thr3ads.net - samba - [Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs [Dec 2014]

If this information is useful, please help other people find it:
Share via:

Daniel Müller

2014-Dec-10 07:04 UTC

[Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

Dear all,

Running  samba-tool ldapcmp on my both DCs samba 4.1.7  leads to the output
:


    Attributes found only in ldap://s4master:
        msDS-NcType
        serverState
    FAILED

How to deal with this?
I am missing something?





[root at s4slave ~]#  samba-tool ldapcmp ldap://s4master ldap://s4slave
-Uadministrator domain
Password for [TPLK\administrator]:

* Comparing [DOMAIN] context...

* Objects to be compared: 518

Comparing:
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        serverState
    FAILED

Comparing:
'DC=tplk,DC=loc' [ldap://s4master]
'DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        msDS-NcType
        serverState
    FAILED

* Result for [DOMAIN]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
    serverState
ERROR: Compare failed: -1
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
-Uadministrator configuration
Password for [TPLK\administrator]:

* Comparing [CONFIGURATION] context...

* Objects to be compared: 1616

Comparing:
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        subRefs
        msDS-NcType
    FAILED

* Result for [CONFIGURATION]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
    subRefs
ERROR: Compare failed: -1
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
-Uadministrator schema
Password for [TPLK\administrator]:

* Comparing [SCHEMA] context...

* Objects to be compared: 1550

Comparing:
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        msDS-NcType
    FAILED

* Result for [SCHEMA]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
ERROR: Compare failed: -1
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
-Uadministrator dnsdomain
Password for [TPLK\administrator]:

* Comparing [DNSDOMAIN] context...

* Objects to be compared: 191

Comparing:
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        msDS-NcType
    FAILED

* Result for [DNSDOMAIN]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
ERROR: Compare failed: -1
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
-Uadministrator dnsdomain
Password for [TPLK\administrator]:

* Comparing [DNSDOMAIN] context...

* Objects to be compared: 191

Comparing:
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        msDS-NcType
    FAILED

* Result for [DNSDOMAIN]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
ERROR: Compare failed: -1
[root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
-Uadministrator dnsforest
Password for [TPLK\administrator]:

* Comparing [DNSFOREST] context...

* Objects to be compared: 19

Comparing:
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
    Attributes found only in ldap://s4master:
        msDS-NcType
    FAILED

* Result for [DNSFOREST]: FAILURE

SUMMARY
---------

Attributes found only in ldap://s4master:

    msDS-NcType
ERROR: Compare failed: -1


Greetings
Daniel

EDV Daniel M?ller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 T?bingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de

Denis Cardon

2014-Dec-10 07:54 UTC

head link

[Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

Hi Daniel,>
> Running  samba-tool ldapcmp on my both DCs samba 4.1.7  leads to the output
> :
>
>
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>          serverState
>      FAILED
>
> How to deal with this?
> I am missing something?
AD DC are not exact copies of each others. There are some attributes 
that are not synchronized.

according to [1], msDS-NcType has the flag FLAG_ATTR_NOT_REPLICATED

from [2] : "nonreplicated attribute: An attribute whose values are not 
replicated between naming context (NC) replicas. The nonreplicated 
attributes of an object are, in effect, local variables of the domain 
controller (DC) hosting the NC replica containing that object, since 
changes to these attributes have no effect outside that DC."

For serverState, I guess it is a similar situation.

You can ignore those message using the --filter=msDS-NcType to your 
ldapcmp command line.

Cheers,

Denis

[1] http://msdn.microsoft.com/en-us/library/cc220312.aspx
[2] 
http://msdn.microsoft.com/en-us/library/33b94545-9ae1-4cc8-9ce5-4be893b7bec3#non-replicated_attribute
>
>
>
>
>
> [root at s4slave ~]#  samba-tool ldapcmp ldap://s4master ldap://s4slave
> -Uadministrator domain
> Password for [TPLK\administrator]:
>
> * Comparing [DOMAIN] context...
>
> * Objects to be compared: 518
>
> Comparing:
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          serverState
>      FAILED
>
> Comparing:
> 'DC=tplk,DC=loc' [ldap://s4master]
> 'DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>          serverState
>      FAILED
>
> * Result for [DOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      serverState
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator configuration
> Password for [TPLK\administrator]:
>
> * Comparing [CONFIGURATION] context...
>
> * Objects to be compared: 1616
>
> Comparing:
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          subRefs
>          msDS-NcType
>      FAILED
>
> * Result for [CONFIGURATION]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
>      subRefs
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator schema
> Password for [TPLK\administrator]:
>
> * Comparing [SCHEMA] context...
>
> * Objects to be compared: 1550
>
> Comparing:
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [SCHEMA]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator dnsdomain
> Password for [TPLK\administrator]:
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 191
>
> Comparing:
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
> -Uadministrator dnsdomain
> Password for [TPLK\administrator]:
>
> * Comparing [DNSDOMAIN] context...
>
> * Objects to be compared: 191
>
> Comparing:
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSDOMAIN]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
> [root at s4slave ~]# samba-tool ldapcmp ldap://s4master  ldap://s4slave
> -Uadministrator dnsforest
> Password for [TPLK\administrator]:
>
> * Comparing [DNSFOREST] context...
>
> * Objects to be compared: 19
>
> Comparing:
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>      Attributes found only in ldap://s4master:
>          msDS-NcType
>      FAILED
>
> * Result for [DNSFOREST]: FAILURE
>
> SUMMARY
> ---------
>
> Attributes found only in ldap://s4master:
>
>      msDS-NcType
> ERROR: Compare failed: -1
>
>
> Greetings
> Daniel
>
> EDV Daniel M?ller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 T?bingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Maybe Matching Threads

Search for more apparently analagous threads

samba - Dec 2014 - Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

[Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

[Samba] Samba 4.1.7 ldapcmp msDS-NcType Error comparing DCs

Maybe Matching Threads