Web lists-archives.com

Re: [Samba] Samba 4.7.9 dbcheck error




On Thu, 27 Sep 2018 20:26:01 +1200
Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Thu, 2018-09-27 at 09:04 +0100, Rowland Penny via samba wrote:
> > On Thu, 27 Sep 2018 07:46:40 +0200
> > Daniel Jordan <d.jordan@xxxxxx> wrote:
> > 
> > 
> > > 
> > > Hello  Andrew and Rowland,
> > > 
> > > here's the ldbsearch output from both domain controllers:
> > > 
> > > 
> > > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > > # record 1
> > > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > rIDNextRID: 1495
> > > 
> > > # record 2
> > > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > rIDNextRID: 0
> > > 
> > > 
> > > dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb 
> > > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > > # record 1
> > > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > 
> > > # record 2
> > > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > > rIDNextRID: 1716
> > > 
> > > 
> > > hope that helps
> > > 
> > > Daniel
> > Well yes an no ;-)
> > 
> > You posted this:
> > 
> > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> > '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
> > # record 1
> > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDAllocationPool: 2100-2599
> > 
> > # record 2
> > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDAllocationPool: 1600-2099
> > 
> > So how has 'rIDNextRID' been set to '1495' on DC01, when the
> > 'rIDAllocationPool' is '2100-2599' ?
> > 
> > How are you creating users etc ?
> 
> Because the attributes a horribly misnnamed!
> 
> From ridalloc.c:
> 
> 
> /*
>   Note: the RID allocation attributes in AD are very badly named. Here
>   is what we think they really do:
> 
>   in RID Set object:
>     - rIDPreviousAllocationPool: the pool which a DC is currently
>       pulling RIDs from. Managed by client DC
> 
>     - rIDAllocationPool: the pool that the DC will switch to next,
>       when rIDPreviousAllocationPool is exhausted. Managed by RID
> Manager.
> 
>     - rIDNextRID: the last RID allocated by this DC. Managed by client
> DC
> 
>   in RID Manager object:
>     - rIDAvailablePool: the pool where the RID Manager gets new rID
>       pools from when it gets a EXOP_RID_ALLOC getncchanges call (or
>       locally when the DC is the RID Manager)
>  */
> 
> Almost none of them do what you would think they do!
> 
> Andrew Bartlett
> 

Should have known, this is a like 'msSFU30MaxUidNumber', which doesn't
hold the maximum uidNumber, it holds the next uidNumber to use.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba