[Samba] Duplicate ObjectSid values

Andrew Bartlett abartlet at samba.org
Mon May 16 19:21:25 UTC 2016

On Mon, 2016-05-16 at 16:41 +0100, ash-samba at comtek.co.uk wrote:
> > > Andrew Bartlett
> > I haven't actually got ldbdump on the machine, and I can't see it
> > in 
> > the Debian packages. That said, I do appear to be able to add DNS 
> > records now, so I'm assuming it was the index. If you particularly 
> > want me to find out then I'll try to get a dump, but as long as its
> > working I'm happy to leave it be!
> > 
> > Ash
> Well, I will try to obtain that ldbdump
> samba-tool dbcheck --reindex doesn't seem to have entirely worked.
> While 
> we can add DNS records we can't add users. For example:
>  > /usr/bin/samba-tool user add test.user --uid=test.user 
> --random-password --uid-number=10226 --surname=user --given-name=test
> --job-title=Storekeeper --department=Repairs 
> --mail-address=test.user at example.com --telephone-number=01244123456 
> --gid-number=513
>  > ERROR(ldb): Failed to add user 'test.user':  - 
> ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test 
> user,CN=Users,DC=chester-dc,DC=example,DC=com - 
> ../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in 
> CN=test user,CN=Users,DC=chester-dc,DC=example,DC=com


This is a serious situation.  What it means is that the nextRid value for that DC points at a user account that already exists, so when we go to create it, the create fails.

That, and the other issue, suggests you have had some serious DB corruption, and this may not be the only issues.  Does a full dbcheck pass? (Not just the reindex).

Is there another DC that still works, that you can replicate from? (but you suggested other issues I think).

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list