samba - Oct 2024 - Problem with a domain controller that is located in a separate site

Adam,

 

The only other option I can think of is to force replication and creation of the
attribute with samba-tool drs replicate. You can view this old thread
https://lists.samba.org/archive/samba/2016-September/203164.html back when I had
similar conversations on a Samba only environment. I will point out I was not
aware that Windows servers and repadmin don?t display outbound neighbors like
Samba does with samba-tool drs showrepl.
https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses#Outbound_Replication

 

 

 

 

From: Adam Abramson <abramsona30 at gmail.com> 
Sent: Monday, October 14, 2024 8:55 AM
To: james.atwell365 at gmail.com
Cc: samba at lists.samba.org
Subject: Re: [Samba] Problem with a domain controller that is located in a
separate site

 

yes, that's right, the display of  outbound   neighbors did not happen

 

On Mon, Oct 14, 2024 at 3:48?PM James Atwell via samba <samba at
lists.samba.org <mailto:samba at lists.samba.org> > wrote:

Does Samba still not show the win server as an outbound neighbor? 





From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com> >
Sent: Monday, October 14, 2024 8:44 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> 
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> 
Subject: Re: [Samba] Problem with a domain controller that is located in a
separate site



I created the three entities that you told me to create and all of them were
successfully replicated from samba dc to win2019-2. There were no problems



On Mon, Oct 14, 2024 at 2:48?PM James Atwell via samba <samba at
lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at
lists.samba.org <mailto:samba at lists.samba.org> > > wrote:

Adam,



I suggest adding a user, dns hostname(A record), and computer on the Samba
server and see if it gets replicated on the win2019-2 sever.



You can force replication by following the wiki here.
https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions if
the above doesn?t work.



-James



From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com>  <mailto:abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com> > >
Sent: Monday, October 14, 2024 5:22 AM
To: james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com> 
<mailto:james.atwell365 at gmail.com <mailto:james.atwell365 at
gmail.com> >
Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >
Subject: Re: [Samba] Problem with a domain controller that is located in a
separate site



Hi, James, I did everything as you said, deleted all samba and win2019-2
connections on all domain controllers, after that I waited until they were all
restored, but the outbound neighbors did not appear, maybe it makes sense to
force them to display in some way? or any other ideas about this?



On Fri, Oct 11, 2024 at 7:45?PM James Atwell via samba <samba at
lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at
lists.samba.org <mailto:samba at lists.samba.org> >  <mailto:samba
at lists.samba.org <mailto:samba at lists.samba.org>  <mailto:samba at
lists.samba.org <mailto:samba at lists.samba.org> > > > wrote:

> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org <mailto:samba-bounces
at lists.samba.org>  <mailto:samba-bounces at lists.samba.org
<mailto:samba-bounces at lists.samba.org> >  <mailto:samba-bounces
at lists.samba.org <mailto:samba-bounces at lists.samba.org> 
<mailto:samba-bounces at lists.samba.org <mailto:samba-bounces at
lists.samba.org> > > > On Behalf Of Rowland
> Penny via samba
> Sent: Friday, October 11, 2024 11:56 AM
> To: samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >
<mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:samba at lists.samba.org <mailto:samba at lists.samba.org> >
>
> Cc: Rowland Penny <rpenny at samba.org <mailto:rpenny at
samba.org>  <mailto:rpenny at samba.org <mailto:rpenny at samba.org>
>  <mailto:rpenny at samba.org <mailto:rpenny at samba.org> 
<mailto:rpenny at samba.org <mailto:rpenny at samba.org> > > >
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
> 
> On Fri, 11 Oct 2024 11:37:15 -0400
> James Atwell via samba <samba at lists.samba.org <mailto:samba at
lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at
lists.samba.org> >  <mailto:samba at lists.samba.org <mailto:samba
at lists.samba.org>  <mailto:samba at lists.samba.org <mailto:samba at
lists.samba.org> > > > wrote:
> 
> > Do Samba logs show any errors with replication?
> 
> Probably not, because in his initial post, he said replication was
working, but
> 'repsTo' wasn't populated.
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Hi Rowland,

I seen that, but that appears to come from a screenshot using ADSI Edit when
I reviewed the thread. I could be wrong, wouldn't be the first time. 

The attribute repsTo is optional but it most cases should exists once a
replication partner has been established and actual replication takes place.
Reviewing the thread, I show initially Adam didn't have NTDS auto generated
connections to his Samba and Microsoft servers. He lowered the replication
time in the site link to 15 minutes(I wouldn't leave at that value) which
triggered the KCC and successfully created the NTDS connections on both.
The establishment of NTDS connections don't automatically trigger the repsTo
field to be populated. The KCC determines how replication occurs, but it
doesn't necessarily mean that outbound replication is actively occurring.
Even though Adam said replication was working. 

It appears that the connection is primarily being used for inbound
replication or that the DC has not recently replicated changes to the
neighbor DC. I asked Adam to delete the NTDS connections and see if they get
reestablished on both DC's. If they do, I suggest next he add a user, dns
hostname, and computer on the Samba server and see if it gets replicated on
the Windows sever.  Having verbose logging on during this time would be
helpful. These changes should trigger the repsTo attribute to become
populated. 

I've seen in my own experience happen but only with a Samba environment.
When it did occur, I did the above except I used the samba-tool drs
replicate command to force the population of inbound and outbound neighbors.


-James



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

I forcibly added --add-ref, but it did not give results, outbound still
does not appear, then I decided to do another trick, I went into the
connection that exists between samba and win2019-2 and changed the
replication option, set it on notification, this is the
OVERRIDE_NOTIFY_DEFAULT flag, but this also did not give any results

On Mon, Oct 14, 2024 at 5:48?PM James Atwell via samba <
samba at lists.samba.org> wrote:
> Adam,
>
>
>
> The only other option I can think of is to force replication and creation
> of the attribute with samba-tool drs replicate. You can view this old
> thread https://lists.samba.org/archive/samba/2016-September/203164.html
> back when I had similar conversations on a Samba only environment. I will
> point out I was not aware that Windows servers and repadmin don?t display
> outbound neighbors like Samba does with samba-tool drs showrepl.
>
https://wiki.samba.org/index.php/Verifying_the_Directory_Replication_Statuses#Outbound_Replication
>
>
>
>
>
>
>
>
>
> From: Adam Abramson <abramsona30 at gmail.com>
> Sent: Monday, October 14, 2024 8:55 AM
> To: james.atwell365 at gmail.com
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
>
>
>
> yes, that's right, the display of  outbound   neighbors did not happen
>
>
>
> On Mon, Oct 14, 2024 at 3:48?PM James Atwell via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org> >
wrote:
>
> Does Samba still not show the win server as an outbound neighbor?
>
>
>
>
>
> From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com>
> >
> Sent: Monday, October 14, 2024 8:44 AM
> To: james.atwell365 at gmail.com <mailto:james.atwell365 at
gmail.com>
> Cc: samba at lists.samba.org <mailto:samba at lists.samba.org>
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
>
>
>
> I created the three entities that you told me to create and all of them
> were successfully replicated from samba dc to win2019-2. There were no
> problems
>
>
>
> On Mon, Oct 14, 2024 at 2:48?PM James Atwell via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> > >
wrote:
>
> Adam,
>
>
>
> I suggest adding a user, dns hostname(A record), and computer on the Samba
> server and see if it gets replicated on the win2019-2 sever.
>
>
>
> You can force replication by following the wiki here.
> https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions
> if the above doesn?t work.
>
>
>
> -James
>
>
>
> From: Adam Abramson <abramsona30 at gmail.com <mailto:abramsona30 at
gmail.com>
> <mailto:abramsona30 at gmail.com <mailto:abramsona30 at gmail.com>
> >
> Sent: Monday, October 14, 2024 5:22 AM
> To: james.atwell365 at gmail.com <mailto:james.atwell365 at
gmail.com>  <mailto:
> james.atwell365 at gmail.com <mailto:james.atwell365 at gmail.com>
>
> Cc: samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> >
> Subject: Re: [Samba] Problem with a domain controller that is located in a
> separate site
>
>
>
> Hi, James, I did everything as you said, deleted all samba and win2019-2
> connections on all domain controllers, after that I waited until they were
> all restored, but the outbound neighbors did not appear, maybe it makes
> sense to force them to display in some way? or any other ideas about this?
>
>
>
> On Fri, Oct 11, 2024 at 7:45?PM James Atwell via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> > 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> > >
> wrote:
>
>
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org <mailto:
> samba-bounces at lists.samba.org>  <mailto:samba-bounces at
lists.samba.org
> <mailto:samba-bounces at lists.samba.org> >  <mailto:
> samba-bounces at lists.samba.org <mailto:samba-bounces at
lists.samba.org>
> <mailto:samba-bounces at lists.samba.org <mailto:
> samba-bounces at lists.samba.org> > > > On Behalf Of Rowland
> > Penny via samba
> > Sent: Friday, October 11, 2024 11:56 AM
> > To: samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> > 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> 
<mailto:
> samba at lists.samba.org <mailto:samba at lists.samba.org> > >
> > Cc: Rowland Penny <rpenny at samba.org <mailto:rpenny at
samba.org>  <mailto:
> rpenny at samba.org <mailto:rpenny at samba.org> > 
<mailto:rpenny at samba.org
> <mailto:rpenny at samba.org>  <mailto:rpenny at samba.org
<mailto:
> rpenny at samba.org> > > >
> > Subject: Re: [Samba] Problem with a domain controller that is located
in
> a
> > separate site
> >
> > On Fri, 11 Oct 2024 11:37:15 -0400
> > James Atwell via samba <samba at lists.samba.org <mailto:
> samba at lists.samba.org>  <mailto:samba at lists.samba.org
<mailto:
> samba at lists.samba.org> >  <mailto:samba at lists.samba.org
<mailto:
> samba at lists.samba.org>  <mailto:samba at lists.samba.org
<mailto:
> samba at lists.samba.org> > > > wrote:
> >
> > > Do Samba logs show any errors with replication?
> >
> > Probably not, because in his initial post, he said replication was
> working, but
> > 'repsTo' wasn't populated.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
> Hi Rowland,
>
> I seen that, but that appears to come from a screenshot using ADSI Edit
> when
> I reviewed the thread. I could be wrong, wouldn't be the first time.
>
> The attribute repsTo is optional but it most cases should exists once a
> replication partner has been established and actual replication takes
> place.
> Reviewing the thread, I show initially Adam didn't have NTDS auto
generated
> connections to his Samba and Microsoft servers. He lowered the replication
> time in the site link to 15 minutes(I wouldn't leave at that value)
which
> triggered the KCC and successfully created the NTDS connections on both.
> The establishment of NTDS connections don't automatically trigger the
> repsTo
> field to be populated. The KCC determines how replication occurs, but it
> doesn't necessarily mean that outbound replication is actively
occurring.
> Even though Adam said replication was working.
>
> It appears that the connection is primarily being used for inbound
> replication or that the DC has not recently replicated changes to the
> neighbor DC. I asked Adam to delete the NTDS connections and see if they
> get
> reestablished on both DC's. If they do, I suggest next he add a user,
dns
> hostname, and computer on the Samba server and see if it gets replicated on
> the Windows sever.  Having verbose logging on during this time would be
> helpful. These changes should trigger the repsTo attribute to become
> populated.
>
> I've seen in my own experience happen but only with a Samba
environment.
> When it did occur, I did the above except I used the samba-tool drs
> replicate command to force the population of inbound and outbound
> neighbors.
>
>
> -James
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>