Hi there, I am in the process of replacing two old machines running as DCs with Debian 11 and samba 4.16.6 from back ports. DC1 and DC2 I have installed 2 VMs, Debian 11, 4.17.3 from back ports. DC3 and DC4. Domain join when OK, idmap copied, sysvol sync?d demo DC1, and replication working away. However: DC1 replicates correctly with DC2, DC3 and DC4. DC2 replicates correctly with DC1, DC3 and DC4. DC3 replicates *only* with DC1 and DC2 DC4 replicates *only* with DC1 and DC2 Am I doing something wrong ? LP
On 23/11/2022 14:04, Luis Peromarta via samba wrote:> Hi there, > > I am in the process of replacing two old machines running as DCs with Debian 11 and samba 4.16.6 from back ports. DC1 and DC2 > > I have installed 2 VMs, Debian 11, 4.17.3 from back ports. DC3 and DC4. Domain join when OK, idmap copied, sysvol sync?d demo DC1, and replication working away. > > However: > > DC1 replicates correctly with DC2, DC3 and DC4. > DC2 replicates correctly with DC1, DC3 and DC4. > > DC3 replicates *only* with DC1 and DC2 > DC4 replicates *only* with DC1 and DC2 > > Am I doing something wrong ?It doesn't sound like it. I would check dns. Rowland
23.11.2022 17:04, Luis Peromarta via samba wrote:> Hi there, > > I am in the process of replacing two old machines running as DCs with Debian 11 and samba 4.16.6 from back ports. DC1 and DC2 > > I have installed 2 VMs, Debian 11, 4.17.3 from back ports. DC3 and DC4. Domain join when OK, idmap copied, sysvol sync?d demo DC1, and replication working away. > > However: > > DC1 replicates correctly with DC2, DC3 and DC4. > DC2 replicates correctly with DC1, DC3 and DC4. > > DC3 replicates *only* with DC1 and DC2 > DC4 replicates *only* with DC1 and DC2 > > Am I doing something wrong ?Are you sure DC3 and DC4 *have* to replicate between each other? I'm new to this stuff, but I had to add extra links (how is that, NTDS? I forgot) between two out of 3 DCs here in order to enable replication between them. In "Sites and Subnets" snap, under each DC, there's one more level with the links. Some links are created automatically, some have to be created explicitly. I don't know if that's how it is supposed to work, but this is what I've seen when doing experiments here. FWIW, this process does not use PTR records. Speaking of resolv.conf at each DC pointing to this very DC - I'd avoid this one because of a very simple reason: if replication to this DC doesn't work for some reason, DNS replication doesn't work too, so it wont see new names in the net (which might be required for the replication to work). This is one of the reasons I don't use samba-provided DNS, - to keep it simple and avoid such sort of issues. DNS is already well set up with replication and reservation to ensure it is always working. YMMV. Thanks, /mjt
On 24/11/22 03:04, Luis Peromarta via samba wrote:> Hi there, > > I am in the process of replacing two old machines running as DCs with Debian 11 and samba 4.16.6 from back ports. DC1 and DC2 > > I have installed 2 VMs, Debian 11, 4.17.3 from back ports. DC3 and DC4. Domain join when OK, idmap copied, sysvol sync?d demo DC1, and replication working away. > > However: > > DC1 replicates correctly with DC2, DC3 and DC4. > DC2 replicates correctly with DC1, DC3 and DC4. > > DC3 replicates *only* with DC1 and DC2 > DC4 replicates *only* with DC1 and DC2If these are all in the same site, the expected behaviour is that replication forms a bidirectional ring with the occasional cross-ring connection. The order of the ring is GUID order, which is to say random but stable. So you might expect something like this: A <-----------> B ^ \ ^ | \ | | \ | | \ | v \-----> v D <-----------> C with an arbitrary mapping between A, B, C, D and DC1, DC2, DC3, DC4. The diagonal arrow from A to C might not exist. The exact rules for creating those are complex, and they kind of gather up over time as you add and remove DCs. Now, you say "replicates with", but the system doesn't really think like that. There's only "replicates to" and "replicates from"; what looks like a bidirectional link is really two separate unidirectional links. The cross-ring links like A->C above are unidirectional, not mirrored (though they can be accidentally mirrored if the opposite link exists by coincidence). In any case, if you assume A and C are DC1 and DC2, and B and D are DC3 and DC4, this looks quite a lot like what you describe. If the DCs are not all in the same site, you could expect a sparser graph. Inter-site replication is supposed to look like a tree. The only thing you should *really* care about is whether changes are getting replicated about in a timely fashion, and to quickly check that, see if samba-tool visualize uptodateness -rS --utf8 shows you a lot of green zeros, or some very big numbers in other colours. cheers, Douglas