[Samba] LDAPcmp show errors (serverState, subRefs)

Andrew Bartlett abartlet at samba.org
Wed Dec 4 00:13:51 MST 2013 

On Tue, 2013-12-03 at 13:28 +0100, Thomas Zeitinger wrote:
> Hi there!
> 
> Here it is a setup with an Windows 2003 SBS and two Samba 4.1.2.
> Everything is working fine, but I found differences in LDAP and need to
> know if this is relevant for replication
> 
> samba-tool ldapcmp ldap://sbssrv2003 ldap://samba4.1.2
> 
> [...]
> Comparing:
> 'CN=Builtin,DC=SAMBADOMAIN,DC=local' [ldap://gaia]
> 'CN=Builtin,DC=SAMBADOMAIN,DC=local' [ldap://samba1]
>     Attributes found only in ldap://gaia:
>         serverState
>     FAILED
> [...]
> Comparing:
> 'DC=SAMBADOMAIN,DC=local' [ldap://gaia]
> 'DC=SAMBADOMAIN,DC=local' [ldap://samba1]
>     Attributes found only in ldap://gaia:
>         serverState
>         subRefs
>     FAILED
> [...]
> 
> Microsoft says: "serverState: Indicates whether the server is enabled or
> disabled. A value of 1 indicates that the server is enabled. A value of
> 2 indicates that the server is disabled. All other values are invalid."
> (http://msdn.microsoft.com/en-us/library/windows/desktop/ms679776%28v=vs.85%29.aspx)
> 
> But I cannot find information if this flag must only be set on one of
> the PDC? Or do samba not support this attrtibute?
> 
> 
> subRefs: "List of subordinate references of a Naming Context."
> (http://msdn.microsoft.com/en-us/library/windows/desktop/ms679895%28v=vs.85%29.aspx)
> 
> dn: DC=SAMBADOMAIN,DC=local
> objectClass: top
> objectClass: domain
> objectClass: domainDNS
> distinguishedName: DC=SAMBADOMAIN,DC=local
> subRefs: DC=ForestDnsZones,DC=SAMBADOMAIN,DC=local
> subRefs: DC=DomainDnsZones,DC=SAMBADOMAIN,DC=local
> subRefs: CN=Configuration,DC=SAMBADOMAIN,DC=local
> [...]
> 
> Why it is set only on the windows server?

We need patches to correctly implement these attributes.  They are
marked not-replicated, so we need to maintain their state locally. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list