Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error

Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
On Tue, 25 Sep 2018 11:18:03 +0200
Daniel Jordan via samba <samba@xxxxxxxxxxxxxxx> wrote:

Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:
Hello list,

I'm getting a weird error message regarding our file server when i
dbcheck on my
dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is
the file server also
works fine but I want to clean the database before doing the
upgrade to
version 4.9

dc01:~# samba-tool dbcheck --cross-ncs
Checking 4503 objects
SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID
in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
Please use --fix to fix these errors
Checked 4503 objects (1 errors)

Has any of you seen a error like this before and knows if it's save
remove the entry? Don't want
to remove the fileserver from my ad, as some of my users probably
be ok with that ;)

Thanks in advance!
I'm more interested in how you created that file server, because it
should be really hard to make Samba break this way, unless we got
the dbcheck rule wrong.

As to what --fix does, it doesn't delete the file server, it just
advances the RID set to ensure you don't get a duplicate SID later
in the domain's life.

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT

Hello Andrew,

thanks for your answer.

We're using the sernet samba packages and beside this issue the
installation is running very stable.
After joining the file server
Yes, but how did you join the fileserver ?
Can we see your smb.conf from the fileserver ?


Here's the global config part

fs01:~# net conf list
    workgroup = xx
    realm = xx.xx.xx
    security = ADS
    winbind use default domain = yes
    winbind refresh tickets = yes
    idmap config * : range = 10000 - 19999
    idmap config AD : backend = rid
    idmap config AD : range = 1000000 - 1999999
    inherit acls = yes
    store dos attributes = yes
    vfs objects = acl_xattr
    interfaces = 192.168.x.x
    bind interfaces only = yes


Mit freundlichen Grüßen

Daniel Jordan

Flugplatz Hohn
24806 Hohn

Tel.: + 49 (0) 4335 9202 58
Fax: + 49 (0) 4335 9202 15
d.jordan@xxxxxx <mailto:d.jordan@xxxxxx>

Sitz der Gesellschaft Hohn
Handelsregister Kiel HRB 908 RD
Geschäftsführung: Stefan Müller
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba