[Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

Denis Cardon denis.cardon at tranquil-it-systems.fr
Wed Dec 10 00:54:52 MST 2014 

Hi Daniel,
>
> Running  samba-tool ldapcmp on my both DCs samba 4.1.7  leads to the output
> :
>
>
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>          serverState
>      FAILED
>
> How to deal with this?
> I am missing something?

AD DC are not exact copies of each others. There are some attributes 
that are not synchronized.

according to [1], msDS-NcType has the flag FLAG_ATTR_NOT_REPLICATED

from [2] : "nonreplicated attribute: An attribute whose values are not 
replicated between naming context (NC) replicas. The nonreplicated 
attributes of an object are, in effect, local variables of the domain 
controller (DC) hosting the NC replica containing that object, since 
changes to these attributes have no effect outside that DC."

For serverState, I guess it is a similar situation.

You can ignore those message using the --filter=msDS-NcType to your 
ldapcmp command line.

Cheers,

Denis

[1] http://msdn.microsoft.com/en-us/library/cc220312.aspx
[2] 
http://msdn.microsoft.com/en-us/library/33b94545-9ae1-4cc8-9ce5-4be893b7bec3#non-replicated_attribute 

>
>
>
>
>
> [root at s4slave ~]#  samba-tool ldapcmp ldap://s4master ldap://s4slave
> -Uadministrator domain
> Password for [TPLK\administrator]:
>
> * Comparing [DOMAIN] context...
>
> * Objects to be compared: 518
>
> Comparing:
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          serverState
>      FAILED
>
> Comparing:
> 'DC=tplk,DC=loc' [ldap://s4master]
> 'DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>          serverState
>      FAILED
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      serverState
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator configuration
> Password for [TPLK\administrator]:
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1616
>
> Comparing:
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          subRefs
>          msDS-NcType
>      FAILED
>
> * Result for [CONFIGURATION]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      subRefs
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator schema
> Password for [TPLK\administrator]:
>
> * Comparing [SCHEMA] context...
>
> * Objects to be compared: 1550
>
> Comparing:
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [SCHEMA]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator dnsdomain
> Password for [TPLK\administrator]:
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 191
>
> Comparing:
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
> -Uadministrator dnsdomain
> Password for [TPLK\administrator]:
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 191
>
> Comparing:
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator dnsforest
> Password for [TPLK\administrator]:
>
> * Comparing [DNSFOREST] context...
>
> * Objects to be compared: 19
>
> Comparing:
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSFOREST]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
>
>
> Greetings
> Daniel
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
>


-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list