[PATCH] rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists

Andrew Bartlett abartlet at samba.org
Fri Apr 1 19:25:53 UTC 2016 

On Fri, 2016-04-01 at 17:46 +0300, Evgeny Sinelnikov wrote:
> Hello,
> 
> I send this email about topic of "Error 8418: The replication
> operation failed because of a schema mismatch between the servers
> involved":
> - https://lists.samba.org/archive/samba-technical/2016-February/11215
> 1.html
> - https://lists.samba.org/archive/samba-technical/2016-February/11217
> 4.html
> - https://lists.samba.org/archive/samba-technical/2016-February/11236
> 1.html
> - https://lists.samba.org/archive/samba-technical/2016-March/113261.h
> tml
> - https://lists.samba.org/archive/samba-technical/2016-April/113304.h
> tml
> 
> Recently I tries to find solution for Samba replication problem with
> MS Exchange schema extension and other products with same feature.
> 
> Problem looks like error SCHEMA_MISMATCH error during replication
> process from Samba DC to Windows DC:
> # samba-tool drs replicate dc01 dc02 dc=company3,dc=dd
> ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
> drsException: DsReplicaSync failed (8418,
> 'WERR_DS_DRA_SCHEMA_MISMATCH')
>   File "/usr/local/samba/lib64/python2.7/site
> -packages/samba/netcmd/drs.py",
> line 349, in run
>     drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
> source_dsa_guid, NC, req_options)
>   File "/usr/local/samba/lib64/python2.7/site
> -packages/samba/drs_utils.py",
> line 83, in sendDsReplicaSync
>     raise drsException("DsReplicaSync failed %s" % estr)
> 
> 
> Previously I created a bug about suspection in DCERPC implementation
> error:
> https://bugzilla.samba.org/show_bug.cgi?id=11758
> where also enumarates other bugs, which looks similar:
> https://bugzilla.samba.org/show_bug.cgi?id=11388
> https://bugzilla.samba.org/show_bug.cgi?id=11172
> https://bugzilla.samba.org/show_bug.cgi?id=10470
> 
> 
> Current patch solves this problem and tested on Samba-4.4.0 release.
> 
> Please, review and push it.

Very well done.  I'm impressed!

We need to confirm the behaviour in the schema partition, and once we
have that worked out, we can proceed to merge this.  

Doing that requires creating a linked attribute with an msDS-IntID
value, on a schema object.  This may never happen in the real world,
but if we are going to solve it, we should solve it correctly.  

I did mention that we need tests.  We need the custom schema tests to
create a linked attribute pair with an msDS-IntID value, and we then
need to perform a DRS operation to fetch those, like the repl_exop test
code does, and assert on the values.  We also need to make our DRS
client assert that the correct values are being used, and so fail just
as Windows did.

Finally, be aware that there are still bugs in this area.  In
particular I have a set of patches to fix other replication issues at h
ttp://git.catalyst.net.nz/gw?p=samba.git;a=shortlog;h=refs/heads/tombst
one-reanimation, but couldn't get those into Samba because we (now)
start consistently hit the 'normal attribute' version of this issue,
but only in a full make test. 

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list