[Samba] Problems with W2K8R2 <-> S4 replication
in [Samba]
|
Prev: [Samba] Every access denied brings error in logfile - can anybody confirm?
Next: [Samba] Windows 7 Ultimate both joins and fails to join domain / Samba 3.4.7 (2:3.4.7~dfsg-2~bpo50+2)
From: Dmitry Khromov on 23 May 2010 07:30 Hello! I'm trying to get Samba4 working as an additional AD DC. bin/net vampire reports no errors, but when I start sbin/samba I got the following in my var/samba.log: -------------------- [Sun May 23 03:58:08 2010 MSD, 0 .../smbd/server.c:373:binary_smbd_main()] samba version 4.0.0alpha12-GIT-UNKNOWN started. Copyright Andrew Tridgell and the Samba Team 1992-2010 [Sun May 23 03:58:08 2010 MSD, 0 .../smbd/server.c:463:binary_smbd_main()] samba: using 'standard' process model [Sun May 23 03:58:08 2010 MSD, 0 .../kdc/hdb-samba4.c:194:hdb_samba4_create_kdc()] FIXME: Using new system session for hdb [Sun May 23 03:58:13 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:13 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:13 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Schema,CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:18 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:18 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:18 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Schema,CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:23 2010 MSD, 0 .../dsdb/repl/drepl_ridalloc.c:106:drepl_new_rid_pool_callback()] .../dsdb/repl/drepl_ridalloc.c:106: RID Manager failed RID allocation - WERR_DS_DRA_BAD_DN [Sun May 23 03:58:23 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:23 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:23 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Schema,CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:23 2010 MSD, 0 .../dsdb/kcc/kcc_topology.c:3479:kcctpl_test()] Testing kcctpl_create_intersite_connections [Sun May 23 03:58:28 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:28 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:28 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Schema,CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:33 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED [Sun May 23 03:58:33 2010 MSD, 0 .../dsdb/repl/drepl_notify.c:207:dreplsrv_notify_op_callback()] dreplsrv_notify: Failed to send DsReplicaSync to 63fe4b85-32e6-46d0-9b0f-462ff7372547._msdcs.klin.kifato-mk.com for CN=Configuration,DC=klin,DC=kifato-mk,DC=com - NT code 0xc0002105 : WERR_DS_DRA_ACCESS_DENIED -------------------- and so on. Such messages floods for (approximately) an hour, however if I try to transfer some operation master roles to Samba, they appear again and ntdsutil.exe transfer reports errors. Issuing bin/net drs showrepl dc0.klin.kifato-mk.com gives me the following: -------------------- dc1 samba # bin/net drs showrepl dc0.klin.kifato-mk.com Error while fetching CN=NTDS Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=klin,DC=kifato-mk,DC=com, Possible error: LDAP error 1 LDAP_OPERATIONS_ERROR - <000004DC: LdapErr: DSID-0C0906DC, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db0> <> return code = -1 -------------------- repadmin.exe /showrepl on the Windows side reports success. Some comments regarding the environment: 1) Currently the AD consists of 1 DC - dc0.klin.kifato-mk.com, Windows Server 2008 R2 Enterpise 2) dc1.klin.kifato-mk.com (the Samba machine) is paravirtualized Gentoo Linux running in Xen. 3) This LDAP directory had been created with Windows Server 2003 R2 Russian, so it's populated with Russian (probably CP-1251 encoded) sAMAccountNames, etc. (e.g. I don't have the "Domain administrators" group - but its Russian equivalent). I'm interested in Samba4 AD DC functionality, so I'd like to try it out. Hope you'll help me. Best regards, Dmitry Khromov. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |