[Samba] Error in samba-tool drs updateness

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Tue Jul 19 22:48:40 UTC 2022 

On 18/07/22 21:37, Bruno Guerreiro via samba wrote:
> Hi Douglas,
> Thanks for the help, and sorry for the delay. I've been away.

No worries. Me too.

> I've applied the patch, and the result is this:
> Missing dn CN=DC01,CN=Servers,CN=Default-First-Site-Name, from UTD vector for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> Missing dn CN=DC02,CN=Servers,CN=Default-First-Site-Name, from UTD vector for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> Missing dn CN=DC03,CN=Servers,CN=Default-First-Site-Name, from UTD vector for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> ...
> Missing dn CN=DC10,CN=Servers,CN=Default-First-Site-Name, from UTD vector for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> 
> 
> This DC11 is a Win2008R2 DC

Ok, that's interesting. It's obviously a bug insofar as Samba is not 
playing well with the Windows DC, but if objects are being replicated 
(including to and from DC11), then you don't need to worry.

This might cause problems if DC11 was selected as a bridgehead for 
communication between Default-First-Site-Name and the other sites. That 
won't happen spontaneously, but adding more DCs could trigger a 
reorganisation.

These commands will draw you a graph of the network

   samba-tool visualize ntdsconn  -S --dot -o network.dot
   dot -Tpng network.dot > network.png

Adding -H ldap://dc11... -UAdministrator to the samba-tool should allow 
you to query Windows' view of the network. They *should* be the same.

cheers,
Douglas


> BRGDS,
> Bruno Guerreiro
> 
> 
> 
> 
> 
> From: samba <samba-bounces at lists.samba.org> on behalf of Douglas Bagnall via samba <samba at lists.samba.org>
> Sent: Monday, July 11, 2022 1:26 AM
> To: samba at lists.samba.org <samba at lists.samba.org>
> Subject: Re: [Samba] Error in samba-tool drs updateness
> 
> EMAIL EXTERNO À ORGANIZAÇÃO
> A abertura de mensagens de origem e/ou conteúdo duvidoso poderá comprometer a sua privacidade e a segurança dos dados a que acede. Não aceda a ligações (links), nem abra anexos de remetentes desconhecidos. Nunca forneça dados pessoais associados à sua conta.
> 
> hi Bruno,
> 
> If you apply the attached patch to samba/uptodateness.py, wherever that
> might be on your system, it might tell you which DC is confused. (no
> recompiling should be necessary).
> 
> On 7/07/22 06:49, Bruno Guerreiro via samba wrote:
>> Hi Rowland.
>> Here's the full error:
>>
>> root at DC01:~# samba-tool drs uptodateness
> 
>   From a `| sort | uniq -c`, it looks like 5 repetitions of 10 DCs, like this:
> 
>         5 Missing dn CN=DC01,CN=Servers,CN=Default-First-Site-Name,
>         5 Missing dn CN=DC02,CN=Servers,CN=Default-First-Site-Name,
>         5 Missing dn CN=DC03,CN=Servers,CN=Porto,
>         5 Missing dn CN=DC04,CN=Servers,CN=Coimbra,
>         5 Missing dn CN=DC05,CN=Servers,CN=Evora,
>         5 Missing dn CN=DC06,CN=Servers,CN=Faro,
>         5 Missing dn CN=DC07,CN=Servers,CN=Funchal,
>         5 Missing dn CN=DC08,CN=Servers,CN=Lisboa,
>         5 Missing dn CN=DC09,CN=Servers,CN=Lisboa,
>         5 Missing dn CN=DC10,CN=Servers,CN=Angra,
> 
> 
> 5 repetitions because 5 partitions. Is there an 11th DC? Or one that was
> not removed completely and/or not smoothly upgraded?
> 
>> DOMAIN          maximum: 207  median: 18.0  failure: 10
>> CONFIGURATION   maximum: 468  median: 29.0  failure: 10
>> SCHEMA          maximum: 318  median: 27.0  failure: 10
>> DNSDOMAIN       maximum: 56  median: 3.0  failure: 10
>> DNSFOREST       maximum: 378  median: 36.0  failure: 10
> 
> I think I'd expect the max/median numbers to be lower here, unless the
> network is very busy at the time -- or, of course, a DC that is failing to
> replicate.
> 
> cheers,
> Douglas
> Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) é destinada exclusivamente às pessoas nela indicadas e tem natureza confidencial. Se receber esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e ficheiros, sem tomar conhecimento do respectivo conteudo e sem reproduzi-la ou divulgá-la. Confidentiality Warning: This e-mail message (and any attached files) is confidential and is intended solely for the use of the individual or entity to whom it is addressed. lf you are not the intended recipient of this message please notify the sender and delete and destroy all copies immediately.
>

More information about the samba mailing list