[Samba] DN lists have different size: 4065 != 4029
L.P.H. van Belle
belle at bazuin.nl
Tue May 7 15:08:07 UTC 2019
Hai,
Now, differences is fine, but can you see if one of the 2 servers is correct, and for that it might be handy to share the output.
You can push the good DB to the other DC. ( a forced replication )
And i can understand why you upgrade ...
Did you see :
samba-tool domain schemaupgrade --help
Usage: samba-tool domain schemaupgrade [options]
Domain schema upgrading
Options:
-h, --help show this help message and exit
-H URL, --URL=URL LDB URL for database or target server
-q, --quiet Be quiet
-v, --verbose Be verbose
--schema=SCHEMA The schema file to upgrade to. Default is (Windows)
2012_R2.
The "Default" in samba 4.10.x is 2012R2..
but show the output, we will think of something to fix it :-)
Greetz,
Louis
Van: Elias Pereira [mailto:empbilly at gmail.com]
Verzonden: dinsdag 7 mei 2019 16:49
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
Hello guys,
Why did you upgrade the schema to '69' ?
That is the schema from 2012R2 and is still marked as experimental.
I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad>
Could you run :
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
And compair that output?
I made the comparison. It has a jumble of differences.
Can I do a schema downgrade?
On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
Could you run :
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
And compair that output?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Elias Pereira via samba
> Verzonden: dinsdag 7 mei 2019 15:48
> Aan: samba
> Onderwerp: [Samba] DN lists have different size: 4065 != 4029
>
> Hello,
>
> dc3 = principal DC
> dc4 = secondary DC
>
> I had this problem last month after updating samba to version
> 4.10.x. and
> also the schema from 45 to 69. But it looked like it had been
> corrected.
> Today I noticed that on dc4 there are computers that are not on dc3.
>
> I updated:
> 4.7.x to 4.8.x
> 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
>
> When I run these commands:
>
> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
> --yes ---- OK
> samba_dnsupdate --verbose --all-names
> -------------------------------------
> OK
> samba-tool drs showrepl
> ---------------------------------------------------------- OK
>
> all show OK.
>
> *dc3 schema: *
>
> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> ,dc=br' -s
> base objectVersion
> # record 1
> dn:
> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> objectVersion: 69
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> *dc4 schema:*
>
> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> ,dc=br' -s
> base objectVersion
> # record 1
> dn:
> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> objectVersion: 69
>
> # returned 1 records
> # 1 entries
> # 0 referrals
>
> *smb.conf dc3*
>
> # Global parameters
> [global]
> netbios name = DC3
> realm = CAMPUS.SERTAO.IFRS.EDU.BR
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = CAMPUS
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> bind interfaces only = yes
> interfaces = lo eth0
>
> ldap server require strong auth = no
> #log file = /var/log/samba/log.%m
> #log level = 10
> ntlm auth = yes
> #ntlm auth = mschapv2-and-ntlmv2-only
>
> allow dns updates = nonsecure
>
> # SSL CERTS
> #tls enabled = yes
> #tls keyfile = tls/sertao.ifrs.edu.br.key.npw
> #tls certfile = tls/sertao.ifrs.edu.br.crt
> #tls cafile = tls/ca_join_icpedu.crt
>
> [netlogon]
> path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> *smb.conf dc4*
>
> # Global parameters
> [global]
> netbios name = DC4
> realm = CAMPUS.SERTAO.IFRS.EDU.BR
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = CAMPUS
> idmap_ldb:use rfc2307 = yes
>
> bind interfaces only = yes
> interfaces = lo eth0
>
> ldap server require strong auth = no
> #log file = /var/log/samba/log.%m
> #log level = 10
> ntlm auth = yes
> #ntlm auth = mschapv2-and-ntlmv2-only
>
> allow dns updates = nonsecure
>
> [netlogon]
> path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> *samba-tool fsmo show dc3:*
>
> # samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>
> *samba-tool fsmo show dc4:*
>
> # samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>
> Any ideas on how to debug this problem better? Any other log
> or config you
> need, just ask.
> --
> Elias Pereira
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
Elias Pereira
More information about the samba
mailing list