Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error

Am 25.09.2018 um 12:37 schrieb Rowland Penny via samba:
On Tue, 25 Sep 2018 12:08:00 +0200
Daniel Jordan <d.jordan@xxxxxx> wrote:

Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
On Tue, 25 Sep 2018 11:18:03 +0200
Daniel Jordan via samba <samba@xxxxxxxxxxxxxxx> wrote:

Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:
Hello list,

I'm getting a weird error message regarding our file server when
i run
dbcheck on my
dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is
the file server also
works fine but I want to clean the database before doing the
upgrade to
version 4.9

dc01:~# samba-tool dbcheck --cross-ncs
Checking 4503 objects
SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current
RID set
in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
Please use --fix to fix these errors
Checked 4503 objects (1 errors)

Has any of you seen a error like this before and knows if it's
save to
remove the entry? Don't want
to remove the fileserver from my ad, as some of my users probably
be ok with that ;)

Thanks in advance!
I'm more interested in how you created that file server, because
it should be really hard to make Samba break this way, unless we
got the dbcheck rule wrong.

As to what --fix does, it doesn't delete the file server, it just
advances the RID set to ensure you don't get a duplicate SID later
in the domain's life.

Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT

Hello Andrew,

thanks for your answer.

We're using the sernet samba packages and beside this issue the
installation is running very stable.
After joining the file server
Yes, but how did you join the fileserver ?
Can we see your smb.conf from the fileserver ?


Here's the global config part

fs01:~# net conf list
      workgroup = xx
      realm = xx.xx.xx
      security = ADS
      winbind use default domain = yes
      winbind refresh tickets = yes
      idmap config * : range = 10000 - 19999
      idmap config AD : backend = rid
      idmap config AD : range = 1000000 - 1999999
      inherit acls = yes
      store dos attributes = yes
      vfs objects = acl_xattr
      interfaces = 192.168.x.x
      bind interfaces only = yes


There doesn't seem to be anything wrong there, I take it you joined
with something like 'net ads join -U Administrator' ?


Sorry, forgot that.
I followed the guide in Stefan Kania's Samba 4 book and used the the "net ads join" command.


Mit freundlichen Grüßen

Daniel Jordan

Flugplatz Hohn
24806 Hohn

Tel.: + 49 (0) 4335 9202 58
Fax: + 49 (0) 4335 9202 15
d.jordan@xxxxxx <mailto:d.jordan@xxxxxx>

Sitz der Gesellschaft Hohn
Handelsregister Kiel HRB 908 RD
Geschäftsführung: Stefan Müller
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba