[Samba] 4.2.2 as AD with 2 DCs: database incoherency

Rowland Penny rowlandpenny241155 at gmail.com
Thu Jul 16 07:37:56 UTC 2015


On 16/07/15 07:19, Daniel Müller wrote:
> On my site with samba 4.18 on centos 6:
>
> 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed :
>
>      [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator
> Password for [TPLK\administrator]:
>
> * Comparing [DOMAIN] context...
>
> * Objects to be compared: 606
>
> Comparing:
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          serverState
>      FAILED
>
> Comparing:
> 'DC=tplk,DC=loc' [ldap://s4master]
> 'DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>          serverState
>      FAILED
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      serverState
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1616
>
> Comparing:
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          subRefs
>          msDS-NcType
>      FAILED
>
> * Result for [CONFIGURATION]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      subRefs
>
> * Comparing [SCHEMA] context...
>
> * Objects to be compared: 1550
>
> Comparing:
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [SCHEMA]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 333
>
> Comparing:
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>
> * Comparing [DNSFOREST] context...
>
> * Objects to be compared: 19
>
> Comparing:
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSFOREST]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
>
>
> Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
> Gesendet: Mittwoch, 15. Juli 2015 17:35
> An: samba at lists.samba.org
> Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency
>
> On 15/07/15 14:31, mathias dufresne wrote:
>> Hi all,
>>
>> I'm having a test AD domain composed with 2 DC, using Sernet's version
>> of Samba 4.2.2.
>>
>> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00).
>>
>> These two are using TDB as a backend (as we have no other choice at
>> this stage of Samba's development).
>>
>> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 #
>> returned 27392 records # *27389* entries # 3 referrals *dc00*:~#
>> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27892
>> records # *27889* entries # 3 referrals
>>
>> I'm wondering with I'm missing 500 groups on dc20 database.
>>
>> Perhaps this issue comes from the fact there was a space issue on dc00
>> (/var/log/samba/log.samba fulfilled /var (debug) and database is on
>> same FS into /var/lib/samba).
>>
>> Anyway, do we have something to force databases to come back to a
>> coherent state?
>> Could we tdbdump the DB on one host then tdbrestore it on the other?
>>
>> Kindly regards,
>>
>> mathias
> What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' show ?
>
> More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Stop worrying, all the failing attributes are non replicating 
attributes, this has been fixed in later samba4 versions.

Rowland




More information about the samba mailing list