samba - Oct 2022 - Samba does not replicate attributes added via ldbmodify

HI Andrew,

thanks a lot for answering as well.

Am 12.10.22 um 20:42 schrieb Andrew Bartlett via samba:
> On the DC that is not getting the replication, have you forced
> replication?
> Does that help?
No. Unfortunately not. Actually forcing the replication thinks 
everything is in order.
# samba-tool drs replicate --local backup primary dc=ad,dc=domain,dc=de
Partition[dc=ad,dc=domain,dc=de] objects[0] linked_values[0]
Incremental replication of 0 objects and 0 links from primary to 
tdb:///var/lib/samba/private/sam.ldb was successful.

  > Are other changes (password updates, other modifications) reflected
  > compared with proxyAdddress?
Yes I just checked. password updates are replicated.
> (And don't worry, it is not case sensitive and is self-correcting of
> case, if Samba accepts the modify it should replicate, as long as you
> don't access the files under sam.ldb.d/ directly).
Well, the ldbmodify usedc was:
ldbmodify -v -H 'DC=AD,DC=DOMAIN,DC=DE.ldb' < 
/root/replace-proxyAddresses.ldif

Does this count as modifying the files directly?

Kind regards,
Ralf


-- 
OpenSource Security GmbH                https://os-s.de
Am Bahnhof 3                            48565 Steinfurt         Germany
Fon: +49 25 52 927009-0                 Fax: +49 25 52 927009-9
Registergericht: Amtsgericht Steinfurt, HRB 12044
Gesch?ftsf?hrer: Ralf Spenneberg, Hendrik Schwartke
Umsatzsteuer-Identifikationsnummer gem. ?27a UStG: DE815773501

On Thu, 2022-10-13 at 08:08 +0200, Ralf Spenneberg via samba
wrote:
> HI Andrew,
> thanks a lot for answering as well.
> Am 12.10.22 um 20:42 schrieb Andrew Bartlett via samba:
> > On the DC that is not getting the replication, have you
> > forcedreplication?Does that help?
> No. Unfortunately not. Actually forcing the replication thinks
> everything is in order.# samba-tool drs replicate --local backup
> primary dc=ad,dc=domain,dc=dePartition[dc=ad,dc=domain,dc=de]
> objects[0] linked_values[0]Incremental replication of 0 objects and 0
> links from primary to tdb:///var/lib/samba/private/sam.ldb was
> successful.
>   > Are other changes (password updates, other modifications)
> reflected  > compared with proxyAdddress?Yes I just checked. password
> updates are replicated.
> > (And don't worry, it is not case sensitive and is self-correcting
> > ofcase, if Samba accepts the modify it should replicate, as long as
> > youdon't access the files under sam.ldb.d/ directly).
> Well, the ldbmodify usedc was:ldbmodify -v -H
> 'DC=AD,DC=DOMAIN,DC=DE.ldb' < /root/replace-proxyAddresses.ldif
> Does this count as modifying the files directly?
Yes.  Your domain is now (subtly) corrupt.  Do not pass go, do not
collect $200. ;-)
The file to modify it the sam.ldb file in the directory above, this
provides the correct interface.
dbcheck might fix it. 
Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member
(since 2001) https://samba.orgSamba Team Lead, Catalyst IT  
https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open SourceSolutions