[Samba] WERR_DS_DRA_SCHEMA_MISMATCH against a W2008R2 DC

Marcio Merlone marcio.merlone at a1.ind.br
Fri Jun 19 13:53:17 UTC 2020 

Hi,

I have two Samba 4.12.3 DCs (eucalipto and aroeira) on a Debian Buster 
and a Windows 2008R2 DC (antares). Replication got broken:

root at eucalipto:~# samba-tool drs replicate antares eucalipto 
DC=ad,DC=a1,DC=ind,DC=br
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - 
drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
   File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 577, 
in run
     drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, 
source_dsa_guid, NC, req_options)
   File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 92, in 
sendDsReplicaSync
     raise drsException("DsReplicaSync failed %s" % estr)
root at eucalipto:~#

root at eucalipto:~# samba-tool ldapcmp ldap://eucalipto ldap://antares 
configuration

* Comparing [CONFIGURATION] context...

* Objects to be compared: 1695

Comparing:
'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' 
[ldap://eucalipto]
'CN=AROEIRA,CN=SERVERS,CN=ABL-CURITIBA-IGUACU,CN=SITES,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' 
[ldap://antares]
     Difference in attribute values:
         serverReference =>
[b'CN=AROEIRA,OU=Domain Controllers,DC=ad,DC=a1,DC=ind,DC=br']
[b'CN=AROEIRA\\0ACNF:0a341e37-f3e4-486d-9d96-ced9adbcb2ee,OU=Domain 
Controllers,DC=ad,DC=a1,DC=ind,DC=br']

     FAILED

Comparing:
'CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://eucalipto]
'CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://antares]
     Difference in attribute values:
         instanceType =>
[b'13']
[b'5']

     FAILED

Comparing:
'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY 
PRINCIPALS,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://eucalipto]
'CN=THIS ORGANIZATION,CN=WELLKNOWN SECURITY 
PRINCIPALS,CN=CONFIGURATION,DC=AD,DC=A1,DC=IND,DC=BR' [ldap://antares]
     Attributes found only in ldap://antares:        INSTANCETYPE
         WHENCREATED

     FAILED

* Result for [CONFIGURATION]: FAILURE

SUMMARY
---------

Attributes with different values:

     instanceType
     serverReference

Attributes found only in ldap://antares:

     INSTANCETYPE
     WHENCREATED
ERROR: Compare failed: -1
root at eucalipto:~#


Any hint on how to fix? Demote and rejoin windows?

-- 
*Marcio Merlone*

More information about the samba mailing list