[Samba] Samba4 syncpassword fails

Rowland penny rpenny at samba.org
Fri Aug 14 08:01:46 UTC 2020

On 14/08/2020 08:41, Julien TEHERY wrote:
> >I just had a look at tranquils code again and I have a possible idea
> >about what is going on. The code was written for python2 and needs
> >updating to python3
> Yes, but as i explained before, we managed to make it work since 
> almost a thousand days in a row 😕
> THe ldb cache is initialized with:
> samba-tool user syncpasswords --cache-ldb-initialize 
> --attributes=virtualSSHA,samaccountname,virtualClearTextUTF8 
> --script=/opt/syncpwd.py --decrypt-samba-gpg
> We originally modified a bit the script to retrieve the 
> virtualClearTextUTF8 value of the password, then decode it in base64 , 
> re encode it in md4 and send it to remote LDAP server. This worked 
> like a charm.
> Nothing has been modified or updated on the samba main DC exept the 
> fact we tried to join another remote DC which made the synchronization 
> fail.
> I dont' kniw what it is talking about when it says " Unable to 
> unmarshall cookie as a ldapControlDirSyncCookie structure"
> So there's something wrong on samba side that came with the new DC 
> join for sure.
> What is this cookie?

OK, after doing some digging, there have been code changes in 
'source4/dsdb/samdb/ldb_modules/dirsync.c' and the block of code 
printing the error is no longer at line 1269, so it looks like you are 
using an older version of Samba. So what versions of Samba are you using 
on the 'main' DC and on the 'new' DC ?

Also what OS ?


More information about the samba mailing list