[Samba] Duplicate ObjectSid values
ash-samba at comtek.co.uk
ash-samba at comtek.co.uk
Tue May 17 11:11:52 UTC 2016
> G'Day,
>
> This is a serious situation. What it means is that the nextRid value for that DC points at a user account that already exists, so when we go to create it, the create fails.
I've just looked at the LDAP output, and nextRid is 1000 for both dn:
CN=Builtin,DC=chester-dc,etc and for dn: DC=chester-dc,etc
The most recent successful new user (that I'm aware of) is objectSid:
S-1-5-21-2702589905-558746101-3641499263-2825
I can't see any objectSid entries which end in 1000 though. The lowest
one we have is S-1-5-21-2702589905-558746101-3641499263-1101
> That, and the other issue, suggests you have had some serious DB corruption, and this may not be the only issues. Does a full dbcheck pass? (Not just the reindex).
dbcheck works on empire.
> Is there another DC that still works, that you can replicate from? (but you suggested other issues I think).
We can successfully "/usr/bin/samba-tool user add" with alaska (a
machine located on another continent, with a quite unreliable link!),
and that gives us an account with
S-1-5-21-2702589905-558746101-3641499263-7125 on -both- alaska and
empire, so there is clearly some amount of working replication.
Confusingly, after doing this nextRid is still 1000 on both machines.
Creating a new local DC (and decommissioning empire) would be a good
solution for us. I can add a new DC (v-ward) by specifying
--server=alaska.chester-dc, and I get no errors in the process. The
samba process on v-ward isn't working, though. I'm still trying to debug
this (currently it isn't even listening to port 389).
More information about the samba
mailing list