>>> >>>> Connection -- >>>> ?????????????? Connection name: >> 306b7c01-f16d-4a26-855b-516dd5f12f33 >>>> ?????????????? Enabled?????????????? : TRUE >>>> ?????????????? Server DNS name : kefka.pukey >>>> ?????????????? Server DN name?? : CN=NTDS >>>> >> Settings,CN=KEFKA,CN=Servers,CN=Default-First-Site-Name,CN=Sit > es,CN=Configuration,DC=pukey >>>> ?????????????????????????????? TransportType: RPC >>>> ?????????????????????????????? options: 0x00000001 >>>> Warning: No NC replicated for Connection! >>>> >>>> Here is the other DC, >>>> >>>> $ sudo samba-tool drs showrepl >>>> Default-First-Site-Name\KEFKA >>>> DSA Options: 0x00000001 >>>> DSA object GUID: a35b2245-3340-4182-aaf8-dd344725805e >>>> DSA invocationId: 07b63046-64e7-43c1-84a2-8ba3541c712a >>>> >>>> ==== INBOUND NEIGHBORS ===>>>> >>>> DC=DomainDnsZones,DC=pukey >>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 1934 consecutive failure(s). >>>> ?????????????????????????????? Last success @ NTTIME(0) >>>> >>>> DC=pukey >>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 1934 consecutive failure(s). >>>> ?????????????????????????????? Last success @ NTTIME(0) >>>> >>>> DC=ForestDnsZones,DC=pukey >>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 1934 consecutive failure(s). >>>> ?????????????????????????????? Last success @ NTTIME(0) >>>> >>>> CN=Configuration,DC=pukey >>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 1934 consecutive failure(s). >>>> ?????????????????????????????? Last success @ NTTIME(0) >>>> >>>> CN=Schema,CN=Configuration,DC=pukey >>>> ?????????????? Default-First-Site-Name\OLYMPIA via RPC >>>> ?????????????????????????????? DSA object GUID: >>>> 50507d18-c8ee-4ef4-bbda-4d0d9bc31caa >>>> ?????????????????????????????? Last attempt @ Mon Oct 28 20:43:04 >>>> 2019 EDT failed, >>>> result 2 (WERR_FILE_NOT_FOUND) >>>> ?????????????????????????????? 1933 consecutive failure(s). >>>> ?????????????????????????????? Last success @ NTTIME(0) >>>> >>>> ==== OUTBOUND NEIGHBORS ===>>>> >>>> ==== KCC CONNECTION OBJECTS ===>>>> >>>> Connection -- >>>> ?????????????? Connection name: >> 163a6f30-e1d3-4255-8b75-85fce23bb4c4 >>>> ?????????????? Enabled?????????????? : TRUE >>>> ?????????????? Server DNS name : olympia.pukey >>>> ?????????????? Server DN name?? : CN=NTDS >>>> >> Settings,CN=OLYMPIA,CN=Servers,CN=Default-First-Site-Name,CN=S > ites,CN=Configuration,DC=pukey >>>> ?????????????????????????????? TransportType: RPC >>>> ?????????????????????????????? options: 0x00000001 >>>> Warning: No NC replicated for Connection! >>>> >>>> >>> You can start by running 'samba-tool dbcheck', but you are going to >>> have to give us more info, what OS ? What Samba version ? >> What is the >>> smb.conf files ? >>> >>> Rowland >>> >>> >>> >> On Olympia: >> >> $ sudo samba-tool dbcheck >> Checking 313 objects >> Checked 313 objects (0 errors) >> >> On Kefka >> >> $ sudo samba-tool dbcheck >> Checking 312 objects >> Checked 312 objects (0 errors) >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >Success! After adding the entries, Replication is working. Is it possible to use Samba to automate Kerberized SSH for keytab based Sign in by Unison? I want to use Unison to Sync OwnCloud/NextCloud.
Rowland penny
2019-Oct-30 08:14 UTC
[Samba] Automate Kerberized SSH Connections using Samba 4 as the KDC??
On 30/10/2019 01:03, Zombie Ryushu via samba wrote:> Is it possible to use Samba to automate Kerberized SSH for keytab based > Sign in by Unison? I want to use Unison to Sync OwnCloud/NextCloud.SSH with a keytab is possible, not sure if it works with Unison, this is because I do not use Unison. You require these lines in smb.conf: dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind refresh tickets = yes winbind use default domain = yes and in /etc/security/pam_winbind.conf (if they are not set in /etc/pam.d/common-auth): krb5_auth = yes krb5_ccache_type = FILE Forward and reverse DNS must be working SSH server setup In /etc/ssh/sshd_config ensure you have the following options set: # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes??????????????? # If your version supports this GSSAPIStoreCredentialsOnRekey yes??? # If your version supports this Then restart sshd. SSH client setup For the client side, ensure you have the following set under an appropriate "Host" section in /etc/ssh/ssh_config: Host * ??? GSSAPIAuthentication yes ??? GSSAPIKeyExchange yes???????? # If your version supports this ??? GSSAPIRenewalForcesRekey yes? # If your version supports this ??? GSSAPITrustDns yes Host *.samdom.example.com ??? # It's best to limit this option to only trusted hosts: ??? GSSAPIDelegateCredentials yes Rowland
Reasonably Related Threads
- Samba Replication problem between two DCs
- Samba Replication problem between two DCs
- Samba Replication problem between two DCs
- btrfs balance fails with no space errors (despite having plenty)
- Samba Kerberos issue just cropped up with a node as of Samba 4.19.1