Web lists-archives.com

Re: [Samba] Samba4 multiple DCs replication




Le 19/11/2018 à 15:00, Julien TEHERY via samba a écrit :
Le 19/11/2018 à 12:33, Julien TEHERY via samba a écrit :
Le 19/11/2018 à 11:14, Marco Gaiarin via samba a écrit :
Mandi! Julien TEHERY via samba
   In chel di` si favelave...

Is there a good pratice when adding new remote DCs in terms of replication
topology?
I think you have to define a topology of the domain, using ADSS:

    https://blogs.technet.microsoft.com/canitpro/2015/03/03/step-by-step-setting-up-active-directory-sites-subnets-site-links/

defining links and weight.

Right, I allready had this kind of setup.
I created 3 remote sites and subnets assigned to those sites.
Remote DC's have been joined with the " --site" option.

I even tried to setup Site Links, but it doesn't help.

Here is my topology

Main Site:
DC1
DC2 => well replicated from DC1
DC3 => well replicated from DC1

Remote_Site_1
DC4 => tries to replicate from DC2, but fails with WERR_FILE_NOT_FOUND error
(even manually with samba-tool drs replicate DC4 DC1 DC=mydomain,DC=lan)

Remote_Site_2
DC5 => well replicated from DC1

Remote_Site_3
DC6 => well replicated from DC1, but sometimes fails trying to replicate from DC3...



I tried demoted DC4 several times and rejoined it, whithout success.
Each time it fails with ths machine (i checked network and dns settings, nothing's wrong)


So from what i see "drs showrepl" shows me that sometimes a remote DC tries to DC1, sometimes not, and i would like to control it.



Even tried in ADUC to remove re create NTDS settings or remove automatically generated ones, whithout success. I don't know what's going wrong with DC4, but it's the only DC i cannot sync manually from DC1. I purged every single drop of samba on it an re installed it from scratch, and and it still does the same for it (even with --remove-other-dead-server demotion and dbcheck on DC1). I guess I'm gonna try to install another machine as I don't know what to do here

Another thing i noticed about replication:
Actually,  If I change a user password from DC1 with "samba-tool user myuser", password is successfully changed and replicated to the other DCs. (local and remote sites) But if i change it from DC5 or DC6, password is not replicated although "drs showrepl" seems fine on DC5 (but no outbound neiighbors)

Here is the output of it:

[root@dc5 ~]# samba-tool drs showrepl
REMOTESITE2\DC5
DSA Options: 0x00000001
DSA object GUID: 988d3cea-bcb8-4e71-be1f-faddb0408d62
DSA invocationId: 2a23d6a7-d797-4348-b948-3fdc7069f50d

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=mydomain,DC=lan
        MAINSITE\DC1 via RPC
                DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
                Last attempt @ Wed Nov 21 16:34:15 2018 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Nov 21 16:34:15 2018 CET

CN=Configuration,DC=mydomain,DC=lan
        MAINSITE\DC1 via RPC
                DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
                Last attempt @ Wed Nov 21 16:34:15 2018 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Nov 21 16:34:15 2018 CET

DC=ForestDnsZones,DC=mydomain,DC=lan
        MAINSITE\DC1 via RPC
                DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
                Last attempt @ Wed Nov 21 16:34:15 2018 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Nov 21 16:34:15 2018 CET

CN=Schema,CN=Configuration,DC=mydomain,DC=lan
        MAINSITE\DC1 via RPC
                DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
                Last attempt @ Wed Nov 21 16:34:15 2018 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Nov 21 16:34:15 2018 CET

DC=mydomain,DC=lan
        MAINSITE\DC1 via RPC
                DSA object GUID: d000aecf-6767-45b0-b69b-7ce4a4716507
                Last attempt @ Wed Nov 21 16:34:29 2018 CET was successful
                0 consecutive failure(s).
                Last success @ Wed Nov 21 16:34:29 2018 CET

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====


Is it simply that outbound connection must be set up? If yes how to do it?
I tried to make it work through ADUC console whitout success
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba