Replication fails with openchange attributes
Matthieu Patou
mat at samba.org
Wed Apr 25 02:18:40 MDT 2012
On 04/24/2012 06:06 AM, Karsten Bandlow wrote:
> Am 23.04.2012 00:07, schrieb Matthieu Patou:
>> On 04/10/2012 12:39 AM, K. Bandlow wrote:
>>> Hello,
>>> I want to add a secondary DC to my domain. But replication does not
>>> work since I add openchange Attributes.
>>>
>>> My machine was Debian sid. Samba alpha 18-4.
>>>
>>> Here is my command, at the end the last lines with -d5 switch
>>>
>>>
>>>
>>> root at pdc:/usr/share/samba/setup# samba-tool domain join cxx-br.local
>>> DC -Uadministrator --realm=cxx-br.local
>>> Finding a writeable DC for domain 'cxx-br.local'
>>> Found DC pdc2.cxx-br.local
>>> Password for [BRHH\administrator]:
>>> workgroup is BRHH
>>> realm is cxx-br.local
>>> checking sAMAccountName
>>> Adding CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Adding
>>> CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Adding CN=NTDS
>>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Adding SPNs to CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Setting account password for PDC$
>>> Enabling account
>>> Calling bare provision
>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>> No IPv6 address will be assigned
>>> partition_metadata: Migrating partition metadata
>>> Provision OK for domain DN DC=cxx-br,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[402/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[804/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[1206/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[1608/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[2010/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[2412/2619] linked_values[0/0]
>>> Join failed - cleaning up
>>> checking sAMAccountName
>>> Deleted CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Deleted CN=NTDS
>>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Deleted
>>> CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> ERROR(runtime): uncaught exception - (31, 'WERR_GENERAL_FAILURE')
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>> line 162, in _run
>>> return self.run(*args, **kwargs)
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>>> line 180, in run
>>> machinepass=machinepass)
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 967,
>>> in join_DC
>>> ctx.do_join()
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 874,
>>> in do_join
>>> ctx.join_replicate()
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 674,
>>> in join_replicate
>>> replica_flags=ctx.replica_flags)
>>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>>> 250, in replicate
>>> (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
>>> req_level, req)
>>> root at pdc:/usr/share/samba/setup#
>>>
>>> Here the last lines with -d5
>>>
>>>
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000002 (2)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015db (5595)
>>> more_data : 0x00000000 (0)
>>> nc_object_count : 0x00000000 (0)
>>> nc_linked_attributes_count: 0x00000000 (0)
>>> linked_attributes_count : 0x00000000 (0)
>>> linked_attributes : NULL
>>> drs_error : WERR_OK
>>> result : WERR_GENERAL_FAILURE
>> We need more informations.
>>
>> My guess is that the update require an attribute / class that doesn't
>> exists yet because it's in the following changes.
>>
>> A full log might help us.
>>
>> Matthieu.
>
> I did call following command
>
> ./bin/samba-tool domain join cxx-br.local DC -Uadministrator
> --password Password -d10 > debug.log 2>&1
>
> Without openchange attributes replication works fine.
>
Ok got it, it's a broken schema in openchange it lacks (at least) the
msExch-Proxy-Gen-Options attribute, Openchange is using the relax
control but it's a two sided sword.
I'm surprised that we don't check the mayContain when we load the
schema, I'll file a bug for this.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list