[Samba] Duplicate ObjectSid values
abartlet at samba.org
Mon May 16 19:21:25 UTC 2016
On Mon, 2016-05-16 at 16:41 +0100, ash-samba at comtek.co.uk wrote:
> > > Andrew Bartlett
> > I haven't actually got ldbdump on the machine, and I can't see it
> > in
> > the Debian packages. That said, I do appear to be able to add DNS
> > records now, so I'm assuming it was the index. If you particularly
> > want me to find out then I'll try to get a dump, but as long as its
> > working I'm happy to leave it be!
> > Ash
> Well, I will try to obtain that ldbdump
> samba-tool dbcheck --reindex doesn't seem to have entirely worked.
> we can add DNS records we can't add users. For example:
> > /usr/bin/samba-tool user add test.user --uid=test.user
> --random-password --uid-number=10226 --surname=user --given-name=test
> --job-title=Storekeeper --department=Repairs
> --mail-address=test.user at example.com --telephone-number=01244123456
> > ERROR(ldb): Failed to add user 'test.user': -
> ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=test
> user,CN=Users,DC=chester-dc,DC=example,DC=com -
> ../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
> CN=test user,CN=Users,DC=chester-dc,DC=example,DC=com
This is a serious situation. What it means is that the nextRid value for that DC points at a user account that already exists, so when we go to create it, the create fails.
That, and the other issue, suggests you have had some serious DB corruption, and this may not be the only issues. Does a full dbcheck pass? (Not just the reindex).
Is there another DC that still works, that you can replicate from? (but you suggested other issues I think).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba