Hi Andrew,
thanks for your response. I am trying to look into this issue better.
Regrettably, I've never taken the time to learn to use the packet
tracer. Need to do this someday. But maybe we can muddle through without it.
THEORY:
DNS is not right somehow.
I am using the internal samba DNS server.
On both test1 and test2, I have the both ip address of test1 and test2
in resolv.conf
On both test1 and test2, iptables is stopped.
On client, I have ip address of test1 and test2 as dns servers.
I replicated my experiment this morning.
1) I stopped samba on server test1.
2) I set the log level on test2 (the additional domain controller) to 10
3) I tried to log events from my client 18.165 to the server test2.
4) I made sure that the client 18.165 did have test2's ip address as a
dns server.
5) I made sure iptables was stopped on test2.
6) I started active directory users and computers on the client.
7) I see this on the server:
[root@test2 ~]# tail -f /var/log/samba4.log | grep 18.165
Received DNS UDP packet of length 34 from ipv4:192.168.18.165:55360
Received DNS UDP packet of length 34 from ipv4:192.168.18.165:58481
Received DNS UDP packet of length 34 from ipv4:192.168.18.165:54073
8) I get the following message on the client, which is different than
what I got before, "Naming information cannot be located"
screenshot at http://imgur.com/LMz6y
9) I run it again, for the heck of it. I get the message about the
"possible attempt to compromise security" that I had gotten before.
screenshot at http://imgur.com/xRIYk
10) I brought test1 back up, and checked replication status.
What is with the krb5 errors?????
[root@test1 samba]# samba-tool drs showrepl test1
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED from
192.168.18.202
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED from
192.168.18.202
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED from
192.168.18.202
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED from
192.168.18.202
Error reading smb_krb5 reply packet: NT_STATUS_CONNECTION_REFUSED from
192.168.18.202
Default-First-Site-Name\TEST1
DSA Options: 0x00000001
DSA object GUID: e71bb117-b03e-4e83-b5c0-5db5d8876442
DSA invocationId: 51281f84-6ea0-4c70-ab86-3151ba3f4f39
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ Mon Dec 31 09:46:19 2012 CST was successful
0 consecutive failure(s).
Last success @ Mon Dec 31 09:46:19 2012 CST
DC=DomainDnsZones,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ Mon Dec 31 09:46:22 2012 CST was successful
0 consecutive failure(s).
Last success @ Mon Dec 31 09:46:22 2012 CST
DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ Mon Dec 31 09:46:32 2012 CST was successful
0 consecutive failure(s).
Last success @ Mon Dec 31 09:46:32 2012 CST
CN=Schema,CN=Configuration,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ Mon Dec 31 09:46:32 2012 CST was successful
0 consecutive failure(s).
Last success @ Mon Dec 31 09:21:20 2012 CST
CN=Configuration,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ Mon Dec 31 09:46:09 2012 CST was successful
0 consecutive failure(s).
Last success @ Mon Dec 31 09:46:09 2012 CST
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=test,DC=local
Default-First-Site-Name\TEST2 via RPC
DSA object GUID: 71b2aa4e-902f-4b7f-b6d8-5ce6dfc6b572
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 5e648aea-6308-4ce8-8765-d9c6dd51c75e
Enabled : TRUE
Server DNS name : TEST2.test.local
Server DN name : CN=NTDS
Settings,CN=TEST2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[root@test1 samba]#
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
