[Samba] adding windows DC to samba AD

mj lists at merit.unu.edu
Tue May 11 11:12:00 UTC 2021 

Hi Rowland,

> Try reading this: 
> https://dev.tranquil.it/samba/en/samba_advanced_methods/samba_add_windows_active_directory.html 
I will try it, thanks!

A related question:

"samba-tool drs showrepl" indicates that the samba's are replicating 
happily with the win2008R2 DC, all partitions, inbound and outbound.

However "samba-tool ldapcmp ldap://samba_dc2 ldap://win2008R2_dc1" gives 
some differences between the two. (goes also for the other samba DC)

Some examples:

> Comparing:
> 'CN=USER1,CN=USERS,DC=SAMBA,DC=COMPANY,DC=COM' [ldap://samba_dc2]
> 'CN=USER1,CN=USERS,DC=SAMBA,DC=COMPANY,DC=COM' [ldap://win2008R2_dc1]
>     Difference in attribute values:
>         userParameters => 
> [b'b\x00Q\x00A\x006\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00B\x00k\x00A\x00A\x00k\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00I\x00A\x00A\x00g\x00A\x00C\x00A\x00A\x00']
> [b'bQA6ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAA']
> 
>     FAILED

(similar output for a small portion of our AD users)
and one for the Configuration context:

> * Comparing [CONFIGURATION] context...
> 
> * Objects to be compared: 1744
> 
> Comparing:
> 'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY PRINCIPALS,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM' [ldap://samba_dc2]
> 'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY PRINCIPALS,CN=CONFIGURATION,DC=SAMBA,DC=COMPANY,DC=COM' [ldap://win2008R2_dc1]
>     Attributes found only in ldap://win2008R2_dc1:        WHENCREATED
>         INSTANCETYPE
> 
>     FAILED
> 
> * Result for [CONFIGURATION]: FAILURE

Is ldapcmp supposed to work between samba <-> windows DCs?

MJ

More information about the samba mailing list