[Samba] Problems with replication in the Samba 4
Marcio Demetrio Bacci
marciobacci at gmail.com
Mon Jul 29 12:15:23 UTC 2019
Hi,
Please, Would anyone help me?
Regards,
Márcio Bacci
Em sáb, 27 de jul de 2019 às 16:13, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> I noticed that my Samba 4 DC isn't OK, because the are differences between
> the data storaged int he Schema on my Windows Server 2008 (isn't R2) DC and
> Samba 4 DC.
>
> This way, I performed several tests on my servers as shown below.
>
> Follow the results of command repadmin in the Windows Server 2008:
>
>
> C:\Windows\system32>repadmin /showreps /verbose
>
> Default-First-Site-Name\WIN-DC1
> Opções DSA: IS_GC
> Opções de site: (none)
> GUID de objeto DSA: d580939f-a8b9-43ea-84e9-be0f9bd29468
> ID Invocation DSA: 71c305c7-564f-44dc-bdc7-c03ee501bd52
>
> ==== VIZINHOS DE ENTRADA ======================================
>
> DC=empresa,DC=com,DC=br
> Default-First-Site-Name\SAMBA4-DC via RPC
> GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
> msdcs.empresa.com.br
> ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE NEVER_SYNCED
> USNs: 0/OU, 0/PU
> Last attempt on 2019-07-27 15:05:47 was delayed for a standard
> reason
> l,
> resultado 8418 (0x20e2):
> Replication operation failed due to a difference between the servers
> involved.
> Último êxito em (never).
> Default-First-Site-Name\WIN-DC2 via RPC
> GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
> Address: 3b894dae-0497-43ae-b69a-e31750112321._
> msdcs.empresa.com.br
> ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 26947030/OU, 26947030/PU
> Last attempt on 2019-07-27 15:28:39 successful.
>
> CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\SAMBA4-DC via RPC
> GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
> msdcs.empresa.com.br
> ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 8413/OU, 8413/PU
> Last attempt on 2019-07-27 14:58:10 successful.
> Default-First-Site-Name\WIN-DC2 via RPC
> GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
> Address: 3b894dae-0497-43ae-b69a-e31750112321._
> msdcs.empresa.com.br
> ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 26946849/OU, 26946849/PU
> Last attempt on 2019-07-27 14:58:11 successful.
>
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
> Address: 3b894dae-0497-43ae-b69a-e31750112321._
> msdcs.empresa.com.br
> ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 26946580/OU, 26946580/PU
> Last attempt on 2019-07-27 14:58:11 successful.
> Default-First-Site-Name\SAMBA4-DC via RPC
> GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
> msdcs.empresa.com.br
> ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 8415/OU, 8415/PU
> Last attempt on 2019-07-27 15:05:47 successful.
>
> DC=DomainDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
> Address: 3b894dae-0497-43ae-b69a-e31750112321._
> msdcs.empresa.com.br
> ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 26946580/OU, 26946580/PU
> Last attempt on 2019-07-27 14:58:11 successful.
> Default-First-Site-Name\SAMBA4-DC via RPC
> GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
> msdcs.empresa.com.br
> ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 8416/OU, 8416/PU
> Last attempt on 2019-07-27 14:58:11 successful.
>
> DC=ForestDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\SAMBA4-DC via RPC
> GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._
> msdcs.empresa.com.br
> ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 8417/OU, 8417/PU
> Last attempt on 2019-07-27 14:58:11 successful.
> Default-First-Site-Name\WIN-DC2 via RPC
> GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
> Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
> ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
> SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
> USNs: 26946847/OU, 26946847/PU
> Last attempt on 2019-07-27 14:58:12 successful.
>
>
>
>
> #########################################################################################
> Below is the result of command repadmin in the Samba 4 DC:
>
> samba-tool drs showrepl
>
> Default-First-Site-Name\SAMBA4-DC
> DSA Options: 0x00000001
> DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
> DSA invocationId: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
>
> ==== INBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> DC=ForestDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> DC=DomainDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> DC=DomainDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:22:01 2019 -03
>
> DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:25:55 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:25:55 2019 -03
>
> DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 15:25:10 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:25:10 2019 -03
>
> ==== OUTBOUND NEIGHBORS ====
>
> DC=ForestDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Fri Jul 26 22:58:50 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 22:58:50 2019 -03
>
> DC=ForestDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 11:56:48 2019 -03
>
> CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Fri Jul 26 22:58:00 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 22:58:00 2019 -03
>
> CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 11:56:48 2019 -03
>
> DC=DomainDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Fri Jul 26 22:58:45 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 22:58:45 2019 -03
>
> DC=DomainDnsZones,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 11:56:48 2019 -03
>
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Fri Jul 26 22:58:10 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 22:58:10 2019 -03
>
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Fri Jul 26 11:56:48 2019 -03
>
> DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC1 via RPC
> DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
> Last attempt @ Sat Jul 27 15:05:48 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 15:05:48 2019 -03
>
> DC=empresa,DC=com,DC=br
> Default-First-Site-Name\WIN-DC2 via RPC
> DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
> Last attempt @ Sat Jul 27 12:30:30 2019 -03 was successful
> 0 consecutive failure(s).
> Last success @ Sat Jul 27 12:30:30 2019 -03
>
> ==== KCC CONNECTION OBJECTS ====
>
> Connection --
> Connection name: c6393fbd-461c-4fd7-ac62-4801a3de43d2
> Enabled : TRUE
> Server DNS name : win-dc1.empresa.com.br
> Server DN name : CN=NTDS
> Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
> Connection --
> Connection name: e5cef3eb-3c8a-4a75-8907-6712af32c952
> Enabled : TRUE
> Server DNS name : win-dc2.empresa.com.br
> Server DN name : CN=NTDS
> Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
>
>
>
> ###################################################
>
> Below is part of the result of command samba-tool ldapcmp in the Samba 4
> DC:
>
> samba-tool ldapcmp ldap://WIN-DC1 ldap://SAMBA4-DC -UAdministrator
> Password for [EMPRESA\Administrator]:
>
> * Comparing [DOMAIN] context...
>
> * Objects to be compared: 1788
>
> Comparing:
> 'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
> 'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
> Difference in attribute values:
> lastLogonTimestamp =>
> ['132076666821833100']
> ['132085303876955790']
> FAILED
>
> Comparing:
> 'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
> 'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
> Difference in attribute values:
> lastLogonTimestamp =>
> ['132077518489276456']
> ['132086132301542190']
> FAILED
>
> .......
>
> Comparing:
> 'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
> 'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
> Difference in attribute values:
> userParameters =>
> ['
> P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa5\xe3\x80\xb0\xe3\x80\xb1\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x80\xb0']
> [' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
> \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
> \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
> \x00 \x00 \x00
> \x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000e00010\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0000']
> FAILED
>
> .......
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes with different values:
>
> servicePrincipalName
> lastLogonTimestamp
> userParameters
> pwdLastSet
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1649
>
> * Result for [CONFIGURATION]: SUCCESS
>
> * Comparing [SCHEMA] context...
>
> * Objects to be compared: 1518
>
> * Result for [SCHEMA]: SUCCESS
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 209
>
> * Result for [DNSDOMAIN]: SUCCESS
>
> * Comparing [DNSFOREST] context...
>
> * Objects to be compared: 17
>
> * Result for [DNSFOREST]: SUCCESS
> ERROR: Compare failed: -1
>
>
> #############################################
>
> Below is the result of command ldbsearch -H in the Samba 4 DC:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb '(fromServer=*CN=SAMBA4-DC*)'
> --cross-ncs dn
> # record 1
> dn: CN=b58de6d7-9206-42ff-9a85-56a40a93b327,CN=NTDS
> Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
>
> # record 2
> dn: CN=10993b69-00cf-404a-be18-c77e1d3417d1,CN=NTDS
> Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
>
> # returned 2 records
> # 2 entries
> # 0 referrals
>
> Would anyone have an idea to properly sync my servers?
>
> Regards,
>
> Márcio Bacci
>
>
More information about the samba
mailing list