[Samba] Error "Failed extended allocation RID pool operation..."

Andrew Bartlett abartlet at samba.org
Tue Sep 20 04:46:24 UTC 2016 

On Mon, 2016-09-19 at 09:31 -0400, Adam Tauno Williams via samba wrote:
> Package: sernet-samba-4.2.14-23.el6.x86_64
> 
> These DCs were very recently upgraded from a prior version.
> 
> [2016/09/19 09:32:55.168161,  0]
> ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
>   Bad SMB2 signature for message of size 202
> [2016/09/19 09:32:55.168511,  0] ../lib/util/util.c:559(dump_data)
>   [0000] 77 B3 94 9B 70 78 8B 21   1E 56 D0 78 E1 80 BB 5C   w...px.!
> .V.x...\
> [2016/09/19 09:32:55.168716,  0] ../lib/util/util.c:559(dump_data)
>   [0000] 17 AB 09 20 81 BD 6B FD   5B 12 89 98 6A 79 3B FE   ... ..k.
> [...jy;.
> [2016/09/19 09:32:55.189708,  0]
> ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
>   Bad SMB2 signature for message of size 208
> [2016/09/19 09:32:55.189999,  0] ../lib/util/util.c:559(dump_data)
>   [0000] 26 35 A6 E2 D7 47 17 4D   1A 0A 07 E2 8E B8 5B DC   &5...G.M
> ......[.
> [2016/09/19 09:32:55.190219,  0] ../lib/util/util.c:559(dump_data)
>   [0000] 21 19 4D 88 60 9A D5 4E   46 08 73 B0 A7 A0 22 B6   !.M.`..N
> F.s...".
> [2016/09/19 09:32:55.208830,  0]
> ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
>   Bad SMB2 signature for message of size 217
> [2016/09/19 09:32:55.209092,  0] ../lib/util/util.c:559(dump_data)
>   [0000] 9F FD 03 E1 61 4B 32 A8   9F 9D 50 DE 25 47 C0 AF   ....aK2.
> ..P.%G..
> [2016/09/19 09:32:55.209305,  0] ../lib/util/util.c:559(dump_data)
>   [0000] C8 6B 73 58 EC 59 4E 06   46 26 7E DA D5 DE 4E 8F   .ksX.YN.
> F&~...N.
> [2016/09/19 09:33:02.991790,  0]
> ../source4/rpc_server/drsuapi/getncchanges.c:807(getncchanges_rid_all
> oc
> )
>   ../source4/rpc_server/drsuapi/getncchanges.c:807: Failed extended
> allocation RID pool operation - Failed to modify RID Set object
> CN=RID
> Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us -
> objectclass_attrs: at least one mandatory attribute ('rIDNextRID') on
> entry 'CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us'
> wasn't specified!
> [2016/09/19 09:33:03.814390,  0]
> ../source4/smb_server/smb2/sesssetup.c:242(smb2srv_cleanup_session_de
> st
> ructor)

To provide some background on this to avoid speculation:

rIDNextRid is a non-replicated attribute.  However it is also a
mandatory attribute.  This creates issues, because our code tries to
enforce the schema, even on 'system' operations, but this confusion as
to if the attribute should always be present causes us pain.

We just fixed a similar issue here: https://bugzilla.samba.org/show_bug
.cgi?id=12178

The issue is that the FSMO master doesn't ever see the ridNextRid
value, so if you add most of your users on the non-FSMO server, then
this will happen when the pool needs refreshing. 

It is too late here for me to safely suggest hacks, but I can think of
workarounds to satisfy the check until we can just remove it properly.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list