[Samba] Error "Failed extended allocation RID pool operation..."
Andrew Bartlett
abartlet at samba.org
Fri Sep 23 03:17:12 UTC 2016
On Mon, 2016-09-19 at 23:46 -0500, Andrew Bartlett via samba wrote:
> On Mon, 2016-09-19 at 09:31 -0400, Adam Tauno Williams via samba
> wrote:
> >
> > Package: sernet-samba-4.2.14-23.el6.x86_64
> >
> > These DCs were very recently upgraded from a prior version.
> >
> > [2016/09/19 09:32:55.168161, 0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> > Bad SMB2 signature for message of size 202
> > [2016/09/19 09:32:55.168511, 0] ../lib/util/util.c:559(dump_data)
> > [0000] 77 B3 94 9B 70 78 8B 21 1E 56 D0 78 E1 80 BB
> > 5C w...px.!
> > .V.x...\
> > [2016/09/19 09:32:55.168716, 0] ../lib/util/util.c:559(dump_data)
> > [0000] 17 AB 09 20 81 BD 6B FD 5B 12 89 98 6A 79 3B FE ...
> > ..k.
> > [...jy;.
> > [2016/09/19 09:32:55.189708, 0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> > Bad SMB2 signature for message of size 208
> > [2016/09/19 09:32:55.189999, 0] ../lib/util/util.c:559(dump_data)
> > [0000] 26 35 A6 E2 D7 47 17 4D 1A 0A 07 E2 8E B8 5B
> > DC &5...G.M
> > ......[.
> > [2016/09/19 09:32:55.190219, 0] ../lib/util/util.c:559(dump_data)
> > [0000] 21 19 4D 88 60 9A D5 4E 46 08 73 B0 A7 A0 22
> > B6 !.M.`..N
> > F.s...".
> > [2016/09/19 09:32:55.208830, 0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> > Bad SMB2 signature for message of size 217
> > [2016/09/19 09:32:55.209092, 0] ../lib/util/util.c:559(dump_data)
> > [0000] 9F FD 03 E1 61 4B 32 A8 9F 9D 50 DE 25 47 C0
> > AF ....aK2.
> > ..P.%G..
> > [2016/09/19 09:32:55.209305, 0] ../lib/util/util.c:559(dump_data)
> > [0000] C8 6B 73 58 EC 59 4E 06 46 26 7E DA D5 DE 4E
> > 8F .ksX.YN.
> > F&~...N.
> > [2016/09/19 09:33:02.991790, 0]
> > ../source4/rpc_server/drsuapi/getncchanges.c:807(getncchanges_rid_a
> > ll
> > oc
> > )
> > ../source4/rpc_server/drsuapi/getncchanges.c:807: Failed extended
> > allocation RID pool operation - Failed to modify RID Set object
> > CN=RID
> > Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us -
> > objectclass_attrs: at least one mandatory attribute ('rIDNextRID')
> > on
> > entry 'CN=RID Set,CN=LARKIN28,OU=Domain
> > Controllers,DC=micore,DC=us'
> > wasn't specified!
> > [2016/09/19 09:33:03.814390, 0]
> > ../source4/smb_server/smb2/sesssetup.c:242(smb2srv_cleanup_session_
> > de
> > st
> > ructor)
>
> To provide some background on this to avoid speculation:
>
> rIDNextRid is a non-replicated attribute. However it is also a
> mandatory attribute. This creates issues, because our code tries to
> enforce the schema, even on 'system' operations, but this confusion
> as
> to if the attribute should always be present causes us pain.
>
> We just fixed a similar issue here: https://bugzilla.samba.org/show_b
> ug
> .cgi?id=12178
>
> The issue is that the FSMO master doesn't ever see the ridNextRid
> value, so if you add most of your users on the non-FSMO server, then
> this will happen when the pool needs refreshing.
>
> It is too late here for me to safely suggest hacks, but I can think
> of
> workarounds to satisfy the check until we can just remove it
> properly.
My untested thoughts are to set ridNextRid to 0 on the DC holding the
RID master role, so that this check passes.
The correct fix is either to not enforce MUST restrictions on non-
replicated attributes, or not enforce it for unrelated modifications.
I'm still a little confused how this ever worked in the first place,
but we will look into it.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list