[Samba] occasional interSiteTopologyGenerator differences between DCs

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Fri Dec 10 04:37:27 UTC 2021

On 7/12/21 10:22 pm, mj via samba wrote:
> Hi,
> I am doing regular automated runs of samba-tool ldapcmp, to make sure 
> that all our DC's serve the same data. They run samba 4.13.14 on buster.
> Since a couple of weeks, we are getting intermittant failures on the 
> interSiteTopologyGenerator. These differences appear and also disappear 
> 'automatically' again. They usually stay for a couple of hours, 
> sometimes less.

This might be caused by a changes for bug 14876, which is part of 
CVE-2020-25722, neither of which have a description that is helpful in 
this case:


Essentially, the AD database is a bit more careful about checking all 
the values it might return, giving it more chances to [noticeably] fail 
if things go wrong.

I haven't properly looked at the code paths, but it looks like we would 
see different behaviour now if there were somehow duplicate entries for 
fsmo roles (or perhaps other discrepancies).

>>         interSiteTopologyGenerator => [b'CN=NTDS 
>> Settings,CN=WINDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com'] 

Assuming this is a Windows DC, are you able to find out what it thinks 
is the ISTG?


More information about the samba mailing list