Back-linked attributes does not sync between Windows2003 and Samba4
Zahari Zahariev
zahari.zahariev at gmail.com
Tue May 25 09:14:13 MDT 2010
Hello Andrew & Samba4,
Here is an interesting thing I have found this afternoon. I decided to test
LDAPCMP on a real-world setup -- Samba4 vampires from Windows2003 domain
controller. Samba4 vampired OK and then it started OK there were replication
requests going back and forth. However when I ran ldapcmp it showed
differences exclusively for attributes in objects which has remained only in
the Windows2003 server. As Kamen noticed these are mostly back-linked
attributes which were not replicated.
You can see the diff for the domain partition where 10.191.10.95
(Windows2003 - functional level 2003) and 10.191.10.113 (Samba4 - vampired
from Windows2003):
root at darkstar:~/samba-master/source4# ./scripting/devel/ldapcmp
--host=10.191.10.95 --username=administrator at zahari.tk --password=xx
--host2=10.191.10.113 --username2=administrator at zahari.tk --password2=xx
domain
* Ignored (DNS related) DNs in 10.191.10.95:
DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=a.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=b.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=c.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=d.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=e.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=f.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=g.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=h.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=i.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=j.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=k.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=@,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=win2003,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=centos53,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.pdc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.dbf16f4c-42f4-4fa3-bd03-ae5fd49f3f2a.domains._msdcs,DC=
zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=gc._msdcs,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=df357490-5d66-4dab-894d-0be67dc1708d._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_gc._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_gc._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kpasswd._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kpasswd._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=ForestDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=DomainDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
* Ignored (DNS related) DNs in 10.191.10.113:
DC=_kerberos._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.DomainDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=DomainDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kpasswd._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=ForestDnsZones,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=df357490-5d66-4dab-894d-0be67dc1708d._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=e.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=gc._msdcs,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=g.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.dbf16f4c-42f4-4fa3-bd03-ae5fd49f3f2a.domains._msdcs,DC=
zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=i.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=b.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=k.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=d.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kpasswd._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=f.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._tcp.dc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=h.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=a.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=j.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=c.root-servers.net
,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_gc._tcp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=win2003,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_gc._tcp.Default-First-Site-Name._sites,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=centos53,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=@,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_kerberos._udp,DC=zahari.tk,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.ForestDnsZones,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.pdc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
DC=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,DC=zahari.tk
,CN=MicrosoftDNS,CN=System,DC=zahari,DC=tk
* Objets to be compared: 171
Comparing:
'DC=zahari,DC=tk' [10.191.10.95]
'DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
masteredBy
msDs-masteredBy
serverState
subRefs
FAILED
Comparing:
'CN=WIN2003,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=zahari,DC=tk' [10.191.10.95]
'CN=WIN2003,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
fRSMemberReferenceBL
FAILED
Comparing:
'CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.95]
'CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
serverReferenceBL
frsComputerReferenceBL
FAILED
Comparing:
'CN=Administrator,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Administrator,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=Builtin,DC=zahari,DC=tk' [10.191.10.95]
'CN=Builtin,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
serverState
FAILED
Comparing:
'CN=Domain Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=Domain Guests,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Guests,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=Domain Users,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Domain Users,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=Enterprise Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Enterprise Admins,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=Guest,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=Guest,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=RID Set,CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk' [10.191.10.95]
'CN=RID Set,CN=WIN2003,OU=Domain Controllers,DC=zahari,DC=tk'
[10.191.10.113]
Attributes found only in 10.191.10.95:
rIDNextRID
rIDPreviousAllocationPool
FAILED
Comparing:
'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-20,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.95]
'CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
Comparing:
'CN=SUPPORT_388945a0,CN=Users,DC=zahari,DC=tk' [10.191.10.95]
'CN=SUPPORT_388945a0,CN=Users,DC=zahari,DC=tk' [10.191.10.113]
Attributes found only in 10.191.10.95:
memberOf
FAILED
* Final result: FAILURE
SUMMARY
---------
Attributes found only in 10.191.10.95:
frsComputerReferenceBL
memberOf
masteredBy
subRefs
msDs-masteredBy
rIDPreviousAllocationPool
fRSMemberReferenceBL
serverReferenceBL
rIDNextRID
serverState
More information about the samba-technical
mailing list