[Samba] DN lists have different size: 4065 != 4029
L.P.H. van Belle
belle at bazuin.nl
Tue May 7 20:25:03 UTC 2019
im on phone, had a quick small look at the dc3 output.
is your time in sync, it looks like a 3 - 10 min different.
gr.
Louis
Op 7 mei 2019, om 18:34, Elias Pereira <empbilly at gmail.com> schreef:
Hello,
dc3: http://pasted.co/6b703479
dc4: http://pasted.co/5068fc6e
diff: http://pasted.co/025c3242
On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
Hai,
Now, differences is fine, but can you see if one of the 2 servers is correct, and for that it might be handy to share the output.
You can push the good DB to the other DC. ( a forced replication )
And i can understand why you upgrade ...
Did you see :
samba-tool domain schemaupgrade --help
Usage: samba-tool domain schemaupgrade [options]
Domain schema upgrading
Options:
-h, --help show this help message and exit
-H URL, --URL=URL LDB URL for database or target server
-q, --quiet Be quiet
-v, --verbose Be verbose
--schema=SCHEMA The schema file to upgrade to. Default is (Windows)
2012_R2.
The "Default" in samba 4.10.x is 2012R2..
but show the output, we will think of something to fix it :-)
Greetz,
Louis
Van: Elias Pereira [mailto:empbilly at gmail.com]
Verzonden: dinsdag 7 mei 2019 16:49
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
Hello guys,
Why did you upgrade the schema to '69' ?
That is the schema from 2012R2 and is still marked as experimental.
I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad>
Could you run :
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
And compair that output?
I made the comparison. It has a jumble of differences.
Can I do a schema downgrade?
On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
Could you run :
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
And compair that output?
Greetz,
Louis
-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces at lists.samba.org] Namens
Elias Pereira via samba
Verzonden: dinsdag 7 mei 2019 15:48
Aan: samba
Onderwerp: [Samba] DN lists have different size: 4065 != 4029
Hello,
dc3 = principal DC
dc4 = secondary DC
I had this problem last month after updating samba to version
4.10.x. and
also the schema from 45 to 69. But it looked like it had been
corrected.
Today I noticed that on dc4 there are computers that are not on dc3.
I updated:
4.7.x to 4.8.x
4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
When I run these commands:
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
--yes ---- OK
samba_dnsupdate --verbose --all-names
OK
samba-tool drs showrepl
OK
all show OK.
*dc3 schema: *
# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
,dc=br' -s
base objectVersion
# record 1
dn:
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69
# returned 1 records
# 1 entries
# 0 referrals
*dc4 schema:*
# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
,dc=br' -s
base objectVersion
# record 1
dn:
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69
# returned 1 records
# 1 entries
# 0 referrals
*smb.conf dc3*
# Global parameters
[global]
netbios name = DC3
realm = CAMPUS.SERTAO.IFRS.EDU.BR
server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = CAMPUS
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = lo eth0
ldap server require strong auth = no
#log file = /var/log/samba/log.%m
#log level = 10
ntlm auth = yes
#ntlm auth = mschapv2-and-ntlmv2-only
allow dns updates = nonsecure
# SSL CERTS
#tls enabled = yes
#tls keyfile = tls/sertao.ifrs.edu.br.key.npw
#tls certfile = tls/sertao.ifrs.edu.br.crt
#tls cafile = tls/ca_join_icpedu.crt
[netlogon]
path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*smb.conf dc4*
# Global parameters
[global]
netbios name = DC4
realm = CAMPUS.SERTAO.IFRS.EDU.BR
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = CAMPUS
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = lo eth0
ldap server require strong auth = no
#log file = /var/log/samba/log.%m
#log level = 10
ntlm auth = yes
#ntlm auth = mschapv2-and-ntlmv2-only
allow dns updates = nonsecure
[netlogon]
path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*samba-tool fsmo show dc3:*
# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
*samba-tool fsmo show dc4:*
# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
Any ideas on how to debug this problem better? Any other log
or config you
need, just ask.
--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list