Hi, I have a domain with a single Windows 2003 DC running. Today I created a Samba4 DC (using 4.0.0 release) and asked it to join the existing domain as an additional controller. Replication of both the objects and dns entries appears to be working well, and the usual tests of adding a user to one and confirming it is available in the other is similarly working.
However, the `ldapcmp` tool claims there are numerous discrepancies in the replicated data between the two ldap directories. Note the 'attributes found only in' list in the example comparison for a specific user in the directory: $ sudo samba-tool ldapcmp ldap://windowsdc.exampledn.com ldap://samba4dc.exampledn.com domain --base='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' --base2='CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' * Comparing [DOMAIN] context... * Objects to be compared: 1 Comparing: 'CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' [ldap://windowsdc.exampledn.com] 'CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com' [ldap://samba4dc.exampledn.com] Attributes found only in ldap://windowsdc.exampledn.com: instanceType whenCreated pwdLastSet accountExpires userAccountControl FAILED * Result for [DOMAIN]: FAILURE SUMMARY --------- Attributes found only in ldap://windowsdc.exampledn.com: pwdLastSet whenCreated instanceType userAccountControl accountExpires ERROR: Compare failed: -1 However, using `ldapsearch` to query the directories of both domain controllers directly, shows that these five attributes all appear to exist in both? In addition, the diff of the two queries seems to indicated some missing attributes and differing values on the samba4 domaincontroller that are not mentioned/caught by the ldapcmp tool? --- /tmp/ldapsearch-windowsdc 2012-12-27 18:42:30.193281974 +0100 +++ /tmp/ldapsearch-samba4dc 2012-12-27 18:42:30.233278605 +0100 @@ -1,34 +1,29 @@ dn: CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: ExampleFirstName ExampleSecondName sn: ExampleSecondName givenName: ExampleFirstName distinguishedName: CN=ExampleFirstName ExampleSecondName,OU=OU,DC=exampledn,DC=com instanceType: 4 whenCreated: 20100401152917.0Z whenChanged: 20100401152918.0Z displayName: ExampleFirstName ExampleSecondName -uSNCreated: 236996493 -uSNChanged: 236996516 +uSNCreated: 3171 +uSNChanged: 3171 name: ExampleFirstName ExampleSecondName objectGUID:: 2io6fCOdmUW5yeebD85hAA== userAccountControl: 66048 -badPwdCount: 0 codePage: 0 countryCode: 0 -badPasswordTime: 130010173443750000 -lastLogoff: 0 -lastLogon: 130010708699218750 pwdLastSet: 129146093579687500 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAdPiuHDqU7zAoMuUqaAoAAA== accountExpires: 9223372036854775807 -logonCount: 7781 sAMAccountName: examplesecondname.examplefirstname sAMAccountType: 805306368 userPrincipalName: [email protected] objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=exampledn,DC=com Should I be concerned by any of this? Cheers, Dominic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
