Hello,
dc3 = principal DC
dc4 = secondary DC
I had this problem last month after updating samba to version 4.10.x. and
also the schema from 45 to 69. But it looked like it had been corrected.
Today I noticed that on dc4 there are computers that are not on dc3.
I updated:
4.7.x to 4.8.x
4.8.x to 4.9.x and only after that I upgrade to 4.10.x version.
When I run these commands:
samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes ---- OK
samba_dnsupdate --verbose --all-names -------------------------------------
OK
samba-tool drs showrepl
---------------------------------------------------------- OK
all show OK.
*dc3 schema: *
# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu,dc=br' -s
base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69
# returned 1 records
# 1 entries
# 0 referrals
*dc4 schema:*
# ldbsearch -H /var/lib/samba/private/sam.ldb -b
'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu,dc=br' -s
base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
objectVersion: 69
# returned 1 records
# 1 entries
# 0 referrals
*smb.conf dc3*
# Global parameters
[global]
netbios name = DC3
realm = CAMPUS.SERTAO.IFRS.EDU.BR
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = CAMPUS
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = lo eth0
ldap server require strong auth = no
#log file = /var/log/samba/log.%m
#log level = 10
ntlm auth = yes
#ntlm auth = mschapv2-and-ntlmv2-only
allow dns updates = nonsecure
# SSL CERTS
#tls enabled = yes
#tls keyfile = tls/sertao.ifrs.edu.br.key.npw
#tls certfile = tls/sertao.ifrs.edu.br.crt
#tls cafile = tls/ca_join_icpedu.crt
[netlogon]
path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*smb.conf dc4*
# Global parameters
[global]
netbios name = DC4
realm = CAMPUS.SERTAO.IFRS.EDU.BR
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = CAMPUS
idmap_ldb:use rfc2307 = yes
bind interfaces only = yes
interfaces = lo eth0
ldap server require strong auth = no
#log file = /var/log/samba/log.%m
#log level = 10
ntlm auth = yes
#ntlm auth = mschapv2-and-ntlmv2-only
allow dns updates = nonsecure
[netlogon]
path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*samba-tool fsmo show dc3:*
# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
*samba-tool fsmo show dc4:*
# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br
Any ideas on how to debug this problem better? Any other log or config you
need, just ask.
--
Elias Pereira
On Tue, 7 May 2019 10:47:56 -0300 Elias Pereira via samba <samba at lists.samba.org> wrote:> Hello, > > dc3 = principal DC > dc4 = secondary DC > > I had this problem last month after updating samba to version 4.10.x. > and also the schema from 45 to 69. But it looked like it had been > corrected. Today I noticed that on dc4 there are computers that are > not on dc3. >Why did you upgrade the schema to '69' ? That is the schema from 2012R2 and is still marked as experimental. Rowland
Could you run : samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC And compair that output? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Elias Pereira via samba > Verzonden: dinsdag 7 mei 2019 15:48 > Aan: samba > Onderwerp: [Samba] DN lists have different size: 4065 != 4029 > > Hello, > > dc3 = principal DC > dc4 = secondary DC > > I had this problem last month after updating samba to version > 4.10.x. and > also the schema from 45 to 69. But it looked like it had been > corrected. > Today I noticed that on dc4 there are computers that are not on dc3. > > I updated: > 4.7.x to 4.8.x > 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version. > > When I run these commands: > > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > --yes ---- OK > samba_dnsupdate --verbose --all-names > ------------------------------------- > OK > samba-tool drs showrepl > ---------------------------------------------------------- OK > > all show OK. > > *dc3 schema: * > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > ,dc=br' -s > base objectVersion > # record 1 > dn: > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > objectVersion: 69 > > # returned 1 records > # 1 entries > # 0 referrals > > *dc4 schema:* > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > ,dc=br' -s > base objectVersion > # record 1 > dn: > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > objectVersion: 69 > > # returned 1 records > # 1 entries > # 0 referrals > > *smb.conf dc3* > > # Global parameters > [global] > netbios name = DC3 > realm = CAMPUS.SERTAO.IFRS.EDU.BR > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = CAMPUS > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > > bind interfaces only = yes > interfaces = lo eth0 > > ldap server require strong auth = no > #log file = /var/log/samba/log.%m > #log level = 10 > ntlm auth = yes > #ntlm auth = mschapv2-and-ntlmv2-only > > allow dns updates = nonsecure > > # SSL CERTS > #tls enabled = yes > #tls keyfile = tls/sertao.ifrs.edu.br.key.npw > #tls certfile = tls/sertao.ifrs.edu.br.crt > #tls cafile = tls/ca_join_icpedu.crt > > [netlogon] > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > *smb.conf dc4* > > # Global parameters > [global] > netbios name = DC4 > realm = CAMPUS.SERTAO.IFRS.EDU.BR > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = CAMPUS > idmap_ldb:use rfc2307 = yes > > bind interfaces only = yes > interfaces = lo eth0 > > ldap server require strong auth = no > #log file = /var/log/samba/log.