Comments on Samba 4 Additional Domain Controller for failover Replication on CentOS 7

This is a awesome tutorial

Hai, which samba version is this 4.5? Because the picture with second last picture, with the circle around "Create ptr" did you check that because as far i know that does not work.

But nice howto, well done.

The version used is 4.5.10

[root@samba4 ~]# samba --version

Version 4.5.10

[root@samba4 ~]#

Nice catch forgot to mention that. For adding the ptr you can follow the following method.

First create the zone file 

[root@samba4 ~]# samba-tool dns zonecreate localhost 1.168.192.in-addr.arpa -U administrator

Password for [SUNIL\administrator]:

Zone 1.168.192.in-addr.arpa created successfully

[root@samba4 ~]#

Restart Samba

[root@samba4 ~]# systemctl restart samba

You then create the ptr record manually .

You can use the samba-tool command or do it from rsat

[root@provisioning ~]# samba-tool dns add localhost 1.168.192.in-addr.arpa 165 PTR gitlab.sunil.cc -U administrator

Something like this. Hope it helps

 

 

 

Hi,

I followd all the steps but whenever i am creating user on DC2 it's not coming on DC1.But when i am creating user on DC1 that user is coming on DC2 but not vice versa.

ON DC1

[root@stpldc ~]# samba-tool drs showrepl Default-First-Site-Name\STPLDCDSA Options: 0x00000001DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118bDSA invocationId: 33903502-1b15-47b2-a015-eb8142c30daa==== INBOUND NEIGHBORS ====ERROR(runtime): DsReplicaGetInfo of type 0 failed - (8453, 'WERR_DS_DRA_ACCESS_DENIED')

ON DC2[root@stplbdc ~]# samba-tool drs showreplDefault-First-Site-Name\STPLBDCDSA Options: 0x00000001DSA object GUID: 8512e225-da15-4a86-adbf-73a6e6b62bfbDSA invocationId: 575eda1d-5609-4ac8-971a-1472c9e96df5==== INBOUND NEIGHBORS ====CN=Schema,CN=Configuration,DC=stpl,DC=com    Default-First-Site-Name\STPLDC via RPC        DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118b        Last attempt @ Fri Jan 26 19:19:46 2018 IST was successful        0 consecutive failure(s).        Last success @ Fri Jan 26 19:19:46 2018 ISTDC=stpl,DC=com    Default-First-Site-Name\STPLDC via RPC        DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118b        Last attempt @ Fri Jan 26 19:19:46 2018 IST was successful        0 consecutive failure(s).        Last success @ Fri Jan 26 19:19:46 2018 ISTDC=ForestDnsZones,DC=stpl,DC=com    Default-First-Site-Name\STPLDC via RPC        DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118b        Last attempt @ Fri Jan 26 19:19:46 2018 IST was successful        0 consecutive failure(s).        Last success @ Fri Jan 26 19:19:46 2018 ISTCN=Configuration,DC=stpl,DC=com    Default-First-Site-Name\STPLDC via RPC        DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118b        Last attempt @ Fri Jan 26 19:19:47 2018 IST was successful        0 consecutive failure(s).        Last success @ Fri Jan 26 19:19:47 2018 ISTDC=DomainDnsZones,DC=stpl,DC=com    Default-First-Site-Name\STPLDC via RPC        DSA object GUID: a0180d74-5701-46cb-a557-1bca37e3118b        Last attempt @ Fri Jan 26 19:19:46 2018 IST was successful        0 consecutive failure(s).        Last success @ Fri Jan 26 19:19:46 2018 IST==== OUTBOUND NEIGHBORS ======== KCC CONNECTION OBJECTS ====Connection --    Connection name: 8631fe96-22d1-4db5-a8c2-3d58427d04b9    Enabled        : TRUE    Server DNS name : stpldc.stpl.com    Server DN name  : CN=NTDS Settings,CN=STPLDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=stpl,DC=com        TransportType: RPC        options: 0x00000001Warning: No NC replicated for Connection!

 

How can i slove this problem if i am creating user on DC2 it's not coming on DC1.Prompt reply will be appreciated :)

 

Did you check the content if replication doesn't work section.

samba-tool drs replicate samba4.sunil.cc dc.sunil.cc DC=sunil,DC=cc

 

Hi

My Primary AD DC Server is Windows server 2016, I want to Secondary DC will setup Cent OS 7. Its possiable? then how to setup?

Hi,

I get the error in the replication and when I try to reinitiate the replication I get:

ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync    raise drsException("DsReplicaSync failed %s" % estr)

Mate check if your firewall is working, I had same issue and I checked firewall with systemctl status firewalld and my firewall was  working, so I stopped with systemctl stop firewalld and works fine!!!

Am also facing same issue, firwalld is disabled. Really apperciate if someone share the solution

ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_FILE_NOT_FOUND')

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 389, in run

    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)

  File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 87, in sendDsReplicaSync

    raise drsException("DsReplicaSync failed %s" % estr)

I did the other way, my first AD DC is Centos7 and my Secondary DC is Windows Server 2008 R2 and works fine. Make sure that you Windows Server has R2 or you will be on trouble. I will let you one link of one tutorial how to:

https://wiki.samba.org/index.php/Joining_a_Windows_Server_2008_/_2008_R2_DC_to_a_Samba_AD

Hi there - great tutorial.

At the last part, both nslookups point test.sunil.cc to 192.168.1.200. Where does this ip come from?

I ask this, because when doing so, both nslookups point to my DC1's ip address. And when I do "host -t A my.domain.com" it only shows my DC1's ip address, but it should be actually showing both DC1's and DC2's ip addresses.

Any ideas?