[Samba] Schema extension for Exchange and WERR_DS_DRA_SCHEMA_MISMATCH
Sinelnikov Evgeniy
Sinelnikov.E at digdes.com
Thu Feb 11 18:44:02 UTC 2016
Hello,
A couple days ago I wrote a message about replication problem with Exchange to samba-technical@:
https://lists.samba.org/archive/samba-technical/2016-February/112019.html
Problem I want to resolve looks like "exchange schema _not_ installed on the samba4 AD DC":
https://lists.samba.org/archive/samba/2015-May/191636.html
I try to search additional information and found old message about same problem:
https://lists.samba.org/archive/samba-technical/2013-February/090513.html
Could anybody say about Samba readiness "to be used an exchange server" with
all needed "ldap controls / construction that are required by exchange" in current time?
At this time I don't understand how to know which schema is really applied on Samba DC
after join it to existing domain.
I try to verify it for my current configuration:
- dc01 - Windows 2003 R2 with Exchange 2003 extended schema
- dc02 - CentOS 7.2 with Samba-4.3.4
_________________________________
At first, I got ldif on Linux with ldbsearch:
_________________________________
$ ldbsearch --paged -S -k yes -H ldap://dc01.company3.dd -b CN=Schema,CN=Configuration,DC=company3,DC=dd (objectclass=*)
$ ldbsearch --paged -S -k yes -H ldap://dc02.company3.dd -b CN=Schema,CN=Configuration,DC=company3,DC=dd (objectclass=*)
attribute comparison looks here as is:
...
@@ -74427,8 +74427,8 @@
schemaIDGUID: d2888db3-2b0d-4d6a-831e-4efdfc036584
searchFlags: 0
showInAdvancedViewOnly: TRUE
-uSNChanged: 24179
-uSNCreated: 24179
+uSNChanged: 2061
+uSNCreated: 2061
whenChanged: 20160127131052.0Z
whenCreated: 20160127131052.0Z
@@ -74453,23 +74453,32 @@
objectClass: dMD
objectGUID: 7a51a45f-0110-445f-977a-6e9dbe745abd
objectVersion: 30
-prefixMap:: CAAAAIIAAAA0EwsAKoZIhvcUAQS2WGZLEwsAKoZIhvcUAQW2WD5lEwwAKoZIhvcUAQ
- S2WGaDaBMMACqGSIb3FAEEtlhmgYITDAAqhkiG9xQBBbZYPoESFAwAKoZIhvcUAQW2WD6DpBUKACq
- GSIb3FAEGFAGqFQoAKoZIhvcUAQYUAg==
-repsTo:: AQAAAAAAAAAUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAADwAAAAQAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKX3QKCbVzp
- Om7VKH4rY8V0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAAGEwNDBm
- N2E1LTU3OWItNGUzYS05YmI1LTRhMWY4YWQ4ZjE1ZC5fbXNkY3MuY29tcGFueTMuZGQA
-repsTo:: AQAAAAAAAAAUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAADwAAAAQAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALaL9n9hzQp
- HgOGari5Kz5oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAAAADdmZjY4
- YmI2LWNkNjEtNDcwYS04MGUxLTlhYWUyZTRhY2Y5YS5fbXNkY3MuY29tcGFueTMuZGQA
+prefixMap: 0:2.5.4;1:2.5.6;2:1.2.840.113556.1.2;3:1.2.840.113556.1.3;4:2.16.84
+ 0.1.101.2.2.1;5:2.16.840.1.101.2.2.3;6:2.16.840.1.101.2.1.5;7:2.16.840.1.101.
+ 2.1.4;8:2.5.5;9:1.2.840.113556.1.4;10:1.2.840.113556.1.5;19:0.9.2342.19200300
+ .100;20:2.16.840.1.113730.3;21:0.9.2342.19200300.100.1;22:2.16.840.1.113730.3
+ .1;23:1.2.840.113556.1.5.7000;24:2.5.21;25:2.5.18;26:2.5.20;11:1.2.840.113556
+ .1.4.260;12:1.2.840.113556.1.5.56;13:1.2.840.113556.1.4.262;14:1.2.840.113556
+ .1.5.57;15:1.2.840.113556.1.4.263;16:1.2.840.113556.1.5.58;17:1.2.840.113556.
+ 1.5.73;18:1.2.840.113556.1.4.305;27:1.3.6.1.4.1.1466.101.119;28:2.16.840.1.11
+ 3730.3.2;29:1.3.6.1.4.1.250.1;30:1.2.840.113549.1.9;31:0.9.2342.19200300.100.
+ 4;32:1.2.840.113556.1.6.23;33:1.2.840.113556.1.6.18.1;34:1.2.840.113556.1.6.1
+ 8.2;35:1.2.840.113556.1.6.13.3;36:1.2.840.113556.1.6.13.4;37:1.3.6.1.1.1.1;38
+ :1.3.6.1.1.1.2;4916:1.2.840.113556.1.4.7000.102;4939:1.2.840.113556.1.5.7000.
+ 62;4965:1.2.840.113556.1.4.7000.102:0x83;4968:1.2.840.113556.1.4.7000.102:0x8
+ 1;4994:1.2.840.113556.1.5.7000.62:0x81;5138:1.2.840.113556.1.5.7000.62:0x83;5
+ 540:1.2.840.113556.1.6.20.1;5546:1.2.840.113556.1.6.20.2
+replUpToDateVector:: AgAAAAAAAAABAAAAAAAAAAXiIq5GX+9IsWUn30RohDuloAAAAAAAABZZz
+ QwDAAAA
+repsFrom:: AQAAAAAAAAAMAQAAAAAAABdZzQwDAAAAF1nNDAMAAAAAAAAA0AAAADwAAAB0AAAAERE
+ RERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERERER
+ ERERERERERERERERERERERERERERERERAAAAAHugAAAAAAAAAAAAAAAAAAB7oAAAAAAAAAXiIq5GX
+ +9IsWUn30RohDsF4iKuRl/vSLFlJ99EaIQ7AAAAAAAAAAAAAAAAAAAAADgAAABhZTIyZTIwNS01Zj
+ Q2LTQ4ZWYtYjE2NS0yN2RmNDQ2ODg0M2IuX21zZGNzLmNvbXBhbnkzLmRkAA==
schemaInfo:: /wAACG4F4iKuRl/vSLFlJ99EaIQ7
showInAdvancedViewOnly: TRUE
-uSNChanged: 25028
-uSNCreated: 4102
+uSNChanged: 8
+uSNCreated: 8
whenChanged: 20160127131142.0Z
whenCreated: 20160127092803.0Z
_________________________________
At second, I got a list of attribuites on Windows with adexplorer:
_________________________________
attribute comparison looks here as is:
@@ -10,11 +10,12 @@
objectClass OID 2 top;dMD
objectGUID OctetString 1 {7A51A45F-0110-445F-977A-6E9DBE745ABD}
objectVersion Integer 1 30
-prefixMap OctetString 1 8 0 0 0 130 0 0 0 52 19 11 0 42 134 72 134 247 20 1 4 182 88 102 75 19 11 0 42 134 72 134 247 20 1 5 182 88 62 101 19 12 0 42 134 72 134 247 20 1 4 182 88 102 131 104 19 12 0 42 134 72 134 247 20 1 4 182 88 102 129 130 19 12 0 42 134 72 134 247 20 1 5 182 88 62 129 18 20 12 0 42 134 72 134 247 20 1 5 182 88 62 131 164 21 10 0 42 134 72 134 247 20 1 6 20 1 170 21 10 0 42 134 72 134 247 20 1 6 20 2
-repsTo ReplicaLink 2 1 0 0 0 0 0 0 0 20 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 216 0 0 0 60 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 165 247 64 160 155 87 58 78 155 181 74 31 138 216 241 93 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 56 0 0 0 97 48 52 48 102 55 97 53 45 53 55 57 98 45 52 101 51 97 45 57 98 98 53 45 52 97 49 102 56 97 100 56 102 49 53 100 46 95 109 115 100 99 115 46 99 111 109 112 97 110 121 51 46 100 100 0;1 0 0 0 0 0 0 0 20 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 216 0 0 0 60 0 0 0 16 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 182 139 246 127 97 205 10 71 128 225 154 17
+prefixMap OctetString 1 66 68 83 68 0 0 0 0 47 0 0 0 0 0 2 0 47 0 0 0 0 0 0 0 2 0 0 0 4 0 2 0 1 0 0 0 2 0 0 0 8 0 2 0 2 0 0 0 8 0 0 0 12 0 2 0 3 0 0 0 8 0 0 0 16 0 2 0 4 0 0 0 8 0 0 0 20 0 2 0 5 0 0 0 8 0 0 0 24 0 2 0 6 0 0 0 8 0 0 0 28 0 2 0 7 0 0 0 8 0 0 0 32 0 2 0 8 0 0 0 2 0 0 0 36 0 2 0 9 0 0 0 8 0 0 0 40 0 2 0 10 0 0 0 8 0 0 0 44 0 2 0 19 0 0 0 8 0 0 0 48 0 2 0 20 0 0 0 8 0 0 0 52 0 2 0 21 0 0 0 9 0 0 0 56 0 2 0 22 0 0 0 9 0 0 0 60 0 2 0 23 0 0 0 10 0 0 0 64 0 2 0 24 0 0 0 2 0 0 0 68 0 2 0 25 0 0 0 2 0 0 0 72 0 2 0 26 0 0 0 2 0 0 0 76 0 2 0 11 0 0 0 10 0 0 0 80 0 2 0 12 0 0 0 9 0 0 0 84 0 2 0 13 0 0 0 10 0 0 0 88 0 2 0 14 0 0 0 9 0 0 0 92 0 2 0 15 0 0 0 10 0 0 0 96 0 2 0 16 0 0 0 9 0 0 0 100 0 2 0 17 0 0 0 9 0 0 0 104 0 2 0 18 0 0 0 10 0 0 0 108 0 2 0 27 0 0 0 9 0 0 0 112 0 2 0 28 0 0 0 9 0 0 0 116 0 2 0 29 0 0 0 8 0 0 0 120 0 2 0 30 0 0 0 8 0 0 0 124 0 2 0 31 0 0 0 9 0 0 0 128 0 2 0 32 0 0 0 9 0 0 0 132 0 2 0 33 0 0 0 10 0 0 0 136 0 2 0 34 0 0 0 10 0 0 0 140 0 2 0 35 0 0 0 10 0 0 0 144 0 2 0 36 0 0 0 10 0 0 0 148 0 2 0 37 0
+replUpToDateVector OctetString 1 2 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 5 226 34 174 70 95 239 72 177 101 39 223 68 104 132 59 197 160 0 0 0 0 0 0 62 90 205 12 3 0 0 0
+repsFrom ReplicaLink 1 1 0 0 0 0 0 0 0 12 1 0 0 0 0 0 0 62 90 205 12 3 0 0 0 62 90 205 12 3 0 0 0 0 0 0 0 208 0 0 0 60 0 0 0 116 0 0 0 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 17 0 0 0 0 165 160 0 0 0 0 0 0 0 0 0 0 0 0 0 0 165 160 0 0 0 0 0 0 5 226 34 174 70 95 239 72 177 101 39 223 68 104 132 59 5 226 34 174 70 95 239 72 177 101 39 223 68 104 132 59 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 56 0 0 0 97 101 50 50 101 50 48 53 45 53 102 52 54 45 52 56 101 102 45 98 49 54 53 45 50 55 100 102 52 52 54 56 56 52 51 98 46 95 109 115 100 99 115 46 99 111 109 112 97 110 121 51 46 100 100 0
schemaInfo OctetString 1 255 0 0 8 110 5 226 34 174 70 95 239 72 177 101 39 223 68 104 132 59
showInAdvancedViewOnly Boolean 1 TRUE
-uSNChanged Integer8 1 0x61C4
-uSNCreated Integer8 1 0x1006
+uSNChanged Integer8 1 0x8
+uSNCreated Integer8 1 0x8
whenChanged GeneralizedTime 1 27.01.2016 13:11:42
whenCreated GeneralizedTime 1 27.01.2016 9:28:03
_____________________________
At finally, problem looks like WERR_DS_DRA_SCHEMA_MISMATCH replication problem
During replication from Samba DC on Windows DC, but not vice versa:
# samba-tool drs replicate dc01 dc02 dc=company3,dc=dd
Start replicating for source GUID a040f7a5-579b-4e3a-9bb5-4a1f8ad8f15d.
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py", line 349, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle, source_dsa_guid, NC, req_options)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
# samba-tool drs replicate dc02 dc01 dc=company3,dc=dd
Start replicating for source GUID ae22e205-5f46-48ef-b165-27df4468843b.
Replicate from dc01 to dc02 was successful.
Also Schema replication looks like works fine:
# samba-tool drs replicate dc02 dc01 cn=Schema,cn=Configuration,dc=company3,dc=dd
Start replicating for source GUID ae22e205-5f46-48ef-b165-27df4468843b.
Replicate from dc01 to dc02 was successful.
# samba-tool drs replicate dc01 dc02 cn=Schema,cn=Configuration,dc=company3,dc=dd
Start replicating for source GUID a040f7a5-579b-4e3a-9bb5-4a1f8ad8f15d.
Replicate from dc02 to dc01 was successful.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dc01-dc02-adexplorer-schemas.txt
URL: <http://lists.samba.org/pipermail/samba/attachments/20160211/dc28d0ef/dc01-dc02-adexplorer-schemas.txt>
More information about the samba
mailing list