Hi Douglas.
Yes, the replication is working.
Also, the graph viewed from the Linux and windows sides are exactly the same.
So, the end conclusion is: It's not perfect, but I shouldn't worry about
it?
BRGDS,
Bruno Guerreiro
From: samba <samba-bounces at lists.samba.org> on behalf of Douglas
Bagnall via samba <samba at lists.samba.org>
Sent: Tuesday, July 19, 2022 11:48 PM
To: samba at lists.samba.org <samba at lists.samba.org>
Subject: Re: [Samba] Error in samba-tool drs updateness
EMAIL EXTERNO ? ORGANIZA??O
A abertura de mensagens de origem e/ou conte?do duvidoso poder? comprometer a
sua privacidade e a seguran?a dos dados a que acede. N?o aceda a liga??es
(links), nem abra anexos de remetentes desconhecidos. Nunca forne?a dados
pessoais associados ? sua conta.
On 18/07/22 21:37, Bruno Guerreiro via samba wrote:> Hi Douglas,
> Thanks for the help, and sorry for the delay. I've been away.
No worries. Me too.
> I've applied the patch, and the result is this:
> Missing dn CN=DC01,CN=Servers,CN=Default-First-Site-Name, from UTD vector
for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> Missing dn CN=DC02,CN=Servers,CN=Default-First-Site-Name, from UTD vector
for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> Missing dn CN=DC03,CN=Servers,CN=Default-First-Site-Name, from UTD vector
for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
> ...
> Missing dn CN=DC10,CN=Servers,CN=Default-First-Site-Name, from UTD vector
for dsa CN=DC11,CN=Servers,CN=Default-First-Site-Name
>
>
> This DC11 is a Win2008R2 DC
Ok, that's interesting. It's obviously a bug insofar as Samba is not
playing well with the Windows DC, but if objects are being replicated
(including to and from DC11), then you don't need to worry.
This might cause problems if DC11 was selected as a bridgehead for
communication between Default-First-Site-Name and the other sites. That
won't happen spontaneously, but adding more DCs could trigger a
reorganisation.
These commands will draw you a graph of the network
samba-tool visualize ntdsconn -S --dot -o network.dot
dot -Tpng network.dot > network.png
Adding -H ldap://dc11... -UAdministrator to the samba-tool should allow
you to query Windows' view of the network. They *should* be the same.
cheers,
Douglas
> BRGDS,
> Bruno Guerreiro
>
>
>
>
>
> From: samba <samba-bounces at lists.samba.org> on behalf of Douglas
Bagnall via samba <samba at lists.samba.org>
> Sent: Monday, July 11, 2022 1:26 AM
> To: samba at lists.samba.org <samba at lists.samba.org>
> Subject: Re: [Samba] Error in samba-tool drs updateness
>
> EMAIL EXTERNO ? ORGANIZA??O
> A abertura de mensagens de origem e/ou conte?do duvidoso poder? comprometer
a sua privacidade e a seguran?a dos dados a que acede. N?o aceda a liga??es
(links), nem abra anexos de remetentes desconhecidos. Nunca forne?a dados
pessoais associados ? sua conta.
>
> hi Bruno,
>
> If you apply the attached patch to samba/uptodateness.py, wherever that
> might be on your system, it might tell you which DC is confused. (no
> recompiling should be necessary).
>
> On 7/07/22 06:49, Bruno Guerreiro via samba wrote:
>> Hi Rowland.
>> Here's the full error:
>>
>> root at DC01:~# samba-tool drs uptodateness
>
> From a `| sort | uniq -c`, it looks like 5 repetitions of 10 DCs, like
this:
>
> 5 Missing dn CN=DC01,CN=Servers,CN=Default-First-Site-Name,
> 5 Missing dn CN=DC02,CN=Servers,CN=Default-First-Site-Name,
> 5 Missing dn CN=DC03,CN=Servers,CN=Porto,
> 5 Missing dn CN=DC04,CN=Servers,CN=Coimbra,
> 5 Missing dn CN=DC05,CN=Servers,CN=Evora,
> 5 Missing dn CN=DC06,CN=Servers,CN=Faro,
> 5 Missing dn CN=DC07,CN=Servers,CN=Funchal,
> 5 Missing dn CN=DC08,CN=Servers,CN=Lisboa,
> 5 Missing dn CN=DC09,CN=Servers,CN=Lisboa,
> 5 Missing dn CN=DC10,CN=Servers,CN=Angra,
>
>
> 5 repetitions because 5 partitions. Is there an 11th DC? Or one that was
> not removed completely and/or not smoothly upgraded?
>
>> DOMAIN maximum: 207 median: 18.0 failure: 10
>> CONFIGURATION maximum: 468 median: 29.0 failure: 10
>> SCHEMA maximum: 318 median: 27.0 failure: 10
>> DNSDOMAIN maximum: 56 median: 3.0 failure: 10
>> DNSFOREST maximum: 378 median: 36.0 failure: 10
>
> I think I'd expect the max/median numbers to be lower here, unless the
> network is very busy at the time -- or, of course, a DC that is failing to
> replicate.
>
> cheers,
> Douglas
> Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) ? destinada
exclusivamente ?s pessoas nela indicadas e tem natureza confidencial. Se receber
esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e
ficheiros, sem tomar conhecimento do respectivo conteudo e sem reproduzi-la ou
divulg?-la. Confidentiality Warning: This e-mail message (and any attached
files) is confidential and is intended solely for the use of the individual or
entity to whom it is addressed. lf you are not the intended recipient of this
message please notify the sender and delete and destroy all copies immediately.
>
--
To unsubscribe from this list go to the following URL and read the
instructions:
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.samba.org%2Fmailman%2Foptions%2Fsamba&data=05%7C01%7Cbruno.guerreiro%40ine.pt%7C4533b6e8abf84154962108da69d960fe%7C71940a8652bd4ed389b7e0a7cd704043%7C0%7C0%7C637938679604317572%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nbSKUPJ0iJWiIFp58d4adCfnr%2BLcwqak67lI%2BwVQRus%3D&reserved=0
Confidencialidade: Esta mensagem (e eventuais ficheiros anexos) ? destinada
exclusivamente ?s pessoas nela indicadas e tem natureza confidencial. Se receber
esta mensagem por engano, por favor contacte o remetente e elimine a mensagem e
ficheiros, sem tomar conhecimento do respectivo conteudo e sem reproduzi-la ou
divulg?-la. Confidentiality Warning: This e-mail message (and any attached
files) is confidential and is intended solely for the use of the individual or
entity to whom it is addressed. lf you are not the intended recipient of this
message please notify the sender and delete and destroy all copies immediately.