user unable to create a user in a replicated from w2k3 server

Matthieu Patou mat at samba.org
Mon Jul 5 15:32:55 MDT 2010


  Hello tridge, Andrew, Metze,

I was with plaerzen on IRC, he managed to update his w2k server to w2k3 
and then made s4 vampire it.

He is now unable to create user on the S4 server.

A level 10 log is here:

http://pastebin.com/Werib9g9

I made some analysis my conclusion is that he has this pb: msg: 
../dsdb/samdb/ldb_modules/ridalloc.c:450: No RID Set DN - Remote RID Set 
allocation needs refresh.

Then we created a sample ldif file to create more easily the user from 
command line :

ldbmodify -H ldap://s4ldap /tmp/t.ldif -k 1

We get:
ERR: (Unwilling to perform) "LDAP error 53 LDAP_UNWILLING_TO_PERFORM - 
<00002035: Unwilling to perform - 
../dsdb/samdb/ldb_modules/ridalloc.c:450:  No RID Set DN - Remote RID 
Set allocation needs refresh> <>" on DN CN=testsix,CN=Users,DC=....


The same command against the w2k3 dc works ...

I put more trace and came to the conclusion that this line is failing 
"if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) {"

Indeed we have this:

ntds: CN=NTDS 
Settings,CN=DEV-TEADC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com 


fsmo: CN=NTDS Settings,CN=DEV-TEDC3,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=winteal,DC=tundraeng,DC=com


So clearly the DN are different ....  to my mind the test is not good as 
globably the samdb_ntds_settings_dn is a search for dsServiceName on the 
rootdse and it seems that for each server it returns only the ntds of 
this server, so the test is likely to work only on the server which is 
rid master.

At this point I reached the limit of my knowledge but maybe one of you 
can help cam.

Cheers Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org



More information about the samba-technical mailing list