>I just had a look at tranquils code again and I have a possible idea >about what is going on. The code was written for python2 and needs >updating to python3Yes, but as i explained before, we managed to make it work since almost a thousand days in a row ? THe ldb cache is initialized with: samba-tool user syncpasswords --cache-ldb-initialize --attributes=virtualSSHA,samaccountname,virtualClearTextUTF8 --script=/opt/syncpwd.py --decrypt-samba-gpg We originally modified a bit the script to retrieve the virtualClearTextUTF8 value of the password, then decode it in base64 , re encode it in md4 and send it to remote LDAP server. This worked like a charm. Nothing has been modified or updated on the samba main DC exept the fact we tried to join another remote DC which made the synchronization fail. I dont' kniw what it is talking about when it says " Unable to unmarshall cookie as a ldapControlDirSyncCookie structure" So there's something wrong on samba side that came with the new DC join for sure. What is this cookie? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 14/08/2020 08:41, Julien TEHERY wrote:> >I just had a look at tranquils code again and I have a possible idea > >about what is going on. The code was written for python2 and needs > >updating to python3 > > Yes, but as i explained before, we managed to make it work since > almost a thousand days in a row ? > > THe ldb cache is initialized with: > > samba-tool user syncpasswords --cache-ldb-initialize > --attributes=virtualSSHA,samaccountname,virtualClearTextUTF8 > --script=/opt/syncpwd.py --decrypt-samba-gpg > > We originally modified a bit the script to retrieve the > virtualClearTextUTF8 value of the password, then decode it in base64 , > re encode it in md4 and send it to remote LDAP server. This worked > like a charm. > > Nothing has been modified or updated on the samba main DC exept the > fact we tried to join another remote DC which made the synchronization > fail. > I dont' kniw what it is talking about when it says "?Unable to > unmarshall cookie as a ldapControlDirSyncCookie structure" > So there's something wrong on samba side that came with the new DC > join for sure. > > What is this cookie?OK, after doing some digging, there have been code changes in 'source4/dsdb/samdb/ldb_modules/dirsync.c' and the block of code printing the error is no longer at line 1269, so it looks like you are using an older version of Samba. So what versions of Samba are you using on the 'main' DC and on the 'new' DC ? Also what OS ? Rowland
>OK, after doing some digging, there have been code changes in >'source4/dsdb/samdb/ldb_modules/dirsync.c' and the block of code >printing the error is no longer at line 1269, so it looks like you are >using an older version of Samba. So what versions of Samba are you using >on the 'main' DC and on the 'new' DC ? > >Also what OS ?Indeed we have an old version. We use Samba 4.7.6 on ubuntu 18.04 The remote DC we tried to join used the same OS/versions -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba