Marcio Demetrio Bacci
2019-Jul-27 19:13 UTC
[Samba] Problems with replication in the Samba 4
Hi,
I noticed that my Samba 4 DC isn't OK, because the are differences between
the data storaged int he Schema on my Windows Server 2008 (isn't R2) DC and
Samba 4 DC.
This way, I performed several tests on my servers as shown below.
Follow the results of command repadmin in the Windows Server 2008:
C:\Windows\system32>repadmin /showreps /verbose
Default-First-Site-Name\WIN-DC1
Op??es DSA: IS_GC
Op??es de site: (none)
GUID de objeto DSA: d580939f-a8b9-43ea-84e9-be0f9bd29468
ID Invocation DSA: 71c305c7-564f-44dc-bdc7-c03ee501bd52
==== VIZINHOS DE ENTRADA =====================================
DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC via RPC
GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br
ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE NEVER_SYNCED
USNs: 0/OU, 0/PU
Last attempt on 2019-07-27 15:05:47 was delayed for a standard
reason
l,
resultado 8418 (0x20e2):
Replication operation failed due to a difference between the servers
involved.
?ltimo ?xito em (never).
Default-First-Site-Name\WIN-DC2 via RPC
GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 26947030/OU, 26947030/PU
Last attempt on 2019-07-27 15:28:39 successful.
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC via RPC
GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br
ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 8413/OU, 8413/PU
Last attempt on 2019-07-27 14:58:10 successful.
Default-First-Site-Name\WIN-DC2 via RPC
GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 26946849/OU, 26946849/PU
Last attempt on 2019-07-27 14:58:11 successful.
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 26946580/OU, 26946580/PU
Last attempt on 2019-07-27 14:58:11 successful.
Default-First-Site-Name\SAMBA4-DC via RPC
GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br
ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 8415/OU, 8415/PU
Last attempt on 2019-07-27 15:05:47 successful.
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 26946580/OU, 26946580/PU
Last attempt on 2019-07-27 14:58:11 successful.
Default-First-Site-Name\SAMBA4-DC via RPC
GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br
ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 8416/OU, 8416/PU
Last attempt on 2019-07-27 14:58:11 successful.
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC via RPC
GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._msdcs.empresa.com.br
ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 8417/OU, 8417/PU
Last attempt on 2019-07-27 14:58:11 successful.
Default-First-Site-Name\WIN-DC2 via RPC
GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321
Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br
ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b
SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE
USNs: 26946847/OU, 26946847/PU
Last attempt on 2019-07-27 14:58:12 successful.
#########################################################################################
Below is the result of command repadmin in the Samba 4 DC:
samba-tool drs showrepl
Default-First-Site-Name\SAMBA4-DC
DSA Options: 0x00000001
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
DSA invocationId: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
==== INBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:22:01 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:25:55 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:25:55 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 15:25:10 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:25:10 2019 -03
==== OUTBOUND NEIGHBORS ===
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Fri Jul 26 22:58:50 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 22:58:50 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 11:56:48 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Fri Jul 26 22:58:00 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 22:58:00 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 11:56:48 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Fri Jul 26 22:58:45 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 22:58:45 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 11:56:48 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Fri Jul 26 22:58:10 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 22:58:10 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Jul 26 11:56:48 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC1 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Sat Jul 27 15:05:48 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 15:05:48 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321
Last attempt @ Sat Jul 27 12:30:30 2019 -03 was successful
0 consecutive failure(s).
Last success @ Sat Jul 27 12:30:30 2019 -03
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: c6393fbd-461c-4fd7-ac62-4801a3de43d2
Enabled : TRUE
Server DNS name : win-dc1.empresa.com.br
Server DN name : CN=NTDS
Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: e5cef3eb-3c8a-4a75-8907-6712af32c952
Enabled : TRUE
Server DNS name : win-dc2.empresa.com.br
Server DN name : CN=NTDS
Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
###################################################
Below is part of the result of command samba-tool ldapcmp in the Samba 4 DC:
samba-tool ldapcmp ldap://WIN-DC1 ldap://SAMBA4-DC -UAdministrator
Password for [EMPRESA\Administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 1788
Comparing:
'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
Difference in attribute values:
lastLogonTimestamp =>
['132076666821833100']
['132085303876955790']
FAILED
Comparing:
'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
Difference in attribute values:
lastLogonTimestamp =>
['132077518489276456']
['132086132301542190']
FAILED
.......
Comparing:
'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1]
'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC]
Difference in attribute values:
userParameters =>
['
P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa5\xe3\x80\xb0\xe3\x80\xb1\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x80\xb0']
[' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
\x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00
\x00 \x00 \x00
\x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000e00010\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0000']
FAILED
.......
* Result for [DOMAIN]: FAILURE
SUMMARY
---------
Attributes with different values:
servicePrincipalName
lastLogonTimestamp
userParameters
pwdLastSet
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1649
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1518
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 209
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 17
* Result for [DNSFOREST]: SUCCESS
ERROR: Compare failed: -1
#############################################
Below is the result of command ldbsearch -H in the Samba 4 DC:
ldbsearch -H /var/lib/samba/private/sam.ldb
'(fromServer=*CN=SAMBA4-DC*)'
--cross-ncs dn
# record 1
dn: CN=b58de6d7-9206-42ff-9a85-56a40a93b327,CN=NTDS
Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
# record 2
dn: CN=10993b69-00cf-404a-be18-c77e1d3417d1,CN=NTDS
Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
# returned 2 records
# 2 entries
# 0 referrals
Would anyone have an idea to properly sync my servers?
Regards,
M?rcio Bacci
Marcio Demetrio Bacci
2019-Jul-29 12:15 UTC
[Samba] Problems with replication in the Samba 4
Hi, Please, Would anyone help me? Regards, M?rcio Bacci Em s?b, 27 de jul de 2019 ?s 16:13, Marcio Demetrio Bacci < marciobacci at gmail.com> escreveu:> Hi, > > I noticed that my Samba 4 DC isn't OK, because the are differences between > the data storaged int he Schema on my Windows Server 2008 (isn't R2) DC and > Samba 4 DC. > > This way, I performed several tests on my servers as shown below. > > Follow the results of command repadmin in the Windows Server 2008: > > > C:\Windows\system32>repadmin /showreps /verbose > > Default-First-Site-Name\WIN-DC1 > Op??es DSA: IS_GC > Op??es de site: (none) > GUID de objeto DSA: d580939f-a8b9-43ea-84e9-be0f9bd29468 > ID Invocation DSA: 71c305c7-564f-44dc-bdc7-c03ee501bd52 > > ==== VIZINHOS DE ENTRADA =====================================> > DC=empresa,DC=com,DC=br > Default-First-Site-Name\SAMBA4-DC via RPC > GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._ > msdcs.empresa.com.br > ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE NEVER_SYNCED > USNs: 0/OU, 0/PU > Last attempt on 2019-07-27 15:05:47 was delayed for a standard > reason > l, > resultado 8418 (0x20e2): > Replication operation failed due to a difference between the servers > involved. > ?ltimo ?xito em (never). > Default-First-Site-Name\WIN-DC2 via RPC > GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321 > Address: 3b894dae-0497-43ae-b69a-e31750112321._ > msdcs.empresa.com.br > ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 26947030/OU, 26947030/PU > Last attempt on 2019-07-27 15:28:39 successful. > > CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\SAMBA4-DC via RPC > GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._ > msdcs.empresa.com.br > ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 8413/OU, 8413/PU > Last attempt on 2019-07-27 14:58:10 successful. > Default-First-Site-Name\WIN-DC2 via RPC > GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321 > Address: 3b894dae-0497-43ae-b69a-e31750112321._ > msdcs.empresa.com.br > ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 26946849/OU, 26946849/PU > Last attempt on 2019-07-27 14:58:11 successful. > > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321 > Address: 3b894dae-0497-43ae-b69a-e31750112321._ > msdcs.empresa.com.br > ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 26946580/OU, 26946580/PU > Last attempt on 2019-07-27 14:58:11 successful. > Default-First-Site-Name\SAMBA4-DC via RPC > GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._ > msdcs.empresa.com.br > ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 8415/OU, 8415/PU > Last attempt on 2019-07-27 15:05:47 successful. > > DC=DomainDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321 > Address: 3b894dae-0497-43ae-b69a-e31750112321._ > msdcs.empresa.com.br > ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 26946580/OU, 26946580/PU > Last attempt on 2019-07-27 14:58:11 successful. > Default-First-Site-Name\SAMBA4-DC via RPC > GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._ > msdcs.empresa.com.br > ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 8416/OU, 8416/PU > Last attempt on 2019-07-27 14:58:11 successful. > > DC=ForestDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\SAMBA4-DC via RPC > GUID de objeto DSA: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > Address: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a._ > msdcs.empresa.com.br > ID Invocation DSA: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 8417/OU, 8417/PU > Last attempt on 2019-07-27 14:58:11 successful. > Default-First-Site-Name\WIN-DC2 via RPC > GUID de objeto DSA: 3b894dae-0497-43ae-b69a-e31750112321 > Address: 3b894dae-0497-43ae-b69a-e31750112321._msdcs.empresa.com.br > ID Invocation DSA: ad07f0d5-237c-4611-80a5-3751a318329b > SYNC_ON_STARTUP DO_SCHEDULED_SYNCS WRITEABLE > USNs: 26946847/OU, 26946847/PU > Last attempt on 2019-07-27 14:58:12 successful. > > > > > ######################################################################################### > Below is the result of command repadmin in the Samba 4 DC: > > samba-tool drs showrepl > > Default-First-Site-Name\SAMBA4-DC > DSA Options: 0x00000001 > DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a > DSA invocationId: a20c8ed0-c72a-4e57-9e59-2236f127d0b8 > > ==== INBOUND NEIGHBORS ===> > DC=ForestDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > DC=ForestDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > DC=DomainDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > DC=DomainDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 15:22:01 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:22:01 2019 -03 > > DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:25:55 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:25:55 2019 -03 > > DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 15:25:10 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:25:10 2019 -03 > > ==== OUTBOUND NEIGHBORS ===> > DC=ForestDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Fri Jul 26 22:58:50 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 22:58:50 2019 -03 > > DC=ForestDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 11:56:48 2019 -03 > > CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Fri Jul 26 22:58:00 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 22:58:00 2019 -03 > > CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 11:56:48 2019 -03 > > DC=DomainDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Fri Jul 26 22:58:45 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 22:58:45 2019 -03 > > DC=DomainDnsZones,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 11:56:48 2019 -03 > > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Fri Jul 26 22:58:10 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 22:58:10 2019 -03 > > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Fri Jul 26 11:56:48 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Fri Jul 26 11:56:48 2019 -03 > > DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC1 via RPC > DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468 > Last attempt @ Sat Jul 27 15:05:48 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 15:05:48 2019 -03 > > DC=empresa,DC=com,DC=br > Default-First-Site-Name\WIN-DC2 via RPC > DSA object GUID: 3b894dae-0497-43ae-b69a-e31750112321 > Last attempt @ Sat Jul 27 12:30:30 2019 -03 was successful > 0 consecutive failure(s). > Last success @ Sat Jul 27 12:30:30 2019 -03 > > ==== KCC CONNECTION OBJECTS ===> > Connection -- > Connection name: c6393fbd-461c-4fd7-ac62-4801a3de43d2 > Enabled : TRUE > Server DNS name : win-dc1.empresa.com.br > Server DN name : CN=NTDS > Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > Connection -- > Connection name: e5cef3eb-3c8a-4a75-8907-6712af32c952 > Enabled : TRUE > Server DNS name : win-dc2.empresa.com.br > Server DN name : CN=NTDS > Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > TransportType: RPC > options: 0x00000001 > Warning: No NC replicated for Connection! > > > > ################################################### > > Below is part of the result of command samba-tool ldapcmp in the Samba 4 > DC: > > samba-tool ldapcmp ldap://WIN-DC1 ldap://SAMBA4-DC -UAdministrator > Password for [EMPRESA\Administrator]: > > * Comparing [DOMAIN] context... > > * Objects to be compared: 1788 > > Comparing: > 'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1] > 'CN=COMP0039,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC] > Difference in attribute values: > lastLogonTimestamp => > ['132076666821833100'] > ['132085303876955790'] > FAILED > > Comparing: > 'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1] > 'CN=COMP10005,CN=Computers,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC] > Difference in attribute values: > lastLogonTimestamp => > ['132077518489276456'] > ['132086132301542190'] > FAILED > > ....... > > Comparing: > 'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://WIN-DC1] > 'CN=Administrador,CN=Users,DC=empresa,DC=com,DC=br' [ldap://SAMBA4-DC] > Difference in attribute values: > userParameters => > [' > P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa5\xe3\x80\xb0\xe3\x80\xb1\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x80\xb0'] > [' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 > \x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000e00010\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0000'] > FAILED > > ....... > > * Result for [DOMAIN]: FAILURE > > SUMMARY > --------- > > Attributes with different values: > > servicePrincipalName > lastLogonTimestamp > userParameters > pwdLastSet > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1649 > > * Result for [CONFIGURATION]: SUCCESS > > * Comparing [SCHEMA] context... > > * Objects to be compared: 1518 > > * Result for [SCHEMA]: SUCCESS > > * Comparing [DNSDOMAIN] context... > > * Objects to be compared: 209 > > * Result for [DNSDOMAIN]: SUCCESS > > * Comparing [DNSFOREST] context... > > * Objects to be compared: 17 > > * Result for [DNSFOREST]: SUCCESS > ERROR: Compare failed: -1 > > > ############################################# > > Below is the result of command ldbsearch -H in the Samba 4 DC: > > ldbsearch -H /var/lib/samba/private/sam.ldb '(fromServer=*CN=SAMBA4-DC*)' > --cross-ncs dn > # record 1 > dn: CN=b58de6d7-9206-42ff-9a85-56a40a93b327,CN=NTDS > Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > # record 2 > dn: CN=10993b69-00cf-404a-be18-c77e1d3417d1,CN=NTDS > Settings,CN=WIN-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > # returned 2 records > # 2 entries > # 0 referrals > > Would anyone have an idea to properly sync my servers? > > Regards, > > M?rcio Bacci > >
On 29/07/2019 13:15, Marcio Demetrio Bacci via samba wrote:> Hi, > > Please, Would anyone help me? >Your post was about problems between a Samba DC and a Windows DC, but you seem to have two Windows DCs, does replication between these work correctly ? Did you join the Samba DC to the Windows DC, or the other way around ? Have you run 'samba-tool dbcheck' on the Samba DC ? Rowland