[Samba] DN lists have different size: 4065 != 4029

Elias Pereira empbilly at gmail.com
Tue May 7 18:48:14 UTC 2019 

Hi,

I run

# samba-tool drs replicate DC3 DC4 dc=campus,dc=sertao,dc=ifrs,dc=edu,dc=br
--full-sync

https://wiki.samba.org/index.php/Manually_Replicating_Directory_Partitions

and everything has been replicated.

I wonder why it stops replicating. Any idea how to check this out?

On Tue, May 7, 2019 at 1:34 PM Elias Pereira <empbilly at gmail.com> wrote:

> Hello,
>
> dc3: http://pasted.co/6b703479
> dc4: http://pasted.co/5068fc6e
> diff: http://pasted.co/025c3242
>
> On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
>> Hai,
>>
>> Now, differences is fine, but can you see if one of the 2 servers is
>> correct, and for that it might be handy to share the output.
>>
>> You can push the good DB to the other DC. ( a forced replication )
>>
>> And i can understand why you upgrade ...
>> Did you see :
>>
>> samba-tool domain schemaupgrade --help
>> Usage: samba-tool domain schemaupgrade [options]
>> Domain schema upgrading
>> Options:
>>   -h, --help            show this help message and exit
>>   -H URL, --URL=URL     LDB URL for database or target server
>>   -q, --quiet           Be quiet
>>   -v, --verbose         Be verbose
>>   --schema=SCHEMA       The schema file to upgrade to. Default is
>> (Windows)
>>                         2012_R2.
>>
>>
>> The "Default" in samba 4.10.x is 2012R2..
>> but show the output, we will think of something to fix it :-)
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> Van: Elias Pereira [mailto:empbilly at gmail.com]
>> Verzonden: dinsdag 7 mei 2019 16:49
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
>>
>>
>>
>> Hello guys,
>>
>>
>> Why did you upgrade the schema to '69' ?
>>
>> That is the schema from 2012R2 and is still marked as experimental.
>>
>> I do not know why I did this update. Maybe I thought I could use DC as
>> 2012R2. <sad>
>>
>>
>> Could you run :
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>> And compair that output?
>>
>> I made the comparison. It has a jumble of differences.
>>
>>
>> Can I do a schema downgrade?
>>
>>
>>
>>
>>
>>
>>
>> On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <
>> samba at lists.samba.org> wrote:
>>
>> Could you run :
>>
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>>
>> And compair that output?
>>
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>> > -----Oorspronkelijk bericht-----
>> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> > Elias Pereira via samba
>> > Verzonden: dinsdag 7 mei 2019 15:48
>> > Aan: samba
>> > Onderwerp: [Samba] DN lists have different size: 4065 != 4029
>> >
>> > Hello,
>> >
>> > dc3 = principal DC
>> > dc4 = secondary DC
>> >
>> > I had this problem last month after updating samba to version
>> > 4.10.x. and
>> > also the schema from 45 to 69. But it looked like it had been
>> > corrected.
>> > Today I noticed that on dc4 there are computers that are not on dc3.
>> >
>> > I updated:
>> > 4.7.x to 4.8.x
>> > 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
>> >
>> > When I run these commands:
>> >
>> > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
>> > --yes ---- OK
>> > samba_dnsupdate --verbose --all-names
>> > -------------------------------------
>> > OK
>> > samba-tool drs showrepl
>> > ---------------------------------------------------------- OK
>> >
>> > all show OK.
>> >
>> > *dc3 schema: *
>> >
>> > # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>> > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>> > ,dc=br' -s
>> > base objectVersion
>> > # record 1
>> > dn:
>> > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > objectVersion: 69
>> >
>> > # returned 1 records
>> > # 1 entries
>> > # 0 referrals
>> >
>> > *dc4 schema:*
>> >
>> > # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>> > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>> > ,dc=br' -s
>> > base objectVersion
>> > # record 1
>> > dn:
>> > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > objectVersion: 69
>> >
>> > # returned 1 records
>> > # 1 entries
>> > # 0 referrals
>> >
>> > *smb.conf dc3*
>> >
>> > # Global parameters
>> > [global]
>> >         netbios name = DC3
>> >         realm = CAMPUS.SERTAO.IFRS.EDU.BR
>> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>> > kdc, drepl,
>> > winbindd, ntp_signd, kcc, dnsupdate
>> >         workgroup = CAMPUS
>> >         server role = active directory domain controller
>> >         idmap_ldb:use rfc2307 = yes
>> >
>> >         bind interfaces only = yes
>> >         interfaces = lo eth0
>> >
>> >         ldap server require strong auth = no
>> >         #log file = /var/log/samba/log.%m
>> >         #log level = 10
>> >         ntlm auth = yes
>> >         #ntlm auth = mschapv2-and-ntlmv2-only
>> >
>> >         allow dns updates = nonsecure
>> >
>> >         # SSL CERTS
>> >         #tls enabled  = yes
>> >         #tls keyfile  = tls/sertao.ifrs.edu.br.key.npw
>> >         #tls certfile = tls/sertao.ifrs.edu.br.crt
>> >         #tls cafile   = tls/ca_join_icpedu.crt
>> >
>> > [netlogon]
>> >         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>> >         read only = No
>> >
>> > [sysvol]
>> >         path = /var/lib/samba/sysvol
>> >         read only = No
>> >
>> > *smb.conf dc4*
>> >
>> > # Global parameters
>> > [global]
>> >         netbios name = DC4
>> >         realm = CAMPUS.SERTAO.IFRS.EDU.BR
>> >         server role = active directory domain controller
>> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>> > kdc, drepl,
>> > winbindd, ntp_signd, kcc, dnsupdate
>> >         workgroup = CAMPUS
>> >         idmap_ldb:use rfc2307  = yes
>> >
>> >         bind interfaces only = yes
>> >         interfaces = lo eth0
>> >
>> >         ldap server require strong auth = no
>> >         #log file = /var/log/samba/log.%m
>> >         #log level = 10
>> >         ntlm auth = yes
>> >         #ntlm auth = mschapv2-and-ntlmv2-only
>> >
>> >         allow dns updates = nonsecure
>> >
>> > [netlogon]
>> >         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>> >         read only = No
>> >
>> > [sysvol]
>> >         path = /var/lib/samba/sysvol
>> >         read only = No
>> >
>> > *samba-tool fsmo show dc3:*
>> >
>> > # samba-tool fsmo show
>> > SchemaMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > InfrastructureMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > RidAllocationMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > PdcEmulationMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > DomainNamingMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > DomainDnsZonesMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > ForestDnsZonesMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> >
>> > *samba-tool fsmo show dc4:*
>> >
>> > # samba-tool fsmo show
>> > SchemaMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > InfrastructureMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > RidAllocationMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > PdcEmulationMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > DomainNamingMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > DomainDnsZonesMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> > ForestDnsZonesMasterRole owner: CN=NTDS
>> > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>> > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>> >
>> > Any ideas on how to debug this problem better? Any other log
>> > or config you
>> > need, just ask.
>> > --
>> > Elias Pereira
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions:  https://lists.samba.org/mailman/options/samba
>> >
>> >
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>
>> --
>> Elias Pereira
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> --
> Elias Pereira
>


-- 
Elias Pereira

More information about the samba mailing list