Created attachment 9359 [details] samba-tools drs showrepl at site2 I have an test setup with four sites. Servers run debian wheezy with sernet's samba 4.0.10-8 packages. Sites 2-4 are connected to site1 via vpn tunnels but there is no direct connection and no subnet routing between sites 2-3. Looking into AD documentation to replicate these sites SiteLinkBridges should be used. So first i defined the sitelink objects between site 1-2,1-3 and 1-4. Afterwars i defined the SiteLinkBridges using these SiteLinks, for example (1-2),(1-3) for the bridge between site2 and site3. It seems however that samba does not yet support sitelinkbridges. Looking into the samba_kcc source code i found the code handling sitlinks but none for sitelinkbridges. Instead of ignoring sites 3-4 at site 2 for example it seems samba still tries to contact the servers direct even if there is no interconnetc defined. Attached an replication status of site 2. samba.log shows these errors. [2013/11/03 16:28:00.671751, 0] ../source4/librpc/rpc/dcerpc_sock.c:256(continue_socket_connect) Failed to connect host [server at site 3 ip] on port 135 - NT_STATUS_HOST_UNREACHABLE [2013/11/03 16:28:00.672221, 0] ../source4/librpc/rpc/dcerpc_sock.c:419(continue_ip_open_socket) Failed to connect host [server at site 3 ip] (ded885f4-5178-41d5-9274-e1f7268ca2e8._msdcs.fot.local) on port 135 - NT_STATUS_HOST_UNREACHABLE
With the new samba_kcc, you should only be defining site-links and not site-link bridges. It actually wasn't functional until at least Samba 4.3 in any reasonable fashion. It's strongly recommended that the KCC handles the network construction with all sitelinks bridged by default. For nearly everybody this should be sufficient, and the only domains that should be affected will be those with intricate firewalls AND very strict requirements on their sites.
Thank you for the feedback. Using samba_kcc and only site links this works with 4.4.5 here with two branches connectiong to the main office with no coneections between them.