[Samba] [PATCH] Allow dbcheck to fix Rid Set records
Andrew Bartlett
abartlet at samba.org
Sun Aug 4 22:52:54 MDT 2013
On Sun, 2013-07-28 at 16:14 +0200, Achim Gottinger wrote:
> Hi,
>
> I updated my two samba DC's from 4.0.3 to serner 4.0.7. Both servers run
> debian wheezy and the add was created at the beginning of the year with
> an classic upgrade to version 4.0.0.
> Recent release notes do not provide information about required upgrade
> tasks. So i ran.
> samba-tool dbcheck --reset-well-known-acls. On the first DC it found a
> few errors about missong members in computer groups whom where fixable
> with samba-tool dbcheck --reset-well-known-acls --fix.
> On my second DC however one issue remains.
>
> >samba-tool dbcheck --reset-well-known-acls
> Checking 336 objects
> Not fixing nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain
> Controllers,DC=domain,DC=local
> Please use --fix to fix these errors
> Checked 336 objects (1 errors)
>
> >samba-tool dbcheck --reset-well-known-acls --fix
> Checking 336 objects
> Fix nTSecurityDescriptor on CN=RID Set,CN=DC1,OU=Domain
> Controllers,DC=domain,DC=local? [y/N/all/none] y
> Failed to fix attribute nTSecurityDescriptor : (65, "objectclass_attrs:
> at least one mandatory attribute ('rIDNextRID') on entry 'CN=RID
> Set,CN=DC1,OU=Domain Controllers,DC=domain,DC=local' wasn't specified!")
> Checked 336 objects (1 errors)
The attached patch should resolve this issue. Let me know if it helps.
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dsdb-Allow-dbcheck-to-modify-objects-missing-require.patch
Type: text/x-patch
Size: 1681 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20130805/3f4041d4/attachment.bin>
More information about the samba
mailing list