[Samba] changes on DC not replicated, while showrepl reports no issues
rpenny at samba.org
Mon Nov 16 13:07:32 UTC 2020
On 16/11/2020 12:56, mj via samba wrote:
> Hi all,
> We are running a three DC samba AD, using 4.12.8 sernet packages. Very
> stable for years.
> Today at 12:30 my colleague moved two users from
> * CN=Users,DC=samba,DC=company,DC=com
> * OU=disabled,DC=samba,DC=company,DC=com
> This change was done on the DC4 at 12:30 using LAM
> (ldap-account-manager version 7.3)
> Ever since that, my automated samba-tool ldapcmp scripts started
> reporting ldapcmp discrepancies between the DCs, like:
>> * DNs found only in ldap://dc4.samba.company.com:
>> * DNs found only in ldap://dc3.samba.company.com:
> It seems DC2 & DC3 are still in sync (both having the two users in
> CN=USERS) and only DC4 has the user now in OU=DISABLED.
> And now the worrying part:
> "samba-tool drs showrepl" still shows success on all DCs! Recent
> timestamps (long after 12:30) on inbound replication, outbound
> replication also success (but without timestamps), and every DC
> replicates to both other DCs for all partitions.
> The only reason we actually noticed that this issue is occuring, is
> because we run automated ldapcmp between the DC's, otherwise we would
> not have known.
> samba-tool dbcheck --cross-ncs reports 0 errors on 5413 objects on all
> three DCs.
> Of course we could do try to re-replicate "samba-tool drs replicate"
> etc, but should the above not be impossible to happen? What could
> cause it?
My first thought is time, is it the same on all DC's ?
More information about the samba