%m > #log level = 10 > ntlm auth = yes > #ntlm auth = mschapv2-and-ntlmv2-only > > allow dns updates = nonsecure > > [netlogon] > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > *samba-tool fsmo show dc3:* > > # samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > ForestDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > *samba-tool fsmo show dc4:* > > # samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > ForestDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > Any ideas on how to debug this problem better? Any other log > or config you > need, just ask. > -- > Elias Pereira > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hello guys, Why did you upgrade the schema to '69' ?>> That is the schema from 2012R2 and is still marked as experimental.I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad> Could you run :> samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC> And compair that output?I made the comparison. It has a jumble of differences. Can I do a schema downgrade? On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> Could you run : > > samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC > > And compair that output? > > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Elias Pereira via samba > > Verzonden: dinsdag 7 mei 2019 15:48 > > Aan: samba > > Onderwerp: [Samba] DN lists have different size: 4065 != 4029 > > > > Hello, > > > > dc3 = principal DC > > dc4 = secondary DC > > > > I had this problem last month after updating samba to version > > 4.10.x. and > > also the schema from 45 to 69. But it looked like it had been > > corrected. > > Today I noticed that on dc4 there are computers that are not on dc3. > > > > I updated: > > 4.7.x to 4.8.x > > 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version. > > > > When I run these commands: > > > > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > > --yes ---- OK > > samba_dnsupdate --verbose --all-names > > ------------------------------------- > > OK > > samba-tool drs showrepl > > ---------------------------------------------------------- OK > > > > all show OK. > > > > *dc3 schema: * > > > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > > ,dc=br' -s > > base objectVersion > > # record 1 > > dn: > > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > objectVersion: 69 > > > > # returned 1 records > > # 1 entries > > # 0 referrals > > > > *dc4 schema:* > > > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > > ,dc=br' -s > > base objectVersion > > # record 1 > > dn: > > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > objectVersion: 69 > > > > # returned 1 records > > # 1 entries > > # 0 referrals > > > > *smb.conf dc3* > > > > # Global parameters > > [global] > > netbios name = DC3 > > realm = CAMPUS.SERTAO.IFRS.EDU.BR > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > > kdc, drepl, > > winbindd, ntp_signd, kcc, dnsupdate > > workgroup = CAMPUS > > server role = active directory domain controller > > idmap_ldb:use rfc2307 = yes > > > > bind interfaces only = yes > > interfaces = lo eth0 > > > > ldap server require strong auth = no > > #log file = /var/log/samba/log.%m > > #log level = 10 > > ntlm auth = yes > > #ntlm auth = mschapv2-and-ntlmv2-only > > > > allow dns updates = nonsecure > > > > # SSL CERTS > > #tls enabled = yes > > #tls keyfile = tls/sertao.ifrs.edu.br.key.npw > > #tls certfile = tls/sertao.ifrs.edu.br.crt > > #tls cafile = tls/ca_join_icpedu.crt > > > > [netlogon] > > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > *smb.conf dc4* > > > > # Global parameters > > [global] > > netbios name = DC4 > > realm = CAMPUS.SERTAO.IFRS.EDU.BR > > server role = active directory domain controller > > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > > kdc, drepl, > > winbindd, ntp_signd, kcc, dnsupdate > > workgroup = CAMPUS > > idmap_ldb:use rfc2307 = yes > > > > bind interfaces only = yes > > interfaces = lo eth0 > > > > ldap server require strong auth = no > > #log file = /var/log/samba/log.%m > > #log level = 10 > > ntlm auth = yes > > #ntlm auth = mschapv2-and-ntlmv2-only > > > > allow dns updates = nonsecure > > > > [netlogon] > > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > > read only = No > > > > [sysvol] > > path = /var/lib/samba/sysvol > > read only = No > > > > *samba-tool fsmo show dc3:* > > > > # samba-tool fsmo show > > SchemaMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > InfrastructureMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > RidAllocationMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > PdcEmulationMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > DomainNamingMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > DomainDnsZonesMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > ForestDnsZonesMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > > > *samba-tool fsmo show dc4:* > > > > # samba-tool fsmo show > > SchemaMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > InfrastructureMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > RidAllocationMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > PdcEmulationMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > DomainNamingMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > DomainDnsZonesMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > ForestDnsZonesMasterRole owner: CN=NTDS > > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > > > Any ideas on how to debug this problem better? Any other log > > or config you > > need, just ask. > > -- > > Elias Pereira > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
Hai, Now, differences is fine, but can you see if one of the 2 servers is correct, and for that it might be handy to share the output. You can push the good DB to the other DC. ( a forced replication ) And i can understand why you upgrade ... Did you see : samba-tool domain schemaupgrade --help Usage: samba-tool domain schemaupgrade [options] Domain schema upgrading Options: -h, --help show this help message and exit -H URL, --URL=URL LDB URL for database or target server -q, --quiet Be quiet -v, --verbose Be verbose --schema=SCHEMA The schema file to upgrade to. Default is (Windows) 2012_R2. The "Default" in samba 4.10.x is 2012R2.. but show the output, we will think of something to fix it :-) Greetz, Louis Van: Elias Pereira [mailto:empbilly at gmail.com] Verzonden: dinsdag 7 mei 2019 16:49 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] DN lists have different size: 4065 != 4029 Hello guys, Why did you upgrade the schema to '69' ? That is the schema from 2012R2 and is still marked as experimental. I do not know why I did this update. Maybe I thought I could use DC as 2012R2. <sad> Could you run : samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC And compair that output? I made the comparison. It has a jumble of differences. Can I do a schema downgrade? On Tue, May 7, 2019 at 11:11 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote: Could you run : samba-tool ldapcmp ldap://dc3 ldap://dc4 --filter=cn,CN,dc,DC And compair that output? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Elias Pereira via samba > Verzonden: dinsdag 7 mei 2019 15:48 > Aan: samba > Onderwerp: [Samba] DN lists have different size: 4065 != 4029 > > Hello, > > dc3 = principal DC > dc4 = secondary DC > > I had this problem last month after updating samba to version > 4.10.x. and > also the schema from 45 to 69. But it looked like it had been > corrected. > Today I noticed that on dc4 there are computers that are not on dc3. > > I updated: > 4.7.x to 4.8.x > 4.8.x to 4.9.x and only after that I upgrade to 4.10.x version. > > When I run these commands: > > samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix > --yes ---- OK > samba_dnsupdate --verbose --all-names > ------------------------------------- > OK > samba-tool drs showrepl > ---------------------------------------------------------- OK > > all show OK. > > *dc3 schema: * > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > ,dc=br' -s > base objectVersion > # record 1 > dn: > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > objectVersion: 69 > > # returned 1 records > # 1 entries > # 0 referrals > > *dc4 schema:* > > # ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'cn=Schema,cn=Configuration,dc=campus,dc=sertao,dc=ifrs,dc=edu > ,dc=br' -s > base objectVersion > # record 1 > dn: > CN=Schema,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > objectVersion: 69 > > # returned 1 records > # 1 entries > # 0 referrals > > *smb.conf dc3* > > # Global parameters > [global] > netbios name = DC3 > realm = CAMPUS.SERTAO.IFRS.EDU.BR > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = CAMPUS > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > > bind interfaces only = yes > interfaces = lo eth0 > > ldap server require strong auth = no > #log file = /var/log/samba/log.%m > #log level = 10 > ntlm auth = yes > #ntlm auth = mschapv2-and-ntlmv2-only > > allow dns updates = nonsecure > > # SSL CERTS > #tls enabled = yes > #tls keyfile = tls/sertao.ifrs.edu.br.key.npw > #tls certfile = tls/sertao.ifrs.edu.br.crt > #tls cafile = tls/ca_join_icpedu.crt > > [netlogon] > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > *smb.conf dc4* > > # Global parameters > [global] > netbios name = DC4 > realm = CAMPUS.SERTAO.IFRS.EDU.BR > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, > kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = CAMPUS > idmap_ldb:use rfc2307 = yes > > bind interfaces only = yes > interfaces = lo eth0 > > ldap server require strong auth = no > #log file = /var/log/samba/log.%m > #log level = 10 > ntlm auth = yes > #ntlm auth = mschapv2-and-ntlmv2-only > > allow dns updates = nonsecure > > [netlogon] > path = /var/lib/samba/sysvol/campus.sertao.ifrs.edu.br/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > *samba-tool fsmo show dc3:* > > # samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > ForestDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > *samba-tool fsmo show dc4:* > > # samba-tool fsmo show > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > DomainDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > ForestDnsZonesMasterRole owner: CN=NTDS > Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites > ,CN=Configuration,DC=campus,DC=sertao,DC=ifrs,DC=edu,DC=br > > Any ideas on how to debug this problem better? Any other log > or config you > need, just ask. > -- > Elias Pereira > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Elias Pereira