Andrew Bartlett
2022-Oct-13 06:14 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
On Thu, 2022-10-13 at 08:08 +0200, Ralf Spenneberg via samba wrote:> HI Andrew, > thanks a lot for answering as well. > Am 12.10.22 um 20:42 schrieb Andrew Bartlett via samba: > > On the DC that is not getting the replication, have you > > forcedreplication?Does that help? > No. Unfortunately not. Actually forcing the replication thinks > everything is in order.# samba-tool drs replicate --local backup > primary dc=ad,dc=domain,dc=dePartition[dc=ad,dc=domain,dc=de] > objects[0] linked_values[0]Incremental replication of 0 objects and 0 > links from primary to tdb:///var/lib/samba/private/sam.ldb was > successful. > > Are other changes (password updates, other modifications) > reflected > compared with proxyAdddress?Yes I just checked. password > updates are replicated. > > (And don't worry, it is not case sensitive and is self-correcting > > ofcase, if Samba accepts the modify it should replicate, as long as > > youdon't access the files under sam.ldb.d/ directly). > Well, the ldbmodify usedc was:ldbmodify -v -H > 'DC=AD,DC=DOMAIN,DC=DE.ldb' < /root/replace-proxyAddresses.ldif > Does this count as modifying the files directly?Yes. Your domain is now (subtly) corrupt. Do not pass go, do not collect $200. ;-) The file to modify it the sam.ldb file in the directory above, this provides the correct interface. dbcheck might fix it. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open SourceSolutions
Ralf Spenneberg
2022-Oct-13 06:21 UTC
[Samba] Samba does not replicate attributes added via ldbmodify
Hi Andrew, Am 13.10.22 um 08:14 schrieb Andrew Bartlett:>>> (And don't worry, it is not case sensitive and is self-correcting of >>> case, if Samba accepts the modify it should replicate, as long as you >>> don't access the files under sam.ldb.d/ directly). >> Well, the ldbmodify usedc was: >> ldbmodify -v -H 'DC=AD,DC=DOMAIN,DC=DE.ldb' < >> /root/replace-proxyAddresses.ldif >> >> Does this count as modifying the files directly? > > Yes. Your domain is now (subtly) corrupt. Do not pass go, do not collect $200. ;-)Ok, I already assumed something like that.> The file to modify it the sam.ldb file in the directory above, this provides the correct interface.So what would have been the correct command? ldapmodify -H /var/lib/samba/private/sam.ldb < xxx.ldif?> dbcheck might fix it.I already ran dbcheck. But it did not help. Could I try to repair the replication by rejoining the backup dc? Kind regards, Ralf