On 21/09/2020 00:35, Elias Pereira via samba wrote:> No errors occur, but still not replicating. It is not of all entries. > > For example, there are some users that the groups they are part, differ > between the two DCs. > > In the link below there is a diff between groups of a specific user. > # ldbsearch -H /var/lib/samba/private/sam.ldb "(samAccountName=125202)" > memberOf | grep CN= | awk -F, '{ print $1 }' > https://www.diffchecker.com/THo6dLOZAfter looking at that link, it isn't as a bad as what the the pretty picture paints ;-) The only difference is that DC3 has 'memberOf: CN=TAG-INF008-INFORMATICA II-2020/1' and DC4 doesn't, but they both have 'memberOf: CN=TAG-INF008-INFORMATICA I-T11-2020/1', a very similar group name, did one replace the other ? Rowland
Regarding the groups, now it's all right. Another doubt is about this bydefaults entry. The dc4 has this entry, but the dc3 does not. The dc3 is the fmso roles guy. Does it work that way or is there something wrong there? * Comparing [DOMAIN] context... * DN lists have different size: 5702 != 5703 * DNs found only in ldap://DC4: CN=BYDEFAULTS,CN=NETGROUP,CN=YPSERV30,CN=RPCSERVICES,CN=SYSTEM,DC=CAMPUS,DC=COMPANY,DC=BR * Objects to be compared: 5702 On Mon, Sep 21, 2020 at 5:15 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 21/09/2020 00:35, Elias Pereira via samba wrote: > > No errors occur, but still not replicating. It is not of all entries. > > > > For example, there are some users that the groups they are part, differ > > between the two DCs. > > > > In the link below there is a diff between groups of a specific user. > > # ldbsearch -H /var/lib/samba/private/sam.ldb "(samAccountName=125202)" > > memberOf | grep CN= | awk -F, '{ print $1 }' > > https://www.diffchecker.com/THo6dLOZ > > After looking at that link, it isn't as a bad as what the the pretty > picture paints ;-) > > The only difference is that DC3 has 'memberOf: CN=TAG-INF008-INFORMATICA > II-2020/1' and DC4 doesn't, but they both have 'memberOf: > CN=TAG-INF008-INFORMATICA I-T11-2020/1', a very similar group name, did > one replace the other ? > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On 21/09/2020 15:00, Elias Pereira via samba wrote:> Another doubt is about this bydefaults entry. > The dc4 has this entry, but the dc3 does not. The dc3 is the fmso roles guy. > Does it work that way or is there something wrong there?Whilst there are a few attributes that do not replicate, all DN's should.> * Comparing [DOMAIN] context... > > * DN lists have different size: 5702 != 5703 > > * DNs found only in ldap://DC4: > > CN=BYDEFAULTS,CN=NETGROUP,CN=YPSERV30,CN=RPCSERVICES,CN=SYSTEM,DC=CAMPUS,DC=COMPANY,DC=BR > * Objects to be compared: 5702That DN is part of 'ypServ30.ldif', so if you provisioned with '--use-rfc2307' or added IDMU to a windows domain, you should have that CN in AD on all your DC's. The question has to be, why do you only have it on one DC ? Rowland