samba - Nov 2022 - Testing replication between 4 DCs

On 23/11/2022 16:04, Michael Tokarev via samba wrote:
> Are you sure DC3 and DC4 *have* to replicate between each other?
Yes, all DC's have to replicate to all other DC's
> I'm new to this stuff, but I had to add extra links 
You shouldn't have to, Samba should add them for you.
> (how is that,
> NTDS? I forgot) between two out of 3 DCs here in order to enable
> replication between them. In "Sites and Subnets" snap, under each
> DC, there's one more level with the links. Some links are created
> automatically, some have to be created explicitly.? I don't know
> if that's how it is supposed to work, but this is what I've seen
> when doing experiments here.
You seem to be having problems, oh yes, aren't you the person using 
unbound ?
> 
> FWIW, this process does not use PTR records.
> 
> Speaking of resolv.conf at each DC pointing to this very DC
No the first nameserver in a DC's /etc/resolv.conf should be the DC's 
ipaddress, or to put it another way, every DC uses itself as its nameserver.
> - I'd
> avoid this one because of a very simple reason: if replication to
> this DC doesn't work for some reason, DNS replication doesn't work
> too, so it wont see new names in the net (which might be required
> for the replication to work).? This is one of the reasons I don't
> use samba-provided DNS, 
No, that is one of the reasons you are having problems with replication.
> - to keep it simple and avoid such sort
> of issues.? DNS is already well set up with replication and
> reservation to ensure it is always working.? YMMV.
It does, my domain works.

Rowland

23.11.2022 20:02, Rowland Penny via samba wrote:
> On 23/11/2022 16:04, Michael Tokarev via samba wrote:
> 
>> Are you sure DC3 and DC4 *have* to replicate between each other?
> 
> Yes, all DC's have to replicate to all other DC's
> 
>> I'm new to this stuff, but I had to add extra links 
> 
> You shouldn't have to, Samba should add them for you.
Does it add all to all links, ie, one link with two DCs,
3 links with 3 DCs, 6 links with 4 DCs and so on (hopefully
I counted it correctly), so every DC is connected to every
other DC (provided everything is on the same site)?
>> (how is that,
>> NTDS? I forgot) between two out of 3 DCs here in order to enable
>> replication between them. In "Sites and Subnets" snap, under
each
>> DC, there's one more level with the links. Some links are created
>> automatically, some have to be created explicitly.? I don't know
>> if that's how it is supposed to work, but this is what I've
seen
>> when doing experiments here.
> 
> You seem to be having problems, oh yes, aren't you the person using
unbound ?
Yeah, I did have problems. For example, Windows explorer crashes
when opening "Security" tab of a file located on a DC.  Is it due
to unbound, are you sure?

The rest was no problem, just minor annoyances.  For example, user IDs
were different on different servers because I didn't copy idmap.tdb,
and bug in samba-tool ntacl sysvolcheck vs sysvolreset.  Is this due
to unbound too?

SPN must be unique, - I didn't know this.  Is it due to unbound?

..
>> - I'd
>> avoid this one because of a very simple reason: if replication to
>> this DC doesn't work for some reason, DNS replication doesn't
work
>> too, so it wont see new names in the net (which might be required
>> for the replication to work).? This is one of the reasons I don't
>> use samba-provided DNS, 
> 
> No, that is one of the reasons you are having problems with replication.
Which problems? I don't know problems I have with replication.
So far, replication works here fine, multiple sities, multiple
DCs in each. Changes are propagated to all the network quite
rapidly.
>> - to keep it simple and avoid such sort
>> of issues.? DNS is already well set up with replication and
>> reservation to ensure it is always working.? YMMV.
> 
> It does, my domain works.
What it and what it does? The fact that your domain work - this
is excellent. My domain works too, quite well. This too is
excellent.

/mjt