On my site with samba 4.18 on centos 6:
'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with
this result msDS-NC Type failed :
[root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave
-Uadministrator
Password for [TPLK\administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 606
Comparing:
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
serverState
FAILED
Comparing:
'DC=tplk,DC=loc' [ldap://s4master]
'DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
serverState
FAILED
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
serverState
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1616
Comparing:
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
subRefs
msDS-NcType
FAILED
* Result for [CONFIGURATION]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
subRefs
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
Comparing:
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [SCHEMA]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 333
Comparing:
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [DNSDOMAIN]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
* Comparing [DNSFOREST] context...
* Objects to be compared: 19
Comparing:
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
Attributes found only in ldap://s4master:
msDS-NcType
FAILED
* Result for [DNSFOREST]: FAILURE
SUMMARY
---------
Attributes found only in ldap://s4master:
msDS-NcType
ERROR: Compare failed: -1
Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
Penny
Gesendet: Mittwoch, 15. Juli 2015 17:35
An: samba at lists.samba.org
Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency
On 15/07/15 14:31, mathias dufresne wrote:> Hi all,
>
> I'm having a test AD domain composed with 2 DC, using Sernet's
version
> of Samba 4.2.2.
>
> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00).
>
> These two are using TDB as a backend (as we have no other choice at
> this stage of Samba's development).
>
> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 #
> returned 27392 records # *27389* entries # 3 referrals *dc00*:~#
> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned
27892
> records # *27889* entries # 3 referrals
>
> I'm wondering with I'm missing 500 groups on dc20 database.
>
> Perhaps this issue comes from the fact there was a space issue on dc00
> (/var/log/samba/log.samba fulfilled /var (debug) and database is on
> same FS into /var/lib/samba).
>
> Anyway, do we have something to force databases to come back to a
> coherent state?
> Could we tdbdump the DB on one host then tdbrestore it on the other?
>
> Kindly regards,
>
> mathias
What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator'
show ?
More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
msDS-NcType is not replicable attribute. See https://msdn.microsoft.com/en-us/library/cc220312.aspx Try check samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator --filter=msDS-NcType,serverState,subRefs,whenChanged 16.07.2015 09:19, Daniel Müller пишет:> On my site with samba 4.18 on centos 6: > > 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed : > > [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator > Password for [TPLK\administrator]: > > * Comparing [DOMAIN] context... > > * Objects to be compared: 606 > > Comparing: > 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > serverState > FAILED > > Comparing: > 'DC=tplk,DC=loc' [ldap://s4master] > 'DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > serverState > FAILED > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > serverState > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1616 > > Comparing: > 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > subRefs > msDS-NcType > FAILED > > * Result for [CONFIGURATION]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > subRefs > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1550 > > Comparing: > 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [SCHEMA]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 333 > > Comparing: > 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master] > 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [DNSDOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 19 > > Comparing: > 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master] > 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [DNSFOREST]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > ERROR: Compare failed: -1 > > > Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > > > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny > Gesendet: Mittwoch, 15. Juli 2015 17:35 > An: samba at lists.samba.org > Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency > > On 15/07/15 14:31, mathias dufresne wrote: >> Hi all, >> >> I'm having a test AD domain composed with 2 DC, using Sernet's version >> of Samba 4.2.2. >> >> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00). >> >> These two are using TDB as a backend (as we have no other choice at >> this stage of Samba's development). >> >> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # >> returned 27392 records # *27389* entries # 3 referrals *dc00*:~# >> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27892 >> records # *27889* entries # 3 referrals >> >> I'm wondering with I'm missing 500 groups on dc20 database. >> >> Perhaps this issue comes from the fact there was a space issue on dc00 >> (/var/log/samba/log.samba fulfilled /var (debug) and database is on >> same FS into /var/lib/samba). >> >> Anyway, do we have something to force databases to come back to a >> coherent state? >> Could we tdbdump the DB on one host then tdbrestore it on the other? >> >> Kindly regards, >> >> mathias > What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' show ? > > More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 16/07/15 07:19, Daniel Müller wrote:> On my site with samba 4.18 on centos 6: > > 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' failed with this result msDS-NC Type failed : > > [root at s4master ~]# samba-tool ldapcmp ldap://s4master ldap://s4slave -Uadministrator > Password for [TPLK\administrator]: > > * Comparing [DOMAIN] context... > > * Objects to be compared: 606 > > Comparing: > 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > serverState > FAILED > > Comparing: > 'DC=tplk,DC=loc' [ldap://s4master] > 'DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > serverState > FAILED > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > serverState > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1616 > > Comparing: > 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > subRefs > msDS-NcType > FAILED > > * Result for [CONFIGURATION]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > subRefs > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1550 > > Comparing: > 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master] > 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [SCHEMA]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 333 > > Comparing: > 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master] > 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [DNSDOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 19 > > Comparing: > 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master] > 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave] > Attributes found only in ldap://s4master: > msDS-NcType > FAILED > > * Result for [DNSFOREST]: FAILURE > > SUMMARY > --------- > > Attributes found only in ldap://s4master: > > msDS-NcType > ERROR: Compare failed: -1 > > > Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller at tropenklinik.de > Internet: www.tropenklinik.de > > > > -----Ursprüngliche Nachricht----- > Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny > Gesendet: Mittwoch, 15. Juli 2015 17:35 > An: samba at lists.samba.org > Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency > > On 15/07/15 14:31, mathias dufresne wrote: >> Hi all, >> >> I'm having a test AD domain composed with 2 DC, using Sernet's version >> of Samba 4.2.2. >> >> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00). >> >> These two are using TDB as a backend (as we have no other choice at >> this stage of Samba's development). >> >> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # >> returned 27392 records # *27389* entries # 3 referrals *dc00*:~# >> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 # returned 27892 >> records # *27889* entries # 3 referrals >> >> I'm wondering with I'm missing 500 groups on dc20 database. >> >> Perhaps this issue comes from the fact there was a space issue on dc00 >> (/var/log/samba/log.samba fulfilled /var (debug) and database is on >> same FS into /var/lib/samba). >> >> Anyway, do we have something to force databases to come back to a >> coherent state? >> Could we tdbdump the DB on one host then tdbrestore it on the other? >> >> Kindly regards, >> >> mathias > What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator' show ? > > More info, see here: https://wiki.samba.org/index.php/Samba-tool_ldapcmp > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >Stop worrying, all the failing attributes are non replicating attributes, this has been fixed in later samba4 versions. Rowland
mathias dufresne
2015-Jul-16 11:20 UTC
[Samba] 4.2.2 as AD with 2 DCs: database incoherency
Here I obtained:
---------------------
* Comparing [DOMAIN] context...
Failed search of base=DC=ad,DC=domain,DC=tld
ERROR(ldb): uncaught exception - LDAP client internal error:
NT_STATUS_UNEXPECTED_NETWORK_ERROR
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
979, in run
outf=self.outf, errf=self.errf)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
698, in __init__
self.dn_list = self.get_dn_list(context)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/ldapcmp.py",
line
841, in get_dn_list
res = self.con.ldb.search(base=self.search_base,
scope=self.search_scope, attrs=["dn"])
----------------------
Which led me to check my /etc/resolv.conf and on one DC there was only one
DNS entry to access local Samba and no line to ask to the other DC. I've
added the second DC as nameserver and rerun the command... to obtain the
very same error.
I had a line in /etc/hosts with hostname for address 127.0.0.1, I removed
it and rerun the command. Same error.
I will try this command from the other DC later, it took around 45min to
run and I don't have them right now... I'll come back to send you some
feedback.
Best regards,
Mathias
2015-07-16 9:37 GMT+02:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
> On 16/07/15 07:19, Daniel Müller wrote:
>
>> On my site with samba 4.18 on centos 6:
>>
>> 'samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator'
failed with
>> this result msDS-NC Type failed :
>>
>> [root at s4master ~]# samba-tool ldapcmp ldap://s4master
>> ldap://s4slave -Uadministrator
>> Password for [TPLK\administrator]:
>>
>> * Comparing [DOMAIN] context...
>>
>> * Objects to be compared: 606
>>
>> Comparing:
>> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4master]
>> 'CN=Builtin,DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> serverState
>> FAILED
>>
>> Comparing:
>> 'DC=tplk,DC=loc' [ldap://s4master]
>> 'DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> msDS-NcType
>> serverState
>> FAILED
>>
>> * Result for [DOMAIN]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://s4master:
>>
>> msDS-NcType
>> serverState
>>
>> * Comparing [CONFIGURATION] context...
>>
>> * Objects to be compared: 1616
>>
>> Comparing:
>> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
>> 'CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> subRefs
>> msDS-NcType
>> FAILED
>>
>> * Result for [CONFIGURATION]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://s4master:
>>
>> msDS-NcType
>> subRefs
>>
>> * Comparing [SCHEMA] context...
>>
>> * Objects to be compared: 1550
>>
>> Comparing:
>> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4master]
>> 'CN=Schema,CN=Configuration,DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> msDS-NcType
>> FAILED
>>
>> * Result for [SCHEMA]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://s4master:
>>
>> msDS-NcType
>>
>> * Comparing [DNSDOMAIN] context...
>>
>> * Objects to be compared: 333
>>
>> Comparing:
>> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4master]
>> 'DC=DomainDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> msDS-NcType
>> FAILED
>>
>> * Result for [DNSDOMAIN]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://s4master:
>>
>> msDS-NcType
>>
>> * Comparing [DNSFOREST] context...
>>
>> * Objects to be compared: 19
>>
>> Comparing:
>> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4master]
>> 'DC=ForestDnsZones,DC=tplk,DC=loc' [ldap://s4slave]
>> Attributes found only in ldap://s4master:
>> msDS-NcType
>> FAILED
>>
>> * Result for [DNSFOREST]: FAILURE
>>
>> SUMMARY
>> ---------
>>
>> Attributes found only in ldap://s4master:
>>
>> msDS-NcType
>> ERROR: Compare failed: -1
>>
>>
>> Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus
>> Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von
Rowland
>> Penny
>> Gesendet: Mittwoch, 15. Juli 2015 17:35
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] 4.2.2 as AD with 2 DCs: database incoherency
>>
>> On 15/07/15 14:31, mathias dufresne wrote:
>>
>>> Hi all,
>>>
>>> I'm having a test AD domain composed with 2 DC, using
Sernet's version
>>> of Samba 4.2.2.
>>>
>>> These two DC are Centos 6.6 (dc20) and Debian 7.8 (dc00).
>>>
>>> These two are using TDB as a backend (as we have no other choice at
>>> this stage of Samba's development).
>>>
>>> *dc20*:~# ldbsearch -H $sam '(objectclass=group)' dn | tail
-3 #
>>> returned 27392 records # *27389* entries # 3 referrals *dc00*:~#
>>> ldbsearch -H $sam '(objectclass=group)' dn | tail -3 #
returned 27892
>>> records # *27889* entries # 3 referrals
>>>
>>> I'm wondering with I'm missing 500 groups on dc20 database.
>>>
>>> Perhaps this issue comes from the fact there was a space issue on
dc00
>>> (/var/log/samba/log.samba fulfilled /var (debug) and database is on
>>> same FS into /var/lib/samba).
>>>
>>> Anyway, do we have something to force databases to come back to a
>>> coherent state?
>>> Could we tdbdump the DB on one host then tdbrestore it on the
other?
>>>
>>> Kindly regards,
>>>
>>> mathias
>>>
>> What does 'samba-tool ldapcmp ldap://DC1 ldap://DC2
-Uadministrator' show
>> ?
>>
>> More info, see here:
https://wiki.samba.org/index.php/Samba-tool_ldapcmp
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
> Stop worrying, all the failing attributes are non replicating attributes,
> this has been fixed in later samba4 versions.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>