thr3ads.net - samba - [Samba] DN lists have different size: 4065 != 4029 [May 2019]

If this information is useful, please help other people find it:
Share via:

L.P.H. van Belle

2019-May-07 20:25 UTC

[Samba] DN lists have different size: 4065 != 4029

im on phone, had a quick small look at the dc3 output.


is your time in sync, it looks like a 3 - 10 min different.



gr.

Louis


Op 7 mei 2019, om 18:34, Elias Pereira <empbilly at gmail.com> schreef: 
Hello,


dc3: http://pasted.co/6b703479
dc4: http://pasted.co/5068fc6e
diff: http://pasted.co/025c3242





On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:

Hai, 
 
Now, differences is fine, but can you see if one of the 2 servers is correct,
and for that it might be handy to share the output.
 
You can push the good DB to the other DC. ( a forced replication ) 
 
And i can understand why you upgrade ...  
Did you see :  
 
samba-tool domain schemaupgrade --help
Usage: samba-tool domain schemaupgrade [options]
Domain schema upgrading
Options:
  -h, --help            show this help message and exit
  -H URL, --URL=URL     LDB URL for database or target server
  -q, --quiet           Be quiet
  -v, --verbose         Be verbose
  --schema=SCHEMA       The schema file to upgrade to. Default is (Windows)
                        2012_R2.

 
The "Default" in samba 4.10.x is 2012R2..  
but show the output, we will think of something to fix it :-) 
 
 
Greetz, 
 
Louis
 
 

Van: Elias Pereira [mailto:empbilly at gmail.com] 
Verzonden: dinsdag 7 mei 2019 16:49
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029



Hello guys,


Why did you upgrade the schema to '69' ?

That is the schema from 2012R2 and is still marked as experimental. 

I do not know why I did this update. Maybe I thought I could use DC as 2012R2.
<sad>


Could you run :   
samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC 
And compair that output? 

I made the comparison. It has a jumble of differences.


Can I do a schema downgrade?







On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:

Could you run :  

samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC

And compair that output?  



Greetz, 

Louis


-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
Elias Pereira via samba
Verzonden: dinsdag 7 mei 2019 15:48
Aan: samba
Onderwerp: [Samba] DN lists have different size: 4065 != 4029

Hello,

dc3 = principal DC
dc4 = secondary DC

I had this problem last month after updating samba to version 
4.10.x. and
also the schema from 45 to 69. But it looked like it had been 
corrected.
Today I noticed that on dc4 there are computers that are not on dc3.

I updated:
4.7.x to 4.8.x
4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.

When I run these commands:

samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix 
--yes ---- OK
samba_dnsupdate --verbose --all-names 

OK
samba-tool drs showrepl
OK

all show OK.

*dc3 schema: *

# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
,dc=br' -s
base objectVersion
# record 1
dn: 
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69

# returned 1 records
# 1 entries
# 0 referrals

*dc4 schema:*

# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
,dc=br' -s
base objectVersion
# record 1
dn: 
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69

# returned 1 records
# 1 entries
# 0 referrals

*smb.conf dc3*

# Global parameters
[global]
         netbios name = DC3
         realm = CAMPUS.SERTAO.IFRS.EDU.BR
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
         workgroup = CAMPUS
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes

         bind interfaces only = yes
         interfaces = lo eth0

         ldap server require strong auth = no
         #log file = /var/log/samba/log.%m
         #log level = 10
         ntlm auth = yes
         #ntlm auth = mschapv2-and-ntlmv2-only

         allow dns updates = nonsecure

         # SSL CERTS
         #tls enabled  = yes
         #tls keyfile  = tls/sertao.ifrs.edu.br.key.npw
         #tls certfile = tls/sertao.ifrs.edu.br.crt
         #tls cafile   = tls/ca_join_icpedu.crt

[netlogon]
         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

*smb.conf dc4*

# Global parameters
[global]
         netbios name = DC4
         realm = CAMPUS.SERTAO.IFRS.EDU.BR
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, 
kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
         workgroup = CAMPUS
         idmap_ldb:use rfc2307  = yes

         bind interfaces only = yes
         interfaces = lo eth0

         ldap server require strong auth = no
         #log file = /var/log/samba/log.%m
         #log level = 10
         ntlm auth = yes
         #ntlm auth = mschapv2-and-ntlmv2-only

         allow dns updates = nonsecure

[netlogon]
         path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

*samba-tool fsmo show dc3:*

# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br

*samba-tool fsmo show dc4:*

# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br

Any ideas on how to debug this problem better? Any other log 
or config you
need, just ask.
-- 
Elias Pereira
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Elias Pereira

2019-May-07 23:07 UTC

head link

[Samba] DN lists have different size: 4065 != 4029

>
> im on phone, had a quick small look at the dc3 output.
> is your time in sync, it looks like a 3 - 10 min different.

At first it's synchronized.

root at dc3:/etc# timedatectl status
      Local time: Tue 2019-05-07 20:05:10 -03
  Universal time: Tue 2019-05-07 23:05:10 UTC
        RTC time: Tue 2019-05-07 23:07:11
       Time zone: America/Sao_Paulo (-03, -0300)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

root at dc4:/etc# timedatectl status
      Local time: Tue 2019-05-07 20:05:10 -03
  Universal time: Tue 2019-05-07 23:05:10 UTC
        RTC time: n/a
       Time zone: America/Sao_Paulo (-03, -0300)
 Network time on: yes
NTP synchronized: yes
 RTC in local TZ: no

On Tue, May 7, 2019 at 5:25 PM L.P.H. van Belle <belle at bazuin.nl>
wrote:
> im on phone, had a quick small look at the dc3 output.
>
> is your time in sync, it looks like a 3 - 10 min different.
>
>
> gr.
> Louis
>
> Op 7 mei 2019, om 18:34, Elias Pereira <empbilly at gmail.com>
schreef:
>>
>> Hello,
>>
>>
>> dc3: http://pasted.co/6b703479
>> dc4: http://pasted.co/5068fc6e
>> diff: http://pasted.co/025c3242
>>
>>
>>
>>
>>
>> On Tue, May 7, 2019 at 12:08 PM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:
>>
>> Hai,
>>
>> Now, differences is fine, but can you see if one of the 2 servers is
correct, and for that it might be handy to share the output.
>>
>> You can push the good DB to the other DC. ( a forced replication )
>>
>> And i can understand why you upgrade ...
>> Did you see :
>>
>> samba-tool domain schemaupgrade --help
>> Usage: samba-tool domain schemaupgrade [options]
>> Domain schema upgrading
>> Options:
>>   -h, --help            show this help message and exit
>>   -H URL, --URL=URL     LDB URL for database or target server
>>   -q, --quiet           Be quiet
>>   -v, --verbose         Be verbose
>>   --schema=SCHEMA       The schema file to upgrade to. Default is
(Windows)
>>                         2012_R2.
>>
>>
>> The "Default" in samba 4.10.x is 2012R2..
>> but show the output, we will think of something to fix it :-)
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>> Van: Elias Pereira [mailto:empbilly at gmail.com]
>> Verzonden: dinsdag 7 mei 2019 16:49
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029
>>
>>
>>
>> Hello guys,
>>
>>
>> Why did you upgrade the schema to '69' ?
>>
>> That is the schema from 2012R2 and is still marked as experimental.
>>
>> I do not know why I did this update. Maybe I thought I could use DC as
2012R2. <sad>
>>
>>
>> Could you run :
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>> And compair that output?
>>
>> I made the comparison. It has a jumble of differences.
>>
>>
>> Can I do a schema downgrade?
>>
>>
>>
>>
>>
>>
>>
>> On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:
>>
>> Could you run :
>>
>> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC
>>
>> And compair that output?
>>
>>
>>
>> Greetz,
>>
>> Louis
>>
>>
>>  -----Oorspronkelijk bericht-----
>>>  Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>>  Elias Pereira via samba
>>>  Verzonden: dinsdag 7 mei 2019 15:48
>>>  Aan: samba
>>>  Onderwerp: [Samba] DN lists have different size: 4065 != 4029
>>>
>>>  Hello,
>>>
>>>  dc3 = principal DC
>>>  dc4 = secondary DC
>>>
>>>  I had this problem last month after updating samba to version
>>>  4.10.x. and
>>>  also the schema from 45 to 69. But it looked like it had been
>>>  corrected.
>>>  Today I noticed that on dc4 there are computers that are not on
dc3.
>>>
>>>  I updated:
>>>  4.7.x to 4.8.x
>>>  4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
>>>
>>>  When I run these commands:
>>>
>>>  samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
>>>  --yes ---- OK
>>>  samba_dnsupdate --verbose --all-names
>>> ------------------------------
>>>
>>>  OK
>>>  samba-tool drs showrepl
>>> ------------------------------
>>> OK
>>>
>>>  all show OK.
>>>
>>>  *dc3 schema: *
>>>
>>>  # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>>>  'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>>>  ,dc=br' -s
>>>  base objectVersion
>>>  # record 1
>>>  dn:
>>> 
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  objectVersion: 69
>>>
>>>  # returned 1 records
>>>  # 1 entries
>>>  # 0 referrals
>>>
>>>  *dc4 schema:*
>>>
>>>  # ldbsearch -H /var/lib/samba/private/sam.ldb -b
>>>  'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu
>>>  ,dc=br' -s
>>>  base objectVersion
>>>  # record 1
>>>  dn:
>>> 
CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  objectVersion: 69
>>>
>>>  # returned 1 records
>>>  # 1 entries
>>>  # 0 referrals
>>>
>>>  *smb.conf dc3*
>>>
>>>  # Global parameters
>>>  [global]
>>>          netbios name = DC3
>>>          realm = CAMPUS.SERTAO.IFRS.EDU.BR
>>>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>>>  kdc, drepl,
>>>  winbindd, ntp_signd, kcc, dnsupdate
>>>          workgroup = CAMPUS
>>>          server role = active directory domain controller
>>>          idmap_ldb:use rfc2307 = yes
>>>
>>>          bind interfaces only = yes
>>>          interfaces = lo eth0
>>>
>>>          ldap server require strong auth = no
>>>          #log file = /var/log/samba/log.%m
>>>          #log level = 10
>>>          ntlm auth = yes
>>>          #ntlm auth = mschapv2-and-ntlmv2-only
>>>
>>>          allow dns updates = nonsecure
>>>
>>>          # SSL CERTS
>>>          #tls enabled  = yes
>>>          #tls keyfile  = tls/sertao.ifrs.edu.br.key.npw
>>>          #tls certfile = tls/sertao.ifrs.edu.br.crt
>>>          #tls cafile   = tls/ca_join_icpedu.crt
>>>
>>>  [netlogon]
>>>          path =
/var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>>>          read only = No
>>>
>>>  [sysvol]
>>>          path = /var/lib/samba/sysvol
>>>          read only = No
>>>
>>>  *smb.conf dc4*
>>>
>>>  # Global parameters
>>>  [global]
>>>          netbios name = DC4
>>>          realm = CAMPUS.SERTAO.IFRS.EDU.BR
>>>          server role = active directory domain controller
>>>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap,
>>>  kdc, drepl,
>>>  winbindd, ntp_signd, kcc, dnsupdate
>>>          workgroup = CAMPUS
>>>          idmap_ldb:use rfc2307  = yes
>>>
>>>          bind interfaces only = yes
>>>          interfaces = lo eth0
>>>
>>>          ldap server require strong auth = no
>>>          #log file = /var/log/samba/log.%m
>>>          #log level = 10
>>>          ntlm auth = yes
>>>          #ntlm auth = mschapv2-and-ntlmv2-only
>>>
>>>          allow dns updates = nonsecure
>>>
>>>  [netlogon]
>>>          path =
/var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
>>>          read only = No
>>>
>>>  [sysvol]
>>>          path = /var/lib/samba/sysvol
>>>          read only = No
>>>
>>>  *samba-tool fsmo show dc3:*
>>>
>>>  # samba-tool fsmo show
>>>  SchemaMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  InfrastructureMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  RidAllocationMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  PdcEmulationMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  DomainNamingMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  DomainDnsZonesMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  ForestDnsZonesMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>
>>>  *samba-tool fsmo show dc4:*
>>>
>>>  # samba-tool fsmo show
>>>  SchemaMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  InfrastructureMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  RidAllocationMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  PdcEmulationMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  DomainNamingMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  DomainDnsZonesMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>  ForestDnsZonesMasterRole owner: CN=NTDS
>>>  Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
>>>  ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
>>>
>>>  Any ideas on how to debug this problem better? Any other log
>>>  or config you
>>>  need, just ask.
>>>  --
>>>  Elias Pereira
>>>  --
>>>  To unsubscribe from this list go to the following URL and read the
>>>  instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>
-- 
Elias Pereira

L.P.H. van Belle

2019-May-08 07:31 UTC

head link

[Samba] DN lists have different size: 4065 != 4029

Hai, 
 
Yes, good you verified time is in sync. 

As far i can see/tell. And i can not tell why you have this differences, but DC4
looks best.
Can you tell how your NTP is configured, because i still excpect that one of the
problem might come from that.
Can you show the ntp.conf file or the chrony.conf? 
 
If you use apparmor, then you might have a problem from that. 
check if the file : /etc/apparmor.d/usr.sbin.ntpd contains this path. 
Verified for Debian/Ubuntu, where the wrong path is :
/{,var/}run/samba/ntp_signd/socket rw,

Easy fix for now is : 
Enable :  include <local/usr.sbin.ntpd>

Add this in the included file.
# samba4 ntp signing socket
/var/lib/samba/ntp_signd/socket	rw,

Debian bugnr : #928168 
And same for chrony. 
If you use NTP, i dont recommend the use of a ntp pool. 

I've seen ntp pools go off over 5 min difference, so in my opinion not
reliable enough.
Might depend also on the pools but, if hitted that once and then i changed it. 
( from : http://support.ntp.org/bin/view/Servers/WebHome ) 

You could use these for your location. 
gps.ntp.br
a.st1.ntp.br
d.st1.ntp.br
 

Now for you replication errors. 
Good to see you synced DC4 to DC3, that was what i would have recommended also. 

Did you compair the replication outputs, you might need to correct a few groups
where the members where off.
So keep the logs you posted also to verify the few left overs IF needed. 

Ok, while look at this, i noticed something else. 
Your previous messages to the list. 
https://www.spinics.net/lists/samba/msg156598.html 
Subject: joined computer not appear in all DCs (DC4 not sync with DC3)

So before you change anything, hold on. I've reviews some of your other
posts.
And ive look what is going on here. Basicly your affected by bug: 
https://bugzilla.samba.org/show_bug.cgi?id=12204 

Now, next week there is an new pacakge release, but since you where my first
donator, :-)
I'll make you an package so you can try and see if the patches in  bug#12204
do work out for you.


And last, since your running Debian and my packages, which make is much easier
to track wrong settings.
Run :
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Your probley already have dont this but please do it again on both DC's. 
Then PM it to me, and please dont modify anything, i need it exact as it. 
I'll respect your data and keep it secret. ( except if needed for other
samba-dev's to track your problem )
 
I'll pm you when these packages are ready. 

Greetz, 

Louis

Possibly Parallel Threads

Search for more seemingly similar threads

samba - May 2019 - DN lists have different size: 4065 != 4029

[Samba] DN lists have different size: 4065 != 4029

[Samba] DN lists have different size: 4065 != 4029

[Samba] DN lists have different size: 4065 != 4029

Possibly Parallel Threads