Web lists-archives.com

Re: [Samba] Dcs Replication




Hi!

This moment only "kccsrv:samba_kcc=No" , I have manually removed links

But error is very strange :-|


May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336,  0] ../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done) May 17 16:54:44 dc2 samba[10421]:   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX

But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....


Regards;




On 17-05-2018 17:02, lingpanda101 wrote:
On 5/17/2018 3:58 PM, Carlos wrote:

Hi!

In "NTDS settings" created new connection for:

DC2 ->DC3

DC3 -> DC2

All OK,

I tested with option

kccsrv:samba_kcc=No

is ok too.

But in my DC2, a received one erro:

May 17 16:54:44 dc2 samba[10421]: [2018/05/17 16:54:44.543336,  0] ../source4/dsdb/repl/drepl_out_helpers.c:1087(dreplsrv_update_refs_done) May 17 16:54:44 dc2 samba[10421]:   UpdateRefs failed with WERR_DS_DRA_ACCESS_DENIED/NT code 0xc0002105 for 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXX DC=DomainDnsZones,DC=XXX,DC=XXX,DC=XXX,DC=XXX

But 24079507-bf7b-4c96-b107-cd22d7680011._msdcs.XXXXXXX is DC2....

Any ideia ?

Regards;

On 17-05-2018 13:55, Carlos wrote:
Hi!

In Option "Inter-Site Transports", i have only  one the name "DEFAULTIPSITELINK" , in properties

Sites in this link:

Matriz
Filial

Matriz -> site with DC1 and DC2
Filail ->  site With DC3

Regards;


On 17-05-2018 13:12, lingpanda101 wrote:
On 5/17/2018 12:07 PM, Carlos wrote:
Hi!

Thanks for answer.

But, i allowed all ports in my firewall...

I tested, shutdown  my DC1

DC2 dont comunication with DC3

I create user in DC2, dont replication with DC3...
I waited more in 20 minutes

Why ??

Regards;


On 17-05-2018 12:01, lingpanda101 wrote:
On 5/17/2018 10:30 AM, Carlos via samba wrote:
Hi!

I have 2 DC, now add one more DC, but all dcs dont view between they.

New DC is "DC2"

DC1 - vlan10 -> OK to DC3(Connectad by openvpn)

DC1 -> vlan10 -> OK to DC2(vlan50)

DC2-> vlan50 -> OK to DC1(vlan10)

DC2-> Openvpn -> Dont "see" DC3

DC3 -> Openvpn -> OK to DC1(vlan10)

DC3 -> Openvpn -> Dont "view" DC2(vlan50)

All version Dcs Samba 4.7.7
Firewall is allow  between they.

-----

DC1

samba-tool drs showrepl

I see only DC2 and DC3 is OK
Is correct.

DC2

samba-tool drs showrepl

I see only DC1

DC3

samba-tool drs showrepl

I see only DC1
------------------------

Any Ideia ?


Regards


Carlos,

    This is normal if your firewall is working correctly. The KCC checks and creates replication links to optimize latency and cost where needed. You can override this and create a full mesh topology with the following in your smb.conf under 'Global'.

kccsrv:samba_kcc=No

I advise not doing this but instead ensure sites and services are setup correctly for your IP Inter-Site-Transports. You can define cost and interval for the links here.


-James



Did you verify you have the Inter-Site Transports configured properly in Active Directory Sites and Services snap in?

-James



Carlos,

    You are doing a lot of things that go against best practice. Do not manually create the links. let the KCC handle that function.

--
--
James

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba