Hello,
We are facing an issue with samba syncpassword which doesn't work anymore.
We use it to synchronize samba4 password into a remote ldap used by
applications.
It has been working flawlessly for more than 2 years.
Our architecture:
2 main DC on the main site and about 10 remote DC (with site topology).
We synchronize the password with a daemonized python script used on every DC.
For this an ldb cache is generated
One day, after promoting a new remote DC, the sync began to fail on every DC.
We tried to recover the first main DC from a backup, the sync worked, until we
added a new DC and it failed again with the following error:
Thu Aug 13 15:19:12 2020: pid[31990]: ldb.LdbError(12) => (LDAP error 12
LDAP_UNAVAILABLE_CRITICAL_EXTENSION - <0000202C: Unable to unmarshall cookie
as a ldapControlDirSyncCookie structure at
../source4/dsdb/samdb/ldb_modules/dirsync.c:1269> <>)
Thu Aug 13 15:19:12 2020: pid[31990]: Wait before connect - sleep(1)
Thu Aug 13 15:19:13 2020: pid[31990]: Connecting to
'ldapi:///var/lib/samba/private/ldap_priv/ldapi'
Thu Aug 13 15:19:13 2020: pid[31990]: Resuming monitoring
dirsyncFilter:
(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(sAMAccountName=krbtgt*)))
dirsyncControls:
['dirsync:1:0:0:TVNEUwMAAAAA5dFec3HWAQAAAAAAAAAAyAIAACgUIgEAAAAAAAAAAAAAAAAoFCIBAAAAAHuL5g4OeKRLkd6SG+WqZowBAAAAAAAAAB0AAAAAAAAAe4vmDg54pEuR3pIb5apmjCgUIgEAAAAA94F/DhgP50iXtfXjE1ZKaBTOeAMAAAAAtxCtENgDv0qa8WLHUO1Fs5qGzQgAAAAA2x2GE8tptEeCmjHDEmuDTwiNdgoAAAAAqYd1FCYP8Ei9VmCnvkyBLgks6AsAAAAASQmXGaVQhkG7N/A5dNBNfnVMlwwAAAAAMGM7HTAN60OzUeiPfQfiQz2HywAAAAAAMUtvJD4030mLHgTO2NxurOV0cAAAAAAALyTQJ22BqU6LrA4+FtOGT+A5WgoAAAAAAnmDM/uWTEWcpVDXrJIZqEqpxQwAAAAAdCACOYoIGUaJ88HlfFlyvJNFsQwAAAAAY9rzOwsSEE2XNvPrq47KQYajcAoAAAAAfKPWWREZyEawUf/GMAtlEAyEXA0AAAAAgAbVa9vwWEuuLMi/nnsMQh39kgEAAAAAnPZKcS+820aMwSX1jQpXMgVfYgwAAAAAU5PhhejZPEeIs9fqgQDXkQwcsgIAAAAADAoPiL9i50eGwK1eQcm8cxxLaAsAAAAAolHhneqLEk2P5/5aOyDYc/vgwgwAAAAABBN+o2jYBE2eo0XAkOmxaLX80wwAAAAAWNZMpWBsc0e66bI3GdAbFi6+WQAAAAAACDizrrRCDEGGRoiswFmppeUOygwAAAAAKef7r5NrJUChxkt3iBXBqjVszQwAAAAAmYWise/JqUOMnD8euLNlcCj0AAAAAAAAflNsxanYz0KqLtsveZPltuobAQAAAAAAKvi5z25sAki4jeIJFZKXjGfBMAkAAAAAY69b3L6aK02JRfLfQxjIya6MZAAAAAAAWsQ27t1lYkqOOMJKX9E8NJn0dAAAAAAAwzAH+ocRDkSjKxVMKcoLmZlOSgkAAAAAeh2Y/QY5906APfSWXDLVf3dWyQAAAAAA',
'extended_dn:1:0']
syncCommand: /opt/syncpwd.py
We tried to flush and re create the ldb cache many times, without success.
I've been searching for hours, and found nothing about this specific error.
Have any of you ever experienced something like this or have a clue of how to
remediate to this?
Regards,