[Samba] DN lists have different size: 4065 != 4029

L.P.H. van Belle belle at bazuin.nl
Tue May 7 15:08:07 UTC 2019


Hai, 
 
Now, differences is fine, but can you see if one of the 2 servers is correct, and for that it might be handy to share the output. 
 
You can push the good DB to the other DC. ( a forced replication ) 
 
And i can understand why you upgrade ...  
Did you see :  
 
samba-tool domain schemaupgrade --help
Usage: samba-tool domain schemaupgrade [options]
Domain schema upgrading
Options:
  -h, --help            show this help message and exit
  -H URL, --URL=URL     LDB URL for database or target server
  -q, --quiet           Be quiet
  -v, --verbose         Be verbose
  --schema=SCHEMA       The schema file to upgrade to. Default is (Windows)
                        2012_R2.

 
The "Default" in samba 4.10.x is 2012R2..  
but show the output, we will think of something to fix it :-) 
 
 
Greetz, 
 
Louis
 
 

Van: Elias Pereira [mailto:empbilly at gmail.com] 
Verzonden: dinsdag 7 mei 2019 16:49
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029



Hello guys,


Why did you upgrade the schema to '69' ?

That is the schema from 2012R2 and is still marked as experimental. 

I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad>


Could you run :   
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC 
And compair that output? 

I made the comparison. It has a jumble of differences.


Can I do a schema downgrade?







On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:

Could you run :  

samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC

And compair that output?  



Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Elias Pereira via samba
> Verzonden: dinsdag 7 mei 2019 15:48
> Aan: samba
> Onderwerp: [Samba] DN lists have different size: 4065 != 4029
> 
> Hello,
> 
> dc3 = principal DC
> dc4 = secondary DC
> 
> I had this problem last month after updating samba to version 
> 4.10.x. and
> also the schema from 45 to 69. But it looked like it had been 
> corrected.
> Today I noticed that on dc4 there are computers that are not on dc3.
> 
> I updated:
> 4.7.x to 4.8.x
> 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
> 
> When I run these commands:
> 
> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix 
> --yes ---- OK
> samba_dnsupdate --verbose --all-names 
> -------------------------------------
> OK
> samba-tool drs showrepl
> ---------------------------------------------------------- OK
> 
> all show OK.
> 
> *dc3 schema: *
> 
> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> ,dc=br' -s
> base objectVersion
> # record 1
> dn: 
> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> objectVersion: 69
> 
> # returned 1 records
> # 1 entries
> # 0 referrals
> 
> *dc4 schema:*
> 
> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> ,dc=br' -s
> base objectVersion
> # record 1
> dn: 
> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> objectVersion: 69
> 
> # returned 1 records
> # 1 entries
> # 0 referrals
> 
> *smb.conf dc3*
> 
> # Global parameters
> [global]
>         netbios name = DC3
>         realm = CAMPUS.SERTAO.IFRS.EDU.BR
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>         workgroup = CAMPUS
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
> 
>         bind interfaces only = yes
>         interfaces = lo eth0
> 
>         ldap server require strong auth = no
>         #log file = /var/log/samba/log.%m
>         #log level = 10
>         ntlm auth = yes
>         #ntlm auth = mschapv2-and-ntlmv2-only
> 
>         allow dns updates = nonsecure
> 
>         # SSL CERTS
>         #tls enabled  = yes
>         #tls keyfile  = tls/sertao.ifrs.edu.br.key.npw
>         #tls certfile = tls/sertao.ifrs.edu.br.crt
>         #tls cafile   = tls/ca_join_icpedu.crt
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> *smb.conf dc4*
> 
> # Global parameters
> [global]
>         netbios name = DC4
>         realm = CAMPUS.SERTAO.IFRS.EDU.BR
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
> kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>         workgroup = CAMPUS
>         idmap_ldb:use rfc2307  = yes
> 
>         bind interfaces only = yes
>         interfaces = lo eth0
> 
>         ldap server require strong auth = no
>         #log file = /var/log/samba/log.%m
>         #log level = 10
>         ntlm auth = yes
>         #ntlm auth = mschapv2-and-ntlmv2-only
> 
>         allow dns updates = nonsecure
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> *samba-tool fsmo show dc3:*
> 
> # samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> 
> *samba-tool fsmo show dc4:*
> 
> # samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> 
> Any ideas on how to debug this problem better? Any other log 
> or config you
> need, just ask.
> -- 
> Elias Pereira
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba




-- 
Elias Pereira


More information about the samba mailing list