[Samba] ldapcmp failed after windows server 2012 AD joined

Adam Xu adam_xu at adagene.com.cn
Fri Mar 25 10:23:05 UTC 2022 

Hi Rowland,

Thanks for your quick reply.

I also got a problem. sometimes when I Comparing [DOMAIN] context:

some users may have different attribute values in userParameters,such as:

Comparing:
'COM=jack,OU=DISABLED USERS,OU=SUZHOU,DC=NTBAOBEI,DC=COM' [ldap://DC1]
'COM=jack,OU=DISABLED USERS,OU=SUZHOU,DC=NTBAOBEI,DC=COM' [ldap://DC4]
     Difference in attribute values:
         userParameters =>
[b' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 
\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 
\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 
\x00 \x00 \x00 \x00 \x00 \x00 
\x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000f0e0f7\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0001']
[b' 
P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa6\xe3\x81\xa5\xe3\x9d\xa6\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x84\xb0']

Can I ignore this too?

在 2022/3/25 18:11, Rowland Penny via samba 写道:
> On Fri, 2022-03-25 at 17:57 +0800, Adam Xu via samba wrote:
>> Hi samba list,
>>
>> I joined  a windows server 2012 R2 to My samba AD recently.
>>
>> now I have 4 DCs:
>>
>> DC1: samba ad  ver:4.15.6
>>
>> DC2: samba ad  ver:4.15.6
>>
>> DC3: samba RODC  ver:4.15.6
>>
>> DC4: windows server 2012 R2 ad
>>
>> when I run:
>>
>> samba-tool ldapcmpldap://DC1  ldap://DC4  -Uadministrator
>>
>> here's the result:
>>
>> * Comparing [CONFIGURATION] context...
>>
>> * Objects to be compared: 1791
>>
>> Comparing:
>> 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC1]
>> 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC4]
>>       Difference in attribute values:
>>           instanceType =>
>> [b'13']
>> [b'5']
>>
>>       FAILED
> The 'instanceType' attribute can be different, so you do not have a
> problem. You can filter out attributes like this, see 'samba-tool
> ldapcmp --help' for more information.
>
> Rowland
>
>
>

More information about the samba mailing list