[Samba] unique index violation on objectSid on samba ad
mathias dufresne
infractory at gmail.com
Mon Oct 19 11:54:38 UTC 2015
I tried to understand:
You have 2 DCs, so you have Samba4 acting as AD domain.
You are using VM for your DC.
You moved your DC so their IP and host name changed. These new DCs are
called "cloned DCs".
Now playing with your database on your cloned DC, Samba complains because
it can't index objectSID anymore.
You kept your old DCs. On these DC no issue when playing with the database.
If all that is true, just poweroff cloned DCs and start blank systems to
replace these stopped "cloned DCs". On these systems, install Samba and
join these Samba to your domain (in which you have now only non-cloned DC).
Once you will have one DC on the network where were the cloned-DCs, you can
seize FSMO roles on that DC.
Once the new DC on new network has grabbed FSMO roles you can:
- add new DC to that domain
- remove (demote) old DC, the ones used to cloned.
2015-10-19 12:42 GMT+02:00 Krutskikh Ivan <stein.hak at gmail.com>:
> Hi everyone,
>
> I think, I've done something stupid here. At first I've created 2 lxc
> containers and provisioned one as dc.office.mtt and joined second one to
> the first ad bdc.tsnr.mtt. Then I've cloned those containers several times
> and changed ip adresses and dns names of new containers to different
> subnets. The name of domain stayed the same.
>
> At first everything seemed fine, but when I tried to create a new
> user/machine on dc.tsnr.mtt on cloned container I got
>
> Failed to create user record CN=test1,CN=Users,DC=tsnr,DC=mtt:
> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
> CN=test1,CN=Users,DC=tsnr,DC=mtt - ../lib/ldb/ldb_tdb/ldb_index.c:1148:
> unique index violation on objectSid in CN=test1,CN=Users,DC=tsnr,DC=mtt
> Failed to add entry for user test1.
>
> And the same issue goes for any user or computer name. No such trouble on
> original dc or on any of the bdc's.
> How can I fix this? Please help since the only option I see is to
> re-provision every domain and re-join every computer to it, which is a lot
> of pain.
>
> Thanks in advance!
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list