Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error




On Thu, 2018-09-27 at 09:04 +0100, Rowland Penny via samba wrote:
> On Thu, 27 Sep 2018 07:46:40 +0200
> Daniel Jordan <d.jordan@xxxxxx> wrote:
> 
> 
> > 
> > Hello  Andrew and Rowland,
> > 
> > here's the ldbsearch output from both domain controllers:
> > 
> > 
> > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > # record 1
> > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 1495
> > 
> > # record 2
> > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 0
> > 
> > 
> > dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > # record 1
> > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > 
> > # record 2
> > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 1716
> > 
> > 
> > hope that helps
> > 
> > Daniel
> Well yes an no ;-)
> 
> You posted this:
> 
> dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
> # record 1
> dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> rIDAllocationPool: 2100-2599
> 
> # record 2
> dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> rIDAllocationPool: 1600-2099
> 
> So how has 'rIDNextRID' been set to '1495' on DC01, when the
> 'rIDAllocationPool' is '2100-2599' ?
> 
> How are you creating users etc ?

Because the attributes a horribly misnnamed!

>From ridalloc.c:


/*
  Note: the RID allocation attributes in AD are very badly named. Here
  is what we think they really do:

  in RID Set object:
    - rIDPreviousAllocationPool: the pool which a DC is currently
      pulling RIDs from. Managed by client DC

    - rIDAllocationPool: the pool that the DC will switch to next,
      when rIDPreviousAllocationPool is exhausted. Managed by RID
Manager.

    - rIDNextRID: the last RID allocated by this DC. Managed by client
DC

  in RID Manager object:
    - rIDAvailablePool: the pool where the RID Manager gets new rID
      pools from when it gets a EXOP_RID_ALLOC getncchanges call (or
      locally when the DC is the RID Manager)
 */

Almost none of them do what you would think they do!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba