search for: m702

On Mon, 2015-11-16 at 16:50 +0100, mathias dufresne wrote: > transaction: operations error at > ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147 Looking at that line in your version of Samba may give you some idea why it failed. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer,

...hildren which were remaining. > > I also used an awk script to force creation of DNS entries mentioned by > "samba_dnsupdate --verbose --all-names", on all DCs. > > And I have no idea if this helps. > > Anyway I finally tried to run: > samba-tool drs replicate m704 m702 --add-ref --sync-forced --sync-all > --full-sync *--local* --kerberos yes DC=samba,DC=domain,DC=tld > > Before that I was trying different ways to run drs replicate but always > without that --local switch. > > And with that --local switch the DB was eventually replicated from m70...

...move also the few entries and their children which were remaining. I also used an awk script to force creation of DNS entries mentioned by "samba_dnsupdate --verbose --all-names", on all DCs. And I have no idea if this helps. Anyway I finally tried to run: samba-tool drs replicate m704 m702 --add-ref --sync-forced --sync-all --full-sync *--local* --kerberos yes DC=samba,DC=domain,DC=tld Before that I was trying different ways to run drs replicate but always without that --local switch. And with that --local switch the DB was eventually replicated from m702 (the looking-like-broken F...

...------------------------------ ldbsearch -H $sam -b 'OU=Domain controllers,DC=AD,DC=DOMAIN,DC=TLD' '(objectclass=computer)' dn # record 1 dn: CN=M700,OU=Domain Controllers,DC=ad,DC=domain,DC=tld # record 2 dn: CN=M701,OU=Domain Controllers,DC=ad,DC=domain,DC=tld # record 3 dn: CN=M702,OU=Domain Controllers,DC=ad,DC=domain,DC=tld # returned 3 records # 3 entries # 0 referrals -------------------------------------------------------------------------------- shows only the 3 DC using 4.3.1. All the FSMO are owned by m700. -----------------------------------------------------------...

...=DOMAIN,DC=TLD' > > '(objectclass=computer)' dn > > # record 1 > > dn: CN=M700,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > > > # record 2 > > dn: CN=M701,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > > > # record 3 > > dn: CN=M702,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > > > # returned 3 records > > # 3 entries > > # 0 referrals > > > -------------------------------------------------------------------------- > > ------ > > shows only the 3 DC using 4.3.1. > > > &g...

...ren=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=domain1, Records=0, Children=1 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=m700, Records=0, Children=0 Name=m701, Records=0, Children=0 Name=m702, Records=0, Children=0 -k yes -> use Kerberos ticket to authenticate, ticket must be existing. the second <AD DNS zone> is because we look for the SOA for that zone On line starting with SOA: we have all information needed to run the next command, to update this record. samba-tool gives...

...$sam -b 'OU=Domain controllers,DC=AD,DC=DOMAIN,DC=TLD' > '(objectclass=computer)' dn > # record 1 > dn: CN=M700,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > # record 2 > dn: CN=M701,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > # record 3 > dn: CN=M702,OU=Domain Controllers,DC=ad,DC=domain,DC=tld > > # returned 3 records > # 3 entries > # 0 referrals > -------------------------------------------------------------------------- > ------ > shows only the 3 DC using 4.3.1. > > All the FSMO are owned by m700. > --------...

...usage of AD Sites. Here Win client ask for domain 11:37:28.671044 IP 10.207.102.32.50193 > dns1.ad.dgfip.finances.gouv.fr.domain: 50244+ SRV? _ldap._tcp.pdc._ msdcs.ad.dgfip.finances.gouv.fr. (65) 11:37:28.671308 IP dns1.ad.dgfip.finances.gouv.fr.domain > 10.207.102.32.50193: 50244 1/2/3 SRV m702.ad.dgfip.finances.gouv.fr.:389 0 100 (202) Just after that it asks for kerberos service on "SCIF" AD Site: 11:44:59.550011 IP 10.207.102.32.52905 > dns1.ad.dgfip.finances.gouv.fr.domain: 17936+ SRV? _kerberos._tcp.SCIF._sites.dc._msdcs.AD.DGFIP.FINANCES.GOUV.FR. (80) 11:44:59.550979 I...

...Win client ask for domain > 11:37:28.671044 IP 10.207.102.32.50193 > > dns1.ad.dgfip.finances.gouv.fr.domain: 50244+ SRV? _ldap._tcp.pdc._ > msdcs.ad.dgfip.finances.gouv.fr. (65) > 11:37:28.671308 IP dns1.ad.dgfip.finances.gouv.fr.domain > > 10.207.102.32.50193: 50244 1/2/3 SRV m702.ad.dgfip.finances.gouv.fr.:389 0 > 100 (202) > > Just after that it asks for kerberos service on "SCIF" AD Site: > 11:44:59.550011 IP 10.207.102.32.52905 > > dns1.ad.dgfip.finances.gouv.fr.domain: 17936+ SRV? > _kerberos._tcp.SCIF._sites.dc._msdcs.AD.DGFIP.FINANCES.GO...

...omain >> 11:37:28.671044 IP 10.207.102.32.50193 > >> dns1.ad.dgfip.finances.gouv.fr.domain: 50244+ SRV? _ldap._tcp.pdc._ >> msdcs.ad.dgfip.finances.gouv.fr. (65) >> 11:37:28.671308 IP dns1.ad.dgfip.finances.gouv.fr.domain > >> 10.207.102.32.50193: 50244 1/2/3 SRV m702.ad.dgfip.finances.gouv.fr.:389 0 >> 100 (202) >> >> Just after that it asks for kerberos service on "SCIF" AD Site: >> 11:44:59.550011 IP 10.207.102.32.52905 > >> dns1.ad.dgfip.finances.gouv.fr.domain: 17936+ SRV? >> _kerberos._tcp.SCIF._sites.dc._ms...

On 12/23/2015 12:39 PM, mathias dufresne wrote: > And for Ole, the OP, to solve its own failover issue: > As there is 2 physical sites and only 2 DC. > Let's say > Site1 is 10.1.0.0/16 > Site2 is 10.2.0.0/16 > I would create 2 additional AD Sites : Site1 + Site2 > To AD site "Site1" I would associate 10.1.0.0/16 and associate also DC1 > To AD site