Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error






Am 26.09.18 um 20:42 schrieb Rowland Penny via samba:
On Thu, 27 Sep 2018 06:29:26 +1200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

On Wed, 2018-09-26 at 14:47 +0100, Rowland Penny via samba wrote:
On Wed, 26 Sep 2018 15:28:42 +0200
Daniel Jordan <d.jordan@xxxxxx> wrote:


dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
'(objectClass=domain)' objectSid
# record 1
dn: DC=xx,DC=xx,DC=xx
objectSid: S-1-5-21-3258148492-1502286889-3538134041



dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
'(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
# record 1
dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDAllocationPool: 2100-2599

# record 2
dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDAllocationPool: 1600-2099
Strange, you originally posted this SID-RID:

SID S-1-5-21-3258148492-1502286889-3538134041-1601

For: CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx

The error message said :

conflicts with our current RID set in
CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx

Which is '2100-2599', so it does conflict, but it matches
'1600-2099' from CN=DC02

Do you have two DC's ?
Have you tried transferring the FSMO roles to DC02 ?
I don't think changing FSMO roles would change what is going on here.
Never really thought it would do, just trying to draw answers out ;-)

I suspect a dbcheck bug.
Oh yes.
If it ins't, the typical way to get a bug like this would be to steal
the RID master between servers, rather than a proper transfer.  The
facts don't suggest this here, but for others reading this later if
two servers think they are a RID master, something similar to this
could happen (but more likely replication will fail with an index
conflict).

Rowland and Daniel,

Thank you so much for chasing up the details here, and replying!  We
just need one more detail, which is the current rIDNextRID value in
each of those RID Set objects.

Then I hope I can play the logic though the code and figure out what
we got wrong.

Thanks,

Andrew Bartlett

If you cannot work it out Daniel, that would be the output of:

ldbsearch -H /var/lib/samba/private/sam.ldb
'(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID

Rowland


Hello  Andrew and Rowland,

here's the ldbsearch output from both domain controllers:


dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
# record 1
dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 1495

# record 2
dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 0




dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
# record 1
dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx

# record 2
dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 1716


hope that helps

Daniel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba