Back-linked attributes does not sync between Windows2003 and Samba4

Zahari Zahariev zahari.zahariev at gmail.com
Tue May 25 09:14:13 MDT 2010


Hello Andrew & Samba4,

Here is an interesting thing I have found this afternoon. I decided to test
LDAPCMP on a real-world setup -- Samba4 vampires from Windows2003 domain
controller. Samba4 vampired OK and then it started OK there were replication
requests going back and forth. However when I ran ldapcmp it showed
differences exclusively for attributes in objects which has remained only in
the Windows2003 server. As Kamen noticed these are mostly back-linked
attributes which were not replicated.

You can see the diff for the domain partition where 10.191.10.95
(Windows2003 - functional level 2003) and 10.191.10.113 (Samba4 - vampired
from Windows2003):

root at darkstar:~/samba-master/source4# ./scripting/devel/ldapcmp
--host=10.191.10.95 --username=administrator at zahari.tk --password=xx
--host2=10.191.10.113 --username2=administrator at zahari.tk --password2=xx
domain

* Ignored (DNS related) DNs in 10.191.10.95:
    DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=a.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=b.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=c.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=d.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=e.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=f.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=g.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=h.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=i.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=j.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=k.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=@,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=win2003,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=centos53,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.pdc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.dbf16f4c-42f4-4fa3-bd03-ae5fd49f3f2a.domains._msdcs,DC=
zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=gc._msdcs,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=df357490-5d66-4dab-894d-0be67dc1708d._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_gc._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_gc._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kpasswd._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kpasswd._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=ForestDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=DomainDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk

* Ignored (DNS related) DNs in 10.191.10.113:
    DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=DomainDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kpasswd._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=ForestDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=df357490-5d66-4dab-894d-0be67dc1708d._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=e.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=gc._msdcs,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=g.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.dbf16f4c-42f4-4fa3-bd03-ae5fd49f3f2a.domains._msdcs,DC=
zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=i.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=b.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=k.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=d.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kpasswd._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=f.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=h.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=a.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=j.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=c.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_gc._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=win2003,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_gc._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=centos53,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=@,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_kerberos._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.pdc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
    DC=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk

* Objets to be compared: 171

Comparing:
'DC=zahari,DC=tk' [10.191.10.95]
'DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        masteredBy
        msDs-masteredBy
        serverState
        subRefs
    FAILED

Comparing:
'CN=WIN2003,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=zahari,DC=tk' [10.191.10.95]
'CN=WIN2003,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        fRSMemberReferenceBL
    FAILED

Comparing:
'CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.95]
'CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        serverReferenceBL
        frsComputerReferenceBL
    FAILED

Comparing:
'CN=Administrator,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Administrator,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=Builtin,DC=zahari,DC=tk' [10.191.10.95]
'CN=Builtin,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        serverState
    FAILED

Comparing:
'CN=Domain Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=Domain Guests,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Guests,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=Domain Users,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Users,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=Enterprise Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Enterprise Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=Guest,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Guest,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=RID Set,CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.95]
'CN=RID Set,CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk'
[10.191.10.113]
    Attributes found only in 10.191.10.95:
        rIDNextRID
        rIDPreviousAllocationPool
    FAILED

Comparing:
'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

Comparing:
'CN=SUPPORT_388945a0,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=SUPPORT_388945a0,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
    Attributes found only in 10.191.10.95:
        memberOf
    FAILED

* Final result: FAILURE

SUMMARY
---------

Attributes found only in 10.191.10.95:

    frsComputerReferenceBL
    memberOf
    masteredBy
    subRefs
    msDs-masteredBy
    rIDPreviousAllocationPool
    fRSMemberReferenceBL
    serverReferenceBL
    rIDNextRID
    serverState


More information about the samba-technical mailing list