Replication fails with openchange attributes
Matthieu Patou
mat at samba.org
Sat Apr 28 23:35:17 MDT 2012
On 04/24/2012 06:06 AM, Karsten Bandlow wrote:
> Am 23.04.2012 00:07, schrieb Matthieu Patou:
>> On 04/10/2012 12:39 AM, K. Bandlow wrote:
>>> Hello,
>>> I want to add a secondary DC to my domain. But replication does not
>>> work since I add openchange Attributes.
>>>
>>> My machine was Debian sid. Samba alpha 18-4.
>>>
>>> Here is my command, at the end the last lines with -d5 switch
>>>
>>>
>>>
>>> root at pdc:/usr/share/samba/setup# samba-tool domain join cxx-br.local
>>> DC -Uadministrator --realm=cxx-br.local
>>> Finding a writeable DC for domain 'cxx-br.local'
>>> Found DC pdc2.cxx-br.local
>>> Password for [BRHH\administrator]:
>>> workgroup is BRHH
>>> realm is cxx-br.local
>>> checking sAMAccountName
>>> Adding CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Adding
>>> CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Adding CN=NTDS
>>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Adding SPNs to CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Setting account password for PDC$
>>> Enabling account
>>> Calling bare provision
>>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>>> No IPv6 address will be assigned
>>> partition_metadata: Migrating partition metadata
>>> Provision OK for domain DN DC=cxx-br,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[402/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[804/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[1206/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[1608/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[2010/2619] linked_values[0/0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=cxx-br,DC=local]
>>> objects[2412/2619] linked_values[0/0]
>>> Join failed - cleaning up
>>> checking sAMAccountName
>>> Deleted CN=PDC,OU=Domain Controllers,DC=cxx-br,DC=local
>>> Deleted CN=NTDS
>>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> Deleted
>>> CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cxx-br,DC=local
>>> ERROR(runtime): uncaught exception - (31, 'WERR_GENERAL_FAILURE')
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>> line 162, in _run
>>> return self.run(*args, **kwargs)
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>>> line 180, in run
>>> machinepass=machinepass)
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 967,
>>> in join_DC
>>> ctx.do_join()
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 874,
>>> in do_join
>>> ctx.join_replicate()
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 674,
>>> in join_replicate
>>> replica_flags=ctx.replica_flags)
>>> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
>>> 250, in replicate
>>> (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
>>> req_level, req)
>>> root at pdc:/usr/share/samba/setup#
>>>
>>> Here the last lines with -d5
>>>
>>>
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000001 (1)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015da (5594)
>>> meta_data: struct
>>> drsuapi_DsReplicaMetaData
>>> version
>>> : 0x00000002 (2)
>>> originating_change_time
>>> : Fri Apr 6 12:56:07 2012 CEST
>>>
>>> originating_invocation_id: 51cb798e-e91f-459c-a6df-6f3e8d607a33
>>> originating_usn
>>> : 0x00000000000015db (5595)
>>> more_data : 0x00000000 (0)
>>> nc_object_count : 0x00000000 (0)
>>> nc_linked_attributes_count: 0x00000000 (0)
>>> linked_attributes_count : 0x00000000 (0)
>>> linked_attributes : NULL
>>> drs_error : WERR_OK
>>> result : WERR_GENERAL_FAILURE
>> We need more informations.
>>
>> My guess is that the update require an attribute / class that doesn't
>> exists yet because it's in the following changes.
>>
>> A full log might help us.
>>
>> Matthieu.
>>
> Here comes the logfile http://178.77.77.98/debug.log.tar.gz compressed
> size ~ 6MB original Size ~ 100MB
>
> I did call following command
>
> ./bin/samba-tool domain join cxx-br.local DC -Uadministrator
> --password Password -d10 > debug.log 2>&1
>
> Without openchange attributes replication works fine.
So after all checks just one attribute is missing:
ms-Exch-Proxy-Gen-Options
You should be able to load this ldif in your provision and then after
the replication should work
#
dn: CN=msExch-Proxy-Gen-Options,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
cn: msExch-Proxy-Gen-Options
attributeID: 1.2.840.113556.1.4.7000.102.50044
attributeSyntax: 2.5.5.9
isSingleValued: TRUE
showInAdvancedViewOnly: TRUE
adminDisplayName: msExch-Proxy-Gen-Options
adminDescription: msExch-Proxy-Gen-Options
oMSyntax: 2
searchFlags: 0
lDAPDisplayName: msExchProxyGenOptions
name: msExch-Proxy-Gen-Options
schemaIDGUID: 974c9a02-33fc-11d3-aa6e-00c04f8eedd8
isMemberOfPartialAttributeSet: FALSE
objectCategory: CN=Attribute-Schema,${SCHEMADN}
Don't forget to set "dsdb:schema update allowed" to yes in the smb.conf
while trying to load this ldif.
Matthieu.
>
> Karsten
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list