[Samba] occasional interSiteTopologyGenerator differences between DCs
Douglas Bagnall
douglas.bagnall at catalyst.net.nz
Fri Dec 10 04:37:27 UTC 2021
On 7/12/21 10:22 pm, mj via samba wrote:
> Hi,
>
> I am doing regular automated runs of samba-tool ldapcmp, to make sure
> that all our DC's serve the same data. They run samba 4.13.14 on buster.
>
> Since a couple of weeks, we are getting intermittant failures on the
> interSiteTopologyGenerator. These differences appear and also disappear
> 'automatically' again. They usually stay for a couple of hours,
> sometimes less.
This might be caused by a changes for bug 14876, which is part of
CVE-2020-25722, neither of which have a description that is helpful in
this case:
https://bugzilla.samba.org/show_bug.cgi?id=14876
https://www.samba.org/samba/security/CVE-2020-25722.html
Essentially, the AD database is a bit more careful about checking all
the values it might return, giving it more chances to [noticeably] fail
if things go wrong.
I haven't properly looked at the code paths, but it looks like we would
see different behaviour now if there were somehow duplicate entries for
fsmo roles (or perhaps other discrepancies).
>> interSiteTopologyGenerator => [b'CN=NTDS
>> Settings,CN=WINDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com']
Assuming this is a Windows DC, are you able to find out what it thinks
is the ISTG?
Douglas
More information about the samba
mailing list