[Samba] [PATCH] Allow dbcheck to fix Rid Set records

Andrew Bartlett abartlet at samba.org
Sun Aug 4 22:52:54 MDT 2013

On Sun, 2013-07-28 at 16:14 +0200, Achim Gottinger wrote:
> Hi,
> I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run 
> debian wheezy and the add was created at the beginning of the year with 
> an classic upgrade to version 4.0.0.
> Recent release notes do not provide information about required upgrade 
> tasks. So i ran.
> samba-tool dbcheck --reset-well-known-acls. On the first DC it found a 
> few errors about missong members in computer groups whom where fixable 
> with samba-tool dbcheck --reset-well-known-acls --fix.
> On my second DC however one issue remains.
>  >samba-tool dbcheck --reset-well-known-acls
> Checking 336 objects
> Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain 
> Controllers,DC=domain,DC=local
> Please use --fix to fix these errors
> Checked 336 objects (1 errors)
>  >samba-tool dbcheck --reset-well-known-acls --fix
> Checking 336 objects
> Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain 
> Controllers,DC=domain,DC=local? [y/N/all/none] y
> Failed to fix attribute nTSecurityDescriptor : (65, "objectclass_attrs: 
> at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID 
> Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!")
> Checked 336 objects (1 errors)

The attached patch should resolve this issue.  Let me know if it helps.


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Catalyst IT                   http://catalyst.net.nz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dsdb-Allow-dbcheck-to-modify-objects-missing-require.patch
Type: text/x-patch
Size: 1681 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20130805/3f4041d4/attachment.bin>

More information about the samba mailing list