Web lists-archives.com

[Samba] Replication problem when adding new DC member

Hi all,

So we have a single AD-DC master, and I'm trying to join a fresh new DC (DOMAIN-ad.DOMAIN.intranet, to the master (ad.DOMAIN.intranet,, and I'm using the HOWTO here: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory and I've hit a problem in the section "Built-in User & Group ID Mappings" - when doing the following after copying over the idmap.ldb manually (note, ntacls.py was modified to output the file the script is trying to open):

samba-tool ntacl sysvolreset

I get:

root@DOMAIN-ad:/var/lib/samba/private# samba-tool ntacl sysvolreset
>>>>>>>>>>> /var/lib/samba/sysvol
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet/scripts
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet
>>>>>>>>>>> /var/lib/samba/sysvol/DOMAIN.intranet/Policies
open: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined error')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609, in setsysvolacl     set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)   File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1502, in set_gpos_acl     use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)   File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 163, in setntacl     smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)

So I try to check the replication status but as the samba service isn't currently running (as per HOWTO) it unsurprisingly fails:

root@DOMAIN-ad:/var/lib/samba/sysvol/DOMAIN.intranet# samba-tool drs showrepl Failed to connect host on port 135 - NT_STATUS_CONNECTION_REFUSED Failed to connect host (DOMAIN-ad.DOMAIN.intranet) on port 135 - NT_STATUS_CONNECTION_REFUSED. ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to DOMAIN-ad.DOMAIN.intranet failed - drsException: DRS connection to DOMAIN-ad.DOMAIN.intranet failed: (-1073741258, 'The connection was refused')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 41, in drsuapi_connect     (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 54, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))

How do I fix this issue please?  Both servers are running the exact same version of Debian 9, Samba updated to version 4.5.16-Debian.

Many thanks for your time!

With kind regards - Piers

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba