Luc Lalonde
2014-Jan-16 16:03 UTC
[Samba] Replication errors (WERR_DS_DRA_SCHEMA_MISMATCH)
Hello,
I'm getting replication errors of this type on the Samba (version 4.1.4)
server (name=Roquefort):
##### #############################
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py",
line 345, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
##################################
Here's what I see on one of the Windows 2008R2 DC's, name=Stilton:
##################################
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\STILTON
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 24f13466-e54e-4e61-a533-4626b06c17ec
DSA invocationID: 24f13466-e54e-4e61-a533-4626b06c17ec
==== INBOUND NEIGHBORS =====================================
DC=gigl,DC=polymtl,DC=ca
Default-First-Site-Name\ROQUEFORT via RPC
DSA object GUID: e1a21c83-3c3f-4fbb-bc5e-e2dcd1f2c5ac
Last attempt @ 2014-01-16 10:42:39 was delayed for a normal
reason, result 8418 (0x20e2):
##################################
I seem to be able to replicate from Windows2008R2 servers to Samba4...
but not the other way around.
Anyone have a clue?
Thanks!
--
Luc Lalonde, analyste
-----------------------------
D?partement de g?nie informatique:
?cole polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
Luc Lalonde
2014-May-12 14:51 UTC
[Samba] U/L case mismatch in SPN causing replication errors (WERR_DS_DRA_SCHEMA_MISMATCH)
Hello Folks,
I finally found what was causing replication errors using this command:
samba-tool ldapcmp ldap://stilton ldap://roquefort domain
A computer account had part of an SPN in lowercase on one DC (Samba 4.1.7) and
the other in uppercase (Windows2008R2-SP1):
TERMSRV/emmental.gigl.polymtl.ca
TERMSRV/EMMENTAL.gigl.polymtl.ca
The offending SPN entry was deleted with this command:
samba-tool spn delete TERMSRV/emmental.gigl.polymtl.ca emmental$
Now replication proceeds without any problems...
My question is: How the heck did this happen in the first place? Is this a
bug?
Thank You!
----- Original Message -----
From: "Luc Lalonde" <Luc.Lalonde at polymtl.ca>
To: samba at lists.samba.org
Sent: Thursday, January 16, 2014 11:03:40 AM
Subject: Replication errors (WERR_DS_DRA_SCHEMA_MISMATCH)
Hello,
I'm getting replication errors of this type on the Samba (version 4.1.4)
server (name=Roquefort):
##### #############################
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (8418, 'WERR_DS_DRA_SCHEMA_MISMATCH')
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py",
line 345, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
##################################
Here's what I see on one of the Windows 2008R2 DC's, name=Stilton:
##################################
C:\Users\Administrator>repadmin /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\STILTON
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 24f13466-e54e-4e61-a533-4626b06c17ec
DSA invocationID: 24f13466-e54e-4e61-a533-4626b06c17ec
==== INBOUND NEIGHBORS =====================================
DC=gigl,DC=polymtl,DC=ca
Default-First-Site-Name\ROQUEFORT via RPC
DSA object GUID: e1a21c83-3c3f-4fbb-bc5e-e2dcd1f2c5ac
Last attempt @ 2014-01-16 10:42:39 was delayed for a normal
reason, result 8418 (0x20e2):
##################################
I seem to be able to replicate from Windows2008R2 servers to Samba4...
but not the other way around.
Anyone have a clue?
Thanks!
--
Luc Lalonde, analyste
-----------------------------
D?partement de g?nie informatique:
?cole polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
Maybe Matching Threads
- Winbind strip domain from username?
- session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
- Unable to add a particular member to group (Samba 4.6.3)
- session setup failed: NT_STATUS_NO_IMPERSONATION_TOKEN
- Unable to add a particular member to group (Samba 4.6.3)