thr3ads.net - samba - [Samba] Replication only working one way [Jul 2020]

If this information is useful, please help other people find it:
Share via:

Peter Pollock

2020-Jul-14 02:35 UTC

[Samba] Replication only working one way

Hi,

I have been trying for days to solve this to no avail. I have taken over
the IT responsibilities at a small school and am trying to get my head
around their network and why they are having problems.
They have 3 servers, Matthew, Genesis and Luke.

Matthew is a Windows 2008 R2 server and holds all the FSMO roles but
appears to be screwed up. It won't replicate with anything and randomly
restarts itself. It wasn't doing much anyway so I want to decommission it.

Genesis and Luke are both running Ubuntu 18.04.4 LTS and Samba 4.7.6

When I replicate from genesis to luke, everything works fine (or says it
does)

When I replicate from luke to genesis though, I get a failure message:

sudo samba-tool drs replicate genesis luke dc=kcs,dc=local
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:genesis[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

However, new users I create on either genesis or luke replicate to the
other with no problems.

I have no idea what is wrong or how to go about fixing it. Can anyone help?

Rowland penny

2020-Jul-14 06:31 UTC

head link

[Samba] Replication only working one way

On 14/07/2020 03:35, Peter Pollock via samba wrote:> Hi,
>
> I have been trying for days to solve this to no avail. I have taken over
> the IT responsibilities at a small school and am trying to get my head
> around their network and why they are having problems.
> They have 3 servers, Matthew, Genesis and Luke.
>
> Matthew is a Windows 2008 R2 server and holds all the FSMO roles but
> appears to be screwed up. It won't replicate with anything and randomly
> restarts itself. It wasn't doing much anyway so I want to decommission
it.
>
> Genesis and Luke are both running Ubuntu 18.04.4 LTS and Samba 4.7.6
>
> When I replicate from genesis to luke, everything works fine (or says it
> does)
>
> When I replicate from luke to genesis though, I get a failure message:
>
> sudo samba-tool drs replicate genesis luke dc=kcs,dc=local
> ldb_wrap open of secrets.ldb
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Using binding ncacn_ip_tcp:genesis[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name genesis<0x20>
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
> drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py",
line 386, in
> run
>      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> source_dsa_guid, NC, req_options)
>    File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py",
line 85, in
> sendDsReplicaSync
>      raise drsException("DsReplicaSync failed %s" % estr)
>
> However, new users I create on either genesis or luke replicate to the
> other with no problems.
>
> I have no idea what is wrong or how to go about fixing it. Can anyone help?
Try running the command again, but this time add '-UAdministrator' on 
the end.

Rowland

Peter Pollock

2020-Jul-14 17:37 UTC

head link

[Samba] Replication only working one way

OK, tried that. Kicked myself for not trying earlier... but it didn't
work.

In fact, the error has got worse.

Now when I try to go from Genesis to Luke I get:

 sudo samba-tool drs replicate luke genesis DC=kcs,DC=local -Udomainadmin
.
.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (1359, 'WERR_INTERNAL_ERROR')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)

and when I go the other way I get a different error:

 sudo samba-tool drs replicate genesis luke DC=kcs,DC=local -Udomainadmin
.
.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
386, in
run
    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
in
sendDsReplicaSync
    raise drsException("DsReplicaSync failed %s" % estr)


On Mon, Jul 13, 2020 at 11:32 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 14/07/2020 03:35, Peter Pollock via samba wrote:
> > Hi,
> >
> > I have been trying for days to solve this to no avail. I have taken
over
> > the IT responsibilities at a small school and am trying to get my head
> > around their network and why they are having problems.
> > They have 3 servers, Matthew, Genesis and Luke.
> >
> > Matthew is a Windows 2008 R2 server and holds all the FSMO roles but
> > appears to be screwed up. It won't replicate with anything and
randomly
> > restarts itself. It wasn't doing much anyway so I want to
decommission
> it.
> >
> > Genesis and Luke are both running Ubuntu 18.04.4 LTS and Samba 4.7.6
> >
> > When I replicate from genesis to luke, everything works fine (or says
it
> > does)
> >
> > When I replicate from luke to genesis though, I get a failure message:
> >
> > sudo samba-tool drs replicate genesis luke dc=kcs,dc=local
> > ldb_wrap open of secrets.ldb
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Using binding ncacn_ip_tcp:genesis[,seal]
> > resolve_lmhosts: Attempting lmhosts lookup for name
genesis<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name
genesis<0x20>
> > resolve_lmhosts: Attempting lmhosts lookup for name
genesis<0x20>
> > ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
> > drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
> >    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
> 386, in
> > run
> >      drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
> > source_dsa_guid, NC, req_options)
> >    File
"/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 85,
> in
> > sendDsReplicaSync
> >      raise drsException("DsReplicaSync failed %s" % estr)
> >
> > However, new users I create on either genesis or luke replicate to the
> > other with no problems.
> >
> > I have no idea what is wrong or how to go about fixing it. Can anyone
> help?
>
> Try running the command again, but this time add '-UAdministrator'
on
> the end.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Apparently Analagous Threads

Search for more reasonably related threads

samba - Jul 2020 - Replication only working one way

[Samba] Replication only working one way

[Samba] Replication only working one way

[Samba] Replication only working one way

Apparently Analagous Threads