Web lists-archives.com

Re: [Samba] NT_STATUS_CONNECTION_REFUSED Joining Domain - Desperately need help

On Thu, 8 Mar 2018 15:58:43 -0600 (CST)
Brent Davidson via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I am desperately in need of help. I have a Centos 7.2 server running
> Samba 4.6.13 as an active directory domain controller. I am trying to
> join a new Centos 7.4 server running Samba 4.6.13 to the domain. The
> domain command will not connect to the other server. 
> How this problem started: 
> I originally had two domain controllers, both of which were running
> Samba 4.5. I was troubleshooting a time sync issue between Windows 10
> workstations and the server that appeared to come from a bug in the
> older Samba 4.5 version. I update the secondary domain controller to
> Samba 4.6.13 and that appeared to go fine, so I switched over to the
> primary domain controller and tried to upgrade it to 4.6.13.
> Something went wrong, and users were no longer able to access the
> domain. I switched to the backup domain controller and promoted it to
> primary and all was well again, so I took the original primary
> off-line and tried to solve the issue. After taking the old primary
> off-line, DNS stopped resolving for the network. Things get a bit
> murky at this part because my phone was runing off the hook, but I
> managed to wipe out the /var/lib/samba/private folder from one of the
> servers. Since my backups were of the old 4.5 database versions and I
> was unable to roll back the Samba version, I had to copy
> the /var/lib/samba/private folder from one server to the other, then
> remove the server entries for the non-working server. 

I don't know what your original problem was, but you made it a
magnitude times worse when you copied /var/lib/samba/private from one
DC to another. Whilst DCs replicate between one another, not everything
is replicated and some things are specific to each DC.

Do you have a backup of the original 4.5 DC that held all the FSMO
roles (note, you didn't have a primary domain controller or a secondary
domain controller or a backup domain controller, you just had DCs. All
DCs are equal except for the FSMO roles). If you do have this backup, I
would suggest you turn off all your DCS and reinstall the DC from the
backup and start again.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba