[Samba] Error "Failed extended allocation RID pool operation..."
Achim Gottinger
achim at ag-web.biz
Mon Sep 19 17:08:10 UTC 2016
Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba:
> On Mon, 19 Sep 2016 11:57:38 -0400
> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
>
>> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote:
>>> On Mon, 19 Sep 2016 10:42:34 -0400
>>> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
>>>> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
>>>>> No it shouldn't be replicated, the big hint is
>>>>> 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that
>>>>> holds the RID master FSMO role, so I supposed the question is,
>>>>> what does 'samba-tool fsmo show' display for the
>>>>> RidAllocationMasterRole ?
>>> Log into a DC, run 'samba-tool fsmo show' and look at the line that
>>> starts 'RidAllocationmasterRole'
>>> It should show 'CN=NTDS Settings,CN=LARKIN27'
>> [root at larkin28 ~]# samba-tool fsmo show
>> ..
>> RidAllocationMasterRole owner: CN=NTDS
>> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site
>> -Name,CN=Sites,CN=Configuration,DC=micore,DC=us
>> ...
>>
>>>> Try running this on the DC: ldbsearch
>>>> -H/usr/local/samba/private/sa m.ldb '(objectClass=rIDSet)' dn
>>>> rIDNextRID
>>> It should should show the DN's of your DCs followed by the contents
>>> of the 'rIDNextRID' attributes. these should be '0' on all DC's
>>> except the RID master.
>>
>> [root at larkin28 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb
>> '(objectClass=rIDSet)' dn rIDNextRID
>> # record 1
>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
>> # record 2
>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
>> # record 3
>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
>> rIDNextRID: 53611
>> # Referral
>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
>> # returned 6 records
>> # 3 entries
>> # 3 referrals
>>
>>
>> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb
>> '(objectClass=rIDSet)' dn rIDNextRID
>> # record 1
>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
>> # record 2
>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
>> rIDNextRID: 55584
>> # record 3
>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
>> # returned 6 records
>> # 3 entries
>> # 3 referrals
>>
>>
>> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb
>> '(objectClass=rIDSet)' dn rIDNextRID
>> # record 1
>> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
>> # record 2
>> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
>> rIDNextRID: 55584
>> # record 3
>> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
>> # Referral
>> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
>> # returned 6 records
>> # 3 entries
>> # 3 referrals
>>
>>
> OK, on the DC that holds the RID master role:
>
> root at dc1:~# ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=rIDSet)' dn rIDNextRID
> # record 1
> dn: CN=RID Set,CN=MEMBER1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
> rIDNextRID: 0
>
> # record 2
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
> rIDNextRID: 1152
>
> and on my other DC:
>
> root at member1:~# ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=rIDSet)' dn rIDNextRID
> # record 1
> dn: CN=RID Set,CN=MEMBER1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
>
> # record 2
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
>
> So as far as I understanding it, you should only have the 'rIDNextRID'
> attribute on the DC that holds the RID master role. I suggest you run
> 'samba-tool dbcheck' on your DCs
>
> Rowland
>
On my 4.4.5 test environment i also get these results. On an production
domain running server 4.2.13 i get the following results.
1.server with fsmo rid master role: nextRid>0 for the server and
nextRid=0 for all other server.
2. Other servers: nextRid>0 for the (other) server. No nextRid attribute
for the other server.
I have no issues on both environments atm.
More information about the samba
mailing list