Rowland Penny
2022-Mar-25 10:11 UTC
[Samba] ldapcmp failed after windows server 2012 AD joined
On Fri, 2022-03-25 at 17:57 +0800, Adam Xu via samba wrote:> Hi samba list, > > I joined a windows server 2012 R2 to My samba AD recently. > > now I have 4 DCs? > > DC1: samba ad ver:4.15.6 > > DC2: samba ad ver:4.15.6 > > DC3: samba RODC ver:4.15.6 > > DC4: windows server 2012 R2 ad > > when I run: > > samba-tool ldapcmp ldap://DC1 ldap://DC4 -Uadministrator > > here's the result: > > * Comparing [CONFIGURATION] context... > > * Objects to be compared: 1791 > > Comparing: > 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC1] > 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC4] > Difference in attribute values: > instanceType => > [b'13'] > [b'5'] > > FAILEDThe 'instanceType' attribute can be different, so you do not have a problem. You can filter out attributes like this, see 'samba-tool ldapcmp --help' for more information. Rowland
Hi Rowland, Thanks for your quick reply. I also got a problem. sometimes when I Comparing [DOMAIN] context: some users may have different attribute values in userParameters,such as: Comparing: 'COM=jack,OU=DISABLED USERS,OU=SUZHOU,DC=NTBAOBEI,DC=COM' [ldap://DC1] 'COM=jack,OU=DISABLED USERS,OU=SUZHOU,DC=NTBAOBEI,DC=COM' [ldap://DC4] ??? Difference in attribute values: ??????? userParameters => [b' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000f0e0f7\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0001'] [b' P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa6\xe3\x81\xa5\xe3\x9d\xa6\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x84\xb0'] Can I ignore this too? ? 2022/3/25 18:11, Rowland Penny via samba ??:> On Fri, 2022-03-25 at 17:57 +0800, Adam Xu via samba wrote: >> Hi samba list, >> >> I joined a windows server 2012 R2 to My samba AD recently. >> >> now I have 4 DCs? >> >> DC1: samba ad ver:4.15.6 >> >> DC2: samba ad ver:4.15.6 >> >> DC3: samba RODC ver:4.15.6 >> >> DC4: windows server 2012 R2 ad >> >> when I run: >> >> samba-tool ldapcmpldap://DC1 ldap://DC4 -Uadministrator >> >> here's the result: >> >> * Comparing [CONFIGURATION] context... >> >> * Objects to be compared: 1791 >> >> Comparing: >> 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC1] >> 'CN=CONFIGURATION,DC=NTBAOBEI,DC=COM' [ldap://DC4] >> Difference in attribute values: >> instanceType => >> [b'13'] >> [b'5'] >> >> FAILED > The 'instanceType' attribute can be different, so you do not have a > problem. You can filter out attributes like this, see 'samba-tool > ldapcmp --help' for more information. > > Rowland > > >
Douglas Bagnall
2022-Apr-21 05:20 UTC
[Samba] ldapcmp failed after windows server 2012 AD joined
On 25/03/22 23:23, Adam Xu via samba wrote:> ??? Difference in attribute values: > ??????? userParameters => > [b' \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 \x00 > \x00 \x00 \x00 \x00 \x00 \x00 > \x00P\x00\x04\x00\x1a\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00P\x00r\x00e\x00s\x00e\x00n\x00t\x00551e0bb0\x18\x00\x08\x00\x01\x00C\x00t\x00x\x00C\x00f\x00g\x00F\x00l\x00a\x00g\x00s\x001\x0000f0e0f7\x12\x00\x08\x00\x01\x00C\x00t\x00x\x00S\x00h\x00a\x00d\x00o\x00w\x0001000000*\x00\x02\x00\x01\x00C\x00t\x00x\x00M\x00i\x00n\x00E\x00n\x00c\x00r\x00y\x00p\x00t\x00i\x00o\x00n\x00L\x00e\x00v\x00e\x00l\x0001'] > > [b' > P\x04\x1a\x08\x01CtxCfgPresent\xe3\x94\xb5\xe6\x94\xb1\xe6\x88\xb0\xe3\x81\xa2\x18\x08\x01CtxCfgFlags1\xe3\x80\xb0\xe3\x81\xa6\xe3\x81\xa5\xe3\x9d\xa6\x12\x08\x01CtxShadow\xe3\x84\xb0\xe3\x80\xb0\xe3\x80\xb0\xe3\x80\xb0*\x02\x01CtxMinEncryptionLevel\xe3\x84\xb0'] > > > Can I ignore this too?The two strings are identical except for leading whitespace and encoding. That is, the first one decoded as utf-16, then stripped of whitespace is exactly the second one decoded as utf-8. So it at least seems related to the bug Rowland mentioned. https://bugzilla.samba.org/show_bug.cgi?id=8077 Douglas