thr3ads.net - samba - [Samba] No RID Set found for this server. Can't self-allocate [May 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-May-23 07:50 UTC

[Samba] No RID Set found for this server. Can't self-allocate

On Wed, 22 May 2024 18:11:17 +0200
Felipe Mart?nez Hermo via samba <samba at lists.samba.org> wrote:
> Hi, there
> 
> I have been checking connections between my servers, trying to find
> the reason why my trouble server (VIG-DC3) does not reach the RID
> Madster.
> 
> I have to describe my topology a little better.
> 
> These are my servers:
> 
> (Root) SAMBADC -> FSMO Roles Owner, including RID Master
> 
> (First level node) STG-DC -> Syncs correctly with SAMBADC (samba-tool 
> drs replicate reports successful)
> 
> (Second level nodes)
> OUR-DC (DOES have a RID set). Replicates with both SAMBADC and STG-DC
> ==================================> samba-tool drs replicate our-dc
sambadc dc=ugt,dc=ldap
> Replicate from sambadc to our-dc was successful.
> samba-tool drs replicate our-dc sambadc
> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
> successful. samba-tool drs replicate our-dc sambadc
> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
> successful. samba-tool drs replicate our-dc sambadc
> cn=configuration,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
> successful. samba-tool drs replicate our-dc sambadc 
> cn=Schema,cn=configuration,dc=ugt,dc=ldap
> Replicate from sambadc to our-dc was successful.
> ==================================> 
> VIG-DC3 (does NOT have a RID set). Replicates with STG-DC, fails to 
> replicate with SAMBA-DC
> ==================================> samba-tool drs replicate vig-dc3
stg-dc dc=ugt,dc=ldap
> Replicate from stg-dc to vig-dc3 was successful.
> samba-tool drs replicate vig-dc3 stg-dc
> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
> successful. samba-tool drs replicate vig-dc3 stg-dc
> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
> successful. samba-tool drs replicate vig-dc3 stg-dc
> cn=configuration,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
> successful. samba-tool drs replicate vig-dc3 stg-dc 
> cn=Schema,cn=configuration,dc=ugt,dc=ldap
> Replicate from stg-dc to vig-dc3 was successful.
> 
> root at vig-dc3:~# adsync.sh sambadc vig-dc3
> 
> samba-tool drs replicate vig-dc3 sambadc dc=ugt,dc=ldap
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
> drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
Have you checked the firewall isn't blocking any required ports ?

Rowland

Felipe Martínez Hermo

2024-May-23 08:29 UTC

head link

[Samba] No RID Set found for this server. Can't self-allocate

The Samba ports are not filtered. The firewall is between STG-DC and 
SAMBADC (both of them sync correctly). The sync problems happen in 
VIG-DC3, which is behind the same firewall of STG-DC.

Here's nmap output (SAMBADC is 172.16.50.9):

root at vig-dc3:~# nmap -Pn 172.16.50.9
Starting Nmap 7.93 ( https://nmap.org ) at 2024-05-23 08:22 UTC
Nmap scan report for SAMBADC.ugt.ldap (172.16.50.9)
Host is up (0.035s latency).
Not shown: 986 closed tcp ports (reset)
PORT ?????STATE SERVICE
22/tcp ???open ?ssh
53/tcp ???open ?domain
88/tcp ???open ?kerberos-sec
135/tcp ??open ?msrpc
139/tcp ??open ?netbios-ssn
389/tcp ??open ?ldap
445/tcp ??open ?microsoft-ds
464/tcp ??open ?kpasswd5
636/tcp ??open ?ldapssl
3268/tcp ?open ?globalcatLDAP
3269/tcp ?open ?globalcatLDAPssl
49152/tcp open ?unknown
49153/tcp open ?unknown
49154/tcp open ?unknown

Nmap done: 1 IP address (1 host up) scanned in 3.28 seconds


Regards,

Felipe

El 23/05/2024 a las 9:50, Rowland Penny via samba
escribi?:> On Wed, 22 May 2024 18:11:17 +0200
> Felipe Mart?nez Hermo via samba<samba at lists.samba.org>  wrote:
>
>> Hi, there
>>
>> I have been checking connections between my servers, trying to find
>> the reason why my trouble server (VIG-DC3) does not reach the RID
>> Madster.
>>
>> I have to describe my topology a little better.
>>
>> These are my servers:
>>
>> (Root) SAMBADC -> FSMO Roles Owner, including RID Master
>>
>> (First level node) STG-DC -> Syncs correctly with SAMBADC
(samba-tool
>> drs replicate reports successful)
>>
>> (Second level nodes)
>> OUR-DC (DOES have a RID set). Replicates with both SAMBADC and STG-DC
>> ==================================>> samba-tool drs replicate
our-dc sambadc dc=ugt,dc=ldap
>> Replicate from sambadc to our-dc was successful.
>> samba-tool drs replicate our-dc sambadc
>> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> cn=configuration,dc=ugt,dc=ldap Replicate from sambadc to our-dc was
>> successful. samba-tool drs replicate our-dc sambadc
>> cn=Schema,cn=configuration,dc=ugt,dc=ldap
>> Replicate from sambadc to our-dc was successful.
>> ==================================>>
>> VIG-DC3 (does NOT have a RID set). Replicates with STG-DC, fails to
>> replicate with SAMBA-DC
>> ==================================>> samba-tool drs replicate
vig-dc3 stg-dc dc=ugt,dc=ldap
>> Replicate from stg-dc to vig-dc3 was successful.
>> samba-tool drs replicate vig-dc3 stg-dc
>> dc=ForestDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> dc=DomainDnsZones,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> cn=configuration,dc=ugt,dc=ldap Replicate from stg-dc to vig-dc3 was
>> successful. samba-tool drs replicate vig-dc3 stg-dc
>> cn=Schema,cn=configuration,dc=ugt,dc=ldap
>> Replicate from stg-dc to vig-dc3 was successful.
>>
>> root at vig-dc3:~# adsync.sh sambadc vig-dc3
>>
>> samba-tool drs replicate vig-dc3 sambadc dc=ugt,dc=ldap
>> ERROR(<class 'samba.drs_utils.drsException'>):
DsReplicaSync failed -
>> drsException: DsReplicaSync failed (8453,
'WERR_DS_DRA_ACCESS_DENIED')
> Have you checked the firewall isn't blocking any required ports ?
>
> Rowland
>
-- 
Firma

Felipe Mart?nez Hermo

Servizos Inform?ticos

felipe at galicia.ugt.org

981 577 171

*Uni?n Xeral de Traballadoras e Traballadores*

Miguel Ferro Caaveiro, 12 - 15707, Santiago de Compostela

<https://twitter.com/UGT_Galicia> 
<https://www.youtube.com/channel/UCvmQas6GB5fWAuxc1UM8XVg> 
<https://www.facebook.com/ugtgalicia> 
<https://www.instagram.com/ugt_galicia> www.ugtgalicia.org 
<https://www.ugtgalicia.org/>


--
Este mensaje y los ficheros anexos que pueda contener son confidenciales. Los
mismos pueden contener informaci?n reservada que no puede ser difundida. Si
usted ha recibido este correo por error, tenga la amabilidad de eliminarlo de su
sistema. No deber? copiar el mensaje ni divulgar su contenido.Su direcci?n de
correo electr?nico, junto a sus datos personales recibidos, ser?n gestionados
por UGT Galicia con la finalidad de la gesti?n de la comunicaci?n recibida y el
contacto con usted, y se adoptar?n sobre los mismos las medidas de seguridad
oportunas en garant?a del RGPD y la LOPDGDD. Para cualquier informaci?n
adicional o cuesti?n relacionada con Protecci?n de Datos, dir?jase a dpo at
galicia.ugt.org o a nuestras Pol?ticas de Privacidad ubicadas en
www.ugt.es/clausulas-rgpd

Seemingly Similar Threads

Search for more maybe matching threads

samba - May 2024 - No RID Set found for this server. Can't self-allocate

[Samba] No RID Set found for this server. Can't self-allocate

[Samba] No RID Set found for this server. Can't self-allocate

Seemingly Similar Threads