Error 8418: The replication operation failed because of a schema mismatch between the servers involved
Evgeny Sinelnikov
sin at altlinux.ru
Thu Mar 31 18:46:16 UTC 2016
2016-03-31 10:18 GMT+03:00 Andrew Bartlett <abartlet at samba.org>:
> On Tue, 2016-03-29 at 16:06 +0000, Sinelnikov Evgeniy wrote:
>> Hello,
>>
>> I found solution for this problem.
>>
>> I it is not due DCERPC interconnection, like I think (
>> https://bugzilla.samba.org/show_bug.cgi?id=11758).
>> But it is really due wrong attid in DsGetNCChanges response from
>> Samba.
>> To localize this problem I logged all DCERPC packets into files (see
>> DEBUG patches).
>>
>> At next step I filtered all replicated objects expected one only. And
>> found that is User or Computer with additional linked attributes from
>> Microsoft Exchange extension like homeMDB, for example.
>>
>> I got as result two GetNCChanges responses from Samba DC and Windows
>> DC and compare them.
>> ...
>> guid :
>> eb8f5dd6-417a-45ec-8d9d-c52a60285aaf
>> - sid : S
>> -1-5-21-8659820-343394492-589173015-1126
>> - __ndr_size_dn :
>> 0x00000024 (36)
>> - dn :
>> 'CN=User11,CN=Users,DC=company3,DC=dd'
>> - attid :
>> UNKNOWN_ENUM_VALUE (0x200F4)
>> + sid : S
>> -0-0
>> + __ndr_size_dn :
>> 0x00000000 (0)
>> + dn :
>> ''
>> + attid :
>> UNKNOWN_ENUM_VALUE (0x88EC88B7)
>> value: struct
>> drsuapi_DsAttributeValue
>> ...
>>
>> At next part I found simple solution, which works for me.
>>
>> --- a/source4/rpc_server/drsuapi/getncchanges.c
>> +++ b/source4/rpc_server/drsuapi/getncchanges.c
>> @@ -477,7 +477,7 @@ static WERROR get_nc_changes_add_la(TALLOC_CTX
>> *mem_ctx,
>> return WERR_OK;
>> }
>> }
>> - la->attid = sa->attributeID_id;
>> + la->attid = sa->msDS_IntId == 0 ? sa->attributeID_id : sa
>> ->msDS_IntId;
>> la->flags = active?DRSUAPI_DS_LINKED_ATTRIBUTE_FLAG_ACTIVE:0;
>>
>> status = dsdb_get_extended_dn_uint32(dsdb_dn->dn, &la
>> ->meta_data.version, "RMD_VERSION");
>>
>>
>> Please, review my patch for rpc_server/drsuapi.
>
> Thanks so much for isolating it down. Please re-work it to use
>
> dsdb_attribute_get_attid(sa, is_schema_nc);
>
> And re-submit as a git commit using 'git format-patch -1 -s'
>
> Then, finally, we need a test, if at all possible. I'm about to write
> one for normal attributes from custom schema, inspecting
> replPropertMetaData. We need to work out if we can do the same for
> this.
>
> Thanks!
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
Ok, I re-work patch with dsdb_attribute_get_attid() without check that
is schema attribute. This is looks like enough. If it is not I have
another tested patch adds is_schema_nc argument to
get_nc_changes_add_la() and get_nc_changes_add_links() functions.
At finally, we need a manual test with replication for normal
attributes from custom schema. We looks to ndrdump packets with it and
inspect it.
This is not torture reproducable test. Is it right?
Last time I'm testing rpm build of samba-4.4.0 for CentOS-7. And will
retry previous test environment after rebuild current staff with
dcesrv:stubs directory fixes tommorow.
--
Sin (Sinelnikov Evgeny)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-rpc_server-drsuapi-Set-msDS_IntId-as-attid-for-linke.patch
Type: text/x-patch
Size: 1125 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160331/95497421/0001-rpc_server-drsuapi-Set-msDS_IntId-as-attid-for-linke.bin>
More information about the samba-technical
mailing list