Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error




On Thu, 27 Sep 2018 06:29:26 +1200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Wed, 2018-09-26 at 14:47 +0100, Rowland Penny via samba wrote:
> > On Wed, 26 Sep 2018 15:28:42 +0200
> > Daniel Jordan <d.jordan@xxxxxx> wrote:
> > 
> > > 
> > > 
> > > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > > '(objectClass=domain)' objectSid
> > > # record 1
> > > dn: DC=xx,DC=xx,DC=xx
> > > objectSid: S-1-5-21-3258148492-1502286889-3538134041
> > > 
> > > 
> > > 
> > > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > > '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
> > > # record 1
> > > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > rIDAllocationPool: 2100-2599
> > > 
> > > # record 2
> > > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > rIDAllocationPool: 1600-2099
> > Strange, you originally posted this SID-RID:
> > 
> > SID S-1-5-21-3258148492-1502286889-3538134041-1601
> > 
> > For: CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx
> > 
> > The error message said :
> > 
> > conflicts with our current RID set in
> > CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > 
> > Which is '2100-2599', so it does conflict, but it matches
> > '1600-2099' from CN=DC02
> > 
> > Do you have two DC's ?
> > Have you tried transferring the FSMO roles to DC02 ?
> 
> I don't think changing FSMO roles would change what is going on here. 

Never really thought it would do, just trying to draw answers out ;-)

> 
> I suspect a dbcheck bug.

Oh yes.
  
> 
> If it ins't, the typical way to get a bug like this would be to steal
> the RID master between servers, rather than a proper transfer.  The
> facts don't suggest this here, but for others reading this later if
> two servers think they are a RID master, something similar to this
> could happen (but more likely replication will fail with an index
> conflict).
> 
> Rowland and Daniel,
> 
> Thank you so much for chasing up the details here, and replying!  We
> just need one more detail, which is the current rIDNextRID value in
> each of those RID Set objects.
> 
> Then I hope I can play the logic though the code and figure out what
> we got wrong.
> 
> Thanks,
> 
> Andrew Bartlett
> 

If you cannot work it out Daniel, that would be the output of:

ldbsearch -H /var/lib/samba/private/sam.ldb
'(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba