[Samba] Possible problems with AD Schema in Samba 4

Marcio Demetrio Bacci marciobacci at gmail.com
Thu Jul 25 14:25:06 UTC 2019 

Hi,

I found that the base of Samba 4 DC is different from the base of Windows
Server 2008 DC. There are many mistakes when  I make the comparison as the
result as follows (only parts of reult):

samba-tool ldapcmp ldap://WINDC1 ldap://SAMBA4-DC -Uadministrator
Password for [EMPRESA\administrator]:

* Comparing [DOMAIN] context...

* DN lists have different size: 1787 != 1788

* DNs found only in ldap://WINDC1:
    CN=TESTE-COMP,CN=COMPUTERS,DC=EMPRESA,DC=COM,DC=BR
    CN=MANE,CN=USERS,DC=EMPRESA,DC=COM,DC=BR

* DNs found only in ldap://SAMBA4-DC:
    CN=COMP300061111,CN=COMPUTERS,DC=EMPRESA,DC=COM,DC=BR
    CN=BB,CN=COMPUTERS,DC=EMPRESA,DC=COM,DC=BR
    CN=WMANE,CN=USERS,DC=EMPRESA,DC=COM,DC=BR

* Objects to be compared: 1785

...

Comparing:
'CN=SERGIO,CN=USERS,DC=EMPRESA,DC=COM,DC=BR' [ldap://WINDC1]
'CN=SERGIO,CN=USERS,DC=EMPRESA,DC=COM,DC=BR' [ldap://SAMBA4-DC]
    Difference in attribute values:
        lastLogonTimestamp =>
[b'132076662777728517']
[b'132084540442594920']

    FAILED

Comparing:
'CN=COMP10013,CN=COMPUTERS,DC=EMPRESA,DC=COM,DC=BR' [ldap://WINDC1]
'CN=COMP10013,CN=COMPUTERS,DC=EMPRESA,DC=COM,DC=BR' [ldap://SAMBA4-DC]
    Difference in attribute values:
        servicePrincipalName =>
[b'HOST/COMP10013', b'HOST/COMP10013.empresa.com.br',
b'RestrictedKrbHost/COMP10013', b'RestrictedKrbHost/COMP10013.empresa.com.br',
b'TERMSRV/COMP10013', b'TERMSRV/ass10013.empresa.com.br']
[b'HOST/COMP10013', b'HOST/COMP10013.empresa.com.br',
b'RestrictedKrbHost/COMP10013', b'RestrictedKrbHost/COMP10013.empresa.com.br',
b'TERMSRV/COMP10013', b'TERMSRV/COMP10013.empresa.com.br', b'TERMSRV/
ass10013.empresa.com.br']

    FAILED


...

    FAILED
ERROR(<class 'KeyError'>): uncaught exception - 'mS-DS-CreatorSID'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 957,
in run
    if b1.diff(b2):
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 781,
in diff
    if object1 == object2:
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 549,
in __eq__
    return self.cmp_attrs(other)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ldapcmp.py", line 590,
in cmp_attrs
    if isinstance(self.attributes[x], list) and
isinstance(other.attributes[x], list):


########################################

The Schema version of my Windows 2008 Server is 44 and I am using Samba
4.10.6-Debian:

ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=empresa,dc=com,dc=br' -s base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
objectVersion: 44

# returned 1 records
# 1 entries
# 0 referrals

I believe that the problem is related as the Samba 4 works with AD Schema,
as found at: https://wiki.samba.org/index.php/AD_Schema_Version_Support

Would anyone have an idea how to solve this problem?

Regards,

Márcio Bacci

More information about the samba mailing list