[Samba] Samba AD DC Replication Problems

Nick Couchman Nick.Couchman at seakr.com
Mon Oct 21 12:29:57 MDT 2013 

>>> On 2013/10/20 at 17:03, "Nick Couchman" <Nick.Couchman at seakr.com> wrote: 
> I've seen a couple of posts related to this, but nothing with definitive 
> solutions or even hints that helped me in the right direction.  I'm 
> attempting to add Samba4 DCs to my existing AD domain.  This mostly works - it 
> replicates in information from the Windows DCs, starts the services, and 
> appears to have all of the necessary information.  Scheduled replications 
> from the Windows DCs to the Samba DCs work fine, but the Samba -> Windows 
> replication is failing with a "Schema Mismatch" error (8418, 
> 'WERR_DS_DRA_SCHEMA_MISMATCH').  The schema in the Samba DC was replicated 
> from the Windows DC, so it should be identical, but it is not.  Anyone know 
> what might be going on here - what schema Samba has that AD does not, what 
> schema I might need to add to AD, or even how to debug this?  I've turned up 
> the logging level on one of my Samba DCs, but it isn't yielding any useful 
> information - nothing that tells me what about the schema is mis-matched.
> 
> Any insights, anyone - I'd love to get Samba up and running as a DC, 
> especially with Samba 4.1 supporting the additional schemas from Windows!
> 
> Thanks,
> Nick
> 
> 

Well, I figured out what was causing the replication error, but perhaps someone can help me understand why this happened.  I was getting a schema error, but the reality was that, in one of the attributes for one of the computer entries, there was a duplicate value.  The duplicate was there because the case was different - I believe the attribute was servicePrincipalName or something like that, which has multiple values, anyway.  On one of the values, there were two identical entries, except that one entry was entirely upper case, and one was entirely lower-case.

Anyone know how/why this would happen, and if there's some setting I need to change to prevent it?

-Nick



--------
This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information.  If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way.  If you have received this message in error, please delete the message from your mailbox.  This e-mail may contain export-controlled material and should be handled accordingly.

More information about the samba mailing list