[Samba] Conflicting objectSid
Andrew Bartlett
abartlet at samba.org
Mon Feb 10 13:16:47 MST 2014
On Mon, 2014-02-10 at 12:16 +0800, Shem Pasamba wrote:
> Hi all,
>
> I'm having a problems with leaving and joining a client to the domain.
> I'm using samba-4.1.4 as an AD server. When I join and leave and join
> and leave after a while this error comes up:
>
> Failed to join domain: failed to join domain 'AIIAS' over rpc:
> NT_STATUS_IO_TIMEOUT
>
> And when I look at the logs it says:
>
> Failed to re-index objectSid in
> CN=sambatest,CN=Computers,DC=aiias,DC=edu -
> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
> CN=sambatest,CN=Computers,DC=aiias,DC=edu - ../l
>
> I went to debug the samba server and I discovered that it was having
> conflicts with the SID of another user. Meaning the newly created dn for
> the computer is conflicting with an added user. These users where
> imported using pdbedit -i tdbsam:smbpasswd.tdb -u <user>. How can I
> avoid this problem?
Yeah, don't do that :-)
This is one of the many reasons why we have the classicupgrade tool, it
ensures there is space below the RID pools to fit the imported users.
That said, I think we can and should prevent that.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list