[Samba] DN lists have different size: 4065 != 4029

Elias Pereira empbilly at gmail.com
Tue May 7 16:34:10 UTC 2019


Hello,

dc3: http://pasted.co/6b703479
dc4: http://pasted.co/5068fc6e
diff: http://pasted.co/025c3242

On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

> Hai,
>
> Now, differences is fine, but can you see if one of the 2 servers is
> correct, and for that it might be handy to share the output.
>
> You can push the good DB to the other DC. ( a forced replication )
>
> And i can understand why you upgrade ...
> Did you see :
>
> samba-tool domain schemaupgrade --help
> Usage: samba-tool domain schemaupgrade [options]
> Domain schema upgrading
> Options:
>   -h, --help            show this help message and exit
>   -H URL, --URL=URL     LDB URL for database or target server
>   -q, --quiet           Be quiet
>   -v, --verbose         Be verbose
>   --schema=SCHEMA       The schema file to upgrade to. Default is (Windows)
>                         2012_R2.
>
>
> The "Default" in samba 4.10.x is 2012R2..
> but show the output, we will think of something to fix it :-)
>
>
> Greetz,
>
> Louis
>
>
>
> Van: Elias Pereira [mailto:empbilly at gmail.com]
> Verzonden: dinsdag 7 mei 2019 16:49
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
>
>
>
> Hello guys,
>
>
> Why did you upgrade the schema to '69' ?
>
> That is the schema from 2012R2 and is still marked as experimental.
>
> I do not know why I did this update. Maybe I thought I could use DC as
> 2012R2. <sad>
>
>
> Could you run :
> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
> And compair that output?
>
> I made the comparison. It has a jumble of differences.
>
>
> Can I do a schema downgrade?
>
>
>
>
>
>
>
> On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
> Could you run :
>
> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>
> And compair that output?
>
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Elias Pereira via samba
> > Verzonden: dinsdag 7 mei 2019 15:48
> > Aan: samba
> > Onderwerp: [Samba] DN lists have different size: 4065 != 4029
> >
> > Hello,
> >
> > dc3 = principal DC
> > dc4 = secondary DC
> >
> > I had this problem last month after updating samba to version
> > 4.10.x. and
> > also the schema from 45 to 69. But it looked like it had been
> > corrected.
> > Today I noticed that on dc4 there are computers that are not on dc3.
> >
> > I updated:
> > 4.7.x to 4.8.x
> > 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
> >
> > When I run these commands:
> >
> > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
> > --yes ---- OK
> > samba_dnsupdate --verbose --all-names
> > -------------------------------------
> > OK
> > samba-tool drs showrepl
> > ---------------------------------------------------------- OK
> >
> > all show OK.
> >
> > *dc3 schema: *
> >
> > # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> > ,dc=br' -s
> > base objectVersion
> > # record 1
> > dn:
> > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > objectVersion: 69
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> >
> > *dc4 schema:*
> >
> > # ldbsearch -H /var/lib/samba/private/sam.ldb -b
> > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
> > ,dc=br' -s
> > base objectVersion
> > # record 1
> > dn:
> > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > objectVersion: 69
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
> >
> > *smb.conf dc3*
> >
> > # Global parameters
> > [global]
> >         netbios name = DC3
> >         realm = CAMPUS.SERTAO.IFRS.EDU.BR
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> > kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate
> >         workgroup = CAMPUS
> >         server role = active directory domain controller
> >         idmap_ldb:use rfc2307 = yes
> >
> >         bind interfaces only = yes
> >         interfaces = lo eth0
> >
> >         ldap server require strong auth = no
> >         #log file = /var/log/samba/log.%m
> >         #log level = 10
> >         ntlm auth = yes
> >         #ntlm auth = mschapv2-and-ntlmv2-only
> >
> >         allow dns updates = nonsecure
> >
> >         # SSL CERTS
> >         #tls enabled  = yes
> >         #tls keyfile  = tls/sertao.ifrs.edu.br.key.npw
> >         #tls certfile = tls/sertao.ifrs.edu.br.crt
> >         #tls cafile   = tls/ca_join_icpedu.crt
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > *smb.conf dc4*
> >
> > # Global parameters
> > [global]
> >         netbios name = DC4
> >         realm = CAMPUS.SERTAO.IFRS.EDU.BR
> >         server role = active directory domain controller
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
> > kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate
> >         workgroup = CAMPUS
> >         idmap_ldb:use rfc2307  = yes
> >
> >         bind interfaces only = yes
> >         interfaces = lo eth0
> >
> >         ldap server require strong auth = no
> >         #log file = /var/log/samba/log.%m
> >         #log level = 10
> >         ntlm auth = yes
> >         #ntlm auth = mschapv2-and-ntlmv2-only
> >
> >         allow dns updates = nonsecure
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > *samba-tool fsmo show dc3:*
> >
> > # samba-tool fsmo show
> > SchemaMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > InfrastructureMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > RidAllocationMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > PdcEmulationMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > DomainNamingMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > DomainDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > ForestDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> >
> > *samba-tool fsmo show dc4:*
> >
> > # samba-tool fsmo show
> > SchemaMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > InfrastructureMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > RidAllocationMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > PdcEmulationMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > DomainNamingMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > DomainDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> > ForestDnsZonesMasterRole owner: CN=NTDS
> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
> >
> > Any ideas on how to debug this problem better? Any other log
> > or config you
> > need, just ask.
> > --
> > Elias Pereira
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>
> --
> Elias Pereira
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Elias Pereira


More information about the samba mailing list