samba - Oct 2024 - Problem with a domain controller that is located in a separate site

Hi, James, yes, I set up sites through the sites and services tool. It's not
that it's fully connected replication, but that the RepsTo attribute, under
equal conditions with windows, is not filled on the samba side, which in
turn entails that the outbound neighbors are not displayed on the samba side
. But let me clarify that I even made each server (there is only one in each
site) a bridgehead, that is, connections should be built and the attributes
of repsTo repsFrom should be fully filled even if the domain controller is
alone on its site. Maybe I'm wrong and can you tell me where my mistake is?
In the correspondence above, there are screenshots with the difference of
attributes between windows and samba

On Fri, Oct 11, 2024 at 3:37?PM James Atwell via samba <
samba at lists.samba.org> wrote:
>
>
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of Adam
> > Abramson via samba
> > Sent: Friday, October 11, 2024 6:26 AM
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] Problem with a domain controller that is located
in
> a
> > separate site
> >
> > Thanks a lot Rowland I hope we will fix this issue soon
> >
> > On Fri, Oct 11, 2024 at 1:14?PM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Fri, 11 Oct 2024 13:06:40 +0300
> > > Adam Abramson <abramsona30 at gmail.com> wrote:
> > >
> > > > yes, above I have attached screenshots of testing from the
windows
> > > > side, which show the difference between the behavior of
samba and
> > > > windows servers, on windows this attribute is filled in
although
> > > > these servers are also located on separate sites, I think
that this
> > > > difference in operation is problematic to some extent
possible, tell
> > > > me where I can leave a bug report
> > > >
> > >
> > > https://bugzilla.samba.org/
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read
the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> Hi Adam,
>
> Apologies as I might have overlooked you stating this but did you setup
> your sites using Active Directory Sites & Services Tool? This tool is
> necessary for correct site replication.
>
> Prior to Samba 4.5, I believe full mesh replication was the standard. In
> 4.5 https://www.samba.org/samba/history/samba-4.5.0.html  samba
> introduced KCC improvements for sparse network replication. At that time,
> you could use the command "kccsrv:samba_kcc = yes" in your
smb.conf to turn
> this on and off. Setting this to off will result in full mesh replication.
> I advise against turning this off especially in larger networks. Instead, I
> would look to properly configure sites and services.
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi Adam,

 

I reviewed your images but those don?t appear to be from the Microsoft tool
Active Directory Sites and Services.  Have you used this tool specifically to
configure your sites?  Can you attach images from this tool on how you
configured your sites? Specifically, the NTDS settings and subnets?

 

-James

 

From: Adam Abramson <abramsona30 at gmail.com> 
Sent: Friday, October 11, 2024 8:48 AM
To: james.atwell365 at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with a domain controller that is located in a
separate site

 

Hi, James, yes, I set up sites through the sites and services tool. It's not
that it's fully connected replication, but that the RepsTo attribute, under
equal conditions with windows, is not filled on the samba side, which in turn
entails that the outbound neighbors are not displayed on the samba side. But let
me clarify that I even made each server (there is only one in each site) a
bridgehead, that is, connections should be built and the attributes of repsTo
repsFrom should be fully filled even if the domain controller is alone on its
site. Maybe I'm wrong and can you tell me where my mistake is? In the
correspondence above, there are screenshots with the difference of attributes
between windows and samba

 

On Fri, Oct 11, 2024 at 3:37?PM James Atwell via samba <samba at
lists.samba.org <mailto:samba at lists.samba.org> > wrote:


> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org <mailto:samba-bounces
at lists.samba.org> > On Behalf Of Adam
> Abramson via samba
> Sent: Friday, October 11, 2024 6:26 AM
> To: samba at lists.samba.org <mailto:samba at lists.samba.org> 
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
> 
> Thanks a lot Rowland I hope we will fix this issue soon
> 
> On Fri, Oct 11, 2024 at 1:14?PM Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org> >
wrote:
> 
> > On Fri, 11 Oct 2024 13:06:40 +0300
> > Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com> > wrote:
> >
> > > yes, above I have attached screenshots of testing from the
windows
> > > side, which show the difference between the behavior of samba and
> > > windows servers, on windows this attribute is filled in although
> > > these servers are also located on separate sites, I think that
this
> > > difference in operation is problematic to some extent possible,
tell
> > > me where I can leave a bug report
> > >
> >
> > https://bugzilla.samba.org/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Hi Adam,

Apologies as I might have overlooked you stating this but did you setup your
sites using Active Directory Sites & Services Tool? This tool is necessary
for correct site replication.

Prior to Samba 4.5, I believe full mesh replication was the standard. In 4.5
https://www.samba.org/samba/history/samba-4.5.0.html  samba introduced KCC
improvements for sparse network replication. At that time, you could use the
command "kccsrv:samba_kcc = yes" in your smb.conf to turn this on and
off. Setting this to off will result in full mesh replication. I advise against
turning this off especially in larger networks. Instead, I would look to
properly configure sites and services.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Adam,

 

While you?re confirming your sites and services setup. See the link for how I
have my sites setup. I have sanitized some if it and it?s from a Samba only
environment but should still be setup similarly for Samba or mixed environments.

 

https://ibb.co/hZPJkxw

 

I have 2 DC?s per site. The Site ?D? and Server ?D5? has outbound neighbors of
?D4? and S6? of site ?S?.   Site ?S? if I was to show you its NTDS settings for
server ?S6?,has automatically generated connections to server ?D5? in site ?D?.
If for whatever reason the KCC did not auto create, I would manually need to
create the connections to site ?D? for server ?D5? if I wanted it to be an
outbound neighbor.

 

-James

 

 

From: Adam Abramson <abramsona30 at gmail.com> 
Sent: Friday, October 11, 2024 8:48 AM
To: james.atwell365 at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with a domain controller that is located in a
separate site

 

Hi, James, yes, I set up sites through the sites and services tool. It's not
that it's fully connected replication, but that the RepsTo attribute, under
equal conditions with windows, is not filled on the samba side, which in turn
entails that the outbound neighbors are not displayed on the samba side. But let
me clarify that I even made each server (there is only one in each site) a
bridgehead, that is, connections should be built and the attributes of repsTo
repsFrom should be fully filled even if the domain controller is alone on its
site. Maybe I'm wrong and can you tell me where my mistake is? In the
correspondence above, there are screenshots with the difference of attributes
between windows and samba

 

On Fri, Oct 11, 2024 at 3:37?PM James Atwell via samba <samba at
lists.samba.org <mailto:samba at lists.samba.org> > wrote:


> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org <mailto:samba-bounces
at lists.samba.org> > On Behalf Of Adam
> Abramson via samba
> Sent: Friday, October 11, 2024 6:26 AM
> To: samba at lists.samba.org <mailto:samba at lists.samba.org> 
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
> 
> Thanks a lot Rowland I hope we will fix this issue soon
> 
> On Fri, Oct 11, 2024 at 1:14?PM Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org> >
wrote:
> 
> > On Fri, 11 Oct 2024 13:06:40 +0300
> > Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com> > wrote:
> >
> > > yes, above I have attached screenshots of testing from the
windows
> > > side, which show the difference between the behavior of samba and
> > > windows servers, on windows this attribute is filled in although
> > > these servers are also located on separate sites, I think that
this
> > > difference in operation is problematic to some extent possible,
tell
> > > me where I can leave a bug report
> > >
> >
> > https://bugzilla.samba.org/
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Hi Adam,

Apologies as I might have overlooked you stating this but did you setup your
sites using Active Directory Sites & Services Tool? This tool is necessary
for correct site replication.

Prior to Samba 4.5, I believe full mesh replication was the standard. In 4.5
https://www.samba.org/samba/history/samba-4.5.0.html  samba introduced KCC
improvements for sparse network replication. At that time, you could use the
command "kccsrv:samba_kcc = yes" in your smb.conf to turn this on and
off. Setting this to off will result in full mesh replication. I advise against
turning this off especially in larger networks. Instead, I would look to
properly configure sites and services.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba