mathias dufresne
2015-Jul-15 13:31 UTC
[Samba] 4.2.2 as AD with 2 DCs: database incoherency
Hi all, I'm having a test AD domain composed with 2 DC, using Sernet's version of Samba 4.2.2. These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00). These two are using TDB as a backend (as we have no other choice at this stage of Samba's development). *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27392 records # *27389* entries # 3 referrals *dc00*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27892 records # *27889* entries # 3 referrals I'm wondering with I'm missing 500 groups on dc20 database. Perhaps this issue comes from the fact there was a space issue on dc00 (/var/log/samba/log.samba fulfilled /var (debug) and database is on same FS into /var/lib/samba). Anyway, do we have something to force databases to come back to a coherent state? Could we tdbdump the DB on one host then tdbrestore it on the other? Kindly regards, mathias
On 15/07/15 14:31, mathias dufresne wrote:> Hi all, > > I'm having a test AD domain composed with 2 DC, using Sernet's version of > Samba 4.2.2. > > These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00). > > These two are using TDB as a backend (as we have no other choice at this > stage of Samba's development). > > *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 > # returned 27392 records > # *27389* entries > # 3 referrals > *dc00*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 > # returned 27892 records > # *27889* entries > # 3 referrals > > I'm wondering with I'm missing 500 groups on dc20 database. > > Perhaps this issue comes from the fact there was a space issue on dc00 > (/var/log/samba/log.samba fulfilled /var (debug) and database is on same FS > into /var/lib/samba). > > Anyway, do we have something to force databases to come back to a coherent > state? > Could we tdbdump the DB on one host then tdbrestore it on the other? > > Kindly regards, > > mathiasWhat does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' show ? More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp Rowland
On my site with samba 4.18 on centos 6:
'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with
this result msDS-NC Type failed :
[root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
-Uadministrator
Password for [TPLK\administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 606
Comparing:
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
serverState
FAILED
Comparing:
'DC=tplk,DC=loc' [ldap://s4master]
'DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
serverState
FAILED
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
serverState
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1616
Comparing:
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
subRefs
msDS-NcType
FAILED
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
subRefs
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
Comparing:
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [SCHEMA]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 333
Comparing:
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [DNSDOMAIN]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
* Comparing [DNSFOREST] context...
* Objects to be compared: 19
Comparing:
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [DNSFOREST]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
ERROR: Compare failed: -1
Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
Penny
Gesendet: Mittwoch, 15. Juli 2015 17:35
An: samba at lists.samba.org
Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency
On 15/07/15 14:31, mathias dufresne wrote:> Hi all,
>
> I'm having a test AD domain composed with 2 DC, using Sernet's
version
> of Samba 4.2.2.
>
> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00).
>
> These two are using TDB as a backend (as we have no other choice at
> this stage of Samba's development).
>
> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 #
> returned 27392 records # *27389* entries # 3 referrals *dc00*:~#
> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned
27892
> records # *27889* entries # 3 referrals
>
> I'm wondering with I'm missing 500 groups on dc20 database.
>
> Perhaps this issue comes from the fact there was a space issue on dc00
> (/var/log/samba/log.samba fulfilled /var (debug) and database is on
> same FS into /var/lib/samba).
>
> Anyway, do we have something to force databases to come back to a
> coherent state?
> Could we tdbdump the DB on one host then tdbrestore it on the other?
>
> Kindly regards,
>
> mathias
What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator'
show ?
More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba