[Samba] occasional interSiteTopologyGenerator differences between DCs
douglas.bagnall at catalyst.net.nz
Fri Dec 10 04:37:27 UTC 2021
On 7/12/21 10:22 pm, mj via samba wrote:
> I am doing regular automated runs of samba-tool ldapcmp, to make sure
> that all our DC's serve the same data. They run samba 4.13.14 on buster.
> Since a couple of weeks, we are getting intermittant failures on the
> interSiteTopologyGenerator. These differences appear and also disappear
> 'automatically' again. They usually stay for a couple of hours,
> sometimes less.
This might be caused by a changes for bug 14876, which is part of
CVE-2020-25722, neither of which have a description that is helpful in
Essentially, the AD database is a bit more careful about checking all
the values it might return, giving it more chances to [noticeably] fail
if things go wrong.
I haven't properly looked at the code paths, but it looks like we would
see different behaviour now if there were somehow duplicate entries for
fsmo roles (or perhaps other discrepancies).
>> interSiteTopologyGenerator => [b'CN=NTDS
Assuming this is a Windows DC, are you able to find out what it thinks
is the ISTG?
More information about the samba