[Samba] DN lists have different size: 4065 != 4029
Elias Pereira
empbilly at gmail.com
Tue May 7 23:07:48 UTC 2019
>
> im on phone, had a quick small look at the dc3 output.
> is your time in sync, it looks like a 3 - 10 min different.
At first it's synchronized.
root at dc3:/etc# timedatectl status
Local time: Tue 2019-05-07 20:05:10 -03
Universal time: Tue 2019-05-07 23:05:10 UTC
RTC time: Tue 2019-05-07 23:07:11
Time zone: America/Sao_Paulo (-03, -0300)
Network time on: yes
NTP synchronized: yes
RTC in local TZ: no
root at dc4:/etc# timedatectl status
Local time: Tue 2019-05-07 20:05:10 -03
Universal time: Tue 2019-05-07 23:05:10 UTC
RTC time: n/a
Time zone: America/Sao_Paulo (-03, -0300)
Network time on: yes
NTP synchronized: yes
RTC in local TZ: no
On Tue, May 7, 2019 at 5:25 PM L.P.H. van Belle <belle at bazuin.nl> wrote:
> im on phone, had a quick small look at the dc3 output.
>
> is your time in sync, it looks like a 3 - 10 min different.
>
>
> gr.
> Louis
>
> Op 7 mei 2019, om 18:34, Elias Pereira <empbilly at gmail.com> schreef:
>>
>> Hello,
>>
>>
>> dc3: http://pasted.co/6b703479
>> dc4: http://pasted.co/5068fc6e
>> diff: http://pasted.co/025c3242
>>
>>
>>
>>
>>
>> On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
>>
>> Hai,
>>
>> Now, differences is fine, but can you see if one of the 2 servers is correct, and for that it might be handy to share the output.
>>
>> You can push the good DB to the other DC. ( a forced replication )
>>
>> And i can understand why you upgrade ...
>> Did you see :
>>
>> samba-tool domain schemaupgrade --help
>> Usage: samba-tool domain schemaupgrade [options]
>> Domain schema upgrading
>> Options:
>> -h, --help show this help message and exit
>> -H URL, --URL=URL LDB URL for database or target server
>> -q, --quiet Be quiet
>> -v, --verbose Be verbose
>> --schema=SCHEMA The schema file to upgrade to. Default is (Windows)
>> 2012_R2.
>>
>>
>> The "Default" in samba 4.10.x is 2012R2..
>> but show the output, we will think of something to fix it :-)
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> Van: Elias Pereira [mailto:empbilly at gmail.com]
>> Verzonden: dinsdag 7 mei 2019 16:49
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
>>
>>
>>
>> Hello guys,
>>
>>
>> Why did you upgrade the schema to '69' ?
>>
>> That is the schema from 2012R2 and is still marked as experimental.
>>
>> I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad>
>>
>>
>> Could you run :
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>> And compair that output?
>>
>> I made the comparison. It has a jumble of differences.
>>
>>
>> Can I do a schema downgrade?
>>
>>
>>
>>
>>
>>
>>
>> On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
>>
>> Could you run :
>>
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>>
>> And compair that output?
>>
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>> -----Oorspronkelijk bericht-----
>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>> Elias Pereira via samba
>>> Verzonden: dinsdag 7 mei 2019 15:48
>>> Aan: samba
>>> Onderwerp: [Samba] DN lists have different size: 4065 != 4029
>>>
>>> Hello,
>>>
>>> dc3 = principal DC
>>> dc4 = secondary DC
>>>
>>> I had this problem last month after updating samba to version
>>> 4.10.x. and
>>> also the schema from 45 to 69. But it looked like it had been
>>> corrected.
>>> Today I noticed that on dc4 there are computers that are not on dc3.
>>>
>>> I updated:
>>> 4.7.x to 4.8.x
>>> 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
>>>
>>> When I run these commands:
>>>
>>> samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
>>> --yes ---- OK
>>> samba_dnsupdate --verbose --all-names
>>> ------------------------------
>>>
>>> OK
>>> samba-tool drs showrepl
>>> ------------------------------
>>> OK
>>>
>>> all show OK.
>>>
>>> *dc3 schema: *
>>>
>>> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>>> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>>> ,dc=br' -s
>>> base objectVersion
>>> # record 1
>>> dn:
>>> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> objectVersion: 69
>>>
>>> # returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>> *dc4 schema:*
>>>
>>> # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>>> 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>>> ,dc=br' -s
>>> base objectVersion
>>> # record 1
>>> dn:
>>> CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> objectVersion: 69
>>>
>>> # returned 1 records
>>> # 1 entries
>>> # 0 referrals
>>>
>>> *smb.conf dc3*
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = DC3
>>> realm = CAMPUS.SERTAO.IFRS.EDU.BR
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>>> kdc, drepl,
>>> winbindd, ntp_signd, kcc, dnsupdate
>>> workgroup = CAMPUS
>>> server role = active directory domain controller
>>> idmap_ldb:use rfc2307 = yes
>>>
>>> bind interfaces only = yes
>>> interfaces = lo eth0
>>>
>>> ldap server require strong auth = no
>>> #log file = /var/log/samba/log.%m
>>> #log level = 10
>>> ntlm auth = yes
>>> #ntlm auth = mschapv2-and-ntlmv2-only
>>>
>>> allow dns updates = nonsecure
>>>
>>> # SSL CERTS
>>> #tls enabled = yes
>>> #tls keyfile = tls/sertao.ifrs.edu.br.key.npw
>>> #tls certfile = tls/sertao.ifrs.edu.br.crt
>>> #tls cafile = tls/ca_join_icpedu.crt
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> *smb.conf dc4*
>>>
>>> # Global parameters
>>> [global]
>>> netbios name = DC4
>>> realm = CAMPUS.SERTAO.IFRS.EDU.BR
>>> server role = active directory domain controller
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>>> kdc, drepl,
>>> winbindd, ntp_signd, kcc, dnsupdate
>>> workgroup = CAMPUS
>>> idmap_ldb:use rfc2307 = yes
>>>
>>> bind interfaces only = yes
>>> interfaces = lo eth0
>>>
>>> ldap server require strong auth = no
>>> #log file = /var/log/samba/log.%m
>>> #log level = 10
>>> ntlm auth = yes
>>> #ntlm auth = mschapv2-and-ntlmv2-only
>>>
>>> allow dns updates = nonsecure
>>>
>>> [netlogon]
>>> path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>>> read only = No
>>>
>>> [sysvol]
>>> path = /var/lib/samba/sysvol
>>> read only = No
>>>
>>> *samba-tool fsmo show dc3:*
>>>
>>> # samba-tool fsmo show
>>> SchemaMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> InfrastructureMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> RidAllocationMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> PdcEmulationMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> DomainNamingMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> DomainDnsZonesMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> ForestDnsZonesMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>
>>> *samba-tool fsmo show dc4:*
>>>
>>> # samba-tool fsmo show
>>> SchemaMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> InfrastructureMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> RidAllocationMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> PdcEmulationMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> DomainNamingMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> DomainDnsZonesMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>> ForestDnsZonesMasterRole owner: CN=NTDS
>>> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>> ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>
>>> Any ideas on how to debug this problem better? Any other log
>>> or config you
>>> need, just ask.
>>> --
>>> Elias Pereira
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>
--
Elias Pereira
More information about the samba
mailing list