[Samba] Error "Failed extended allocation RID pool operation..."

Andrew Bartlett abartlet at samba.org
Fri Sep 23 03:17:12 UTC 2016 

On Mon, 2016-09-19 at 23:46 -0500, Andrew Bartlett via samba wrote:
> On Mon, 2016-09-19 at 09:31 -0400, Adam Tauno Williams via samba
> wrote:
> > 
> > Package: sernet-samba-4.2.14-23.el6.x86_64
> > 
> > These DCs were very recently upgraded from a prior version.
> > 
> > [2016/09/19 09:32:55.168161,  0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> >   Bad SMB2 signature for message of size 202
> > [2016/09/19 09:32:55.168511,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] 77 B3 94 9B 70 78 8B 21   1E 56 D0 78 E1 80 BB
> > 5C   w...px.!
> > .V.x...\
> > [2016/09/19 09:32:55.168716,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] 17 AB 09 20 81 BD 6B FD   5B 12 89 98 6A 79 3B FE   ...
> > ..k.
> > [...jy;.
> > [2016/09/19 09:32:55.189708,  0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> >   Bad SMB2 signature for message of size 208
> > [2016/09/19 09:32:55.189999,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] 26 35 A6 E2 D7 47 17 4D   1A 0A 07 E2 8E B8 5B
> > DC   &5...G.M
> > ......[.
> > [2016/09/19 09:32:55.190219,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] 21 19 4D 88 60 9A D5 4E   46 08 73 B0 A7 A0 22
> > B6   !.M.`..N
> > F.s...".
> > [2016/09/19 09:32:55.208830,  0]
> > ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> >   Bad SMB2 signature for message of size 217
> > [2016/09/19 09:32:55.209092,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] 9F FD 03 E1 61 4B 32 A8   9F 9D 50 DE 25 47 C0
> > AF   ....aK2.
> > ..P.%G..
> > [2016/09/19 09:32:55.209305,  0] ../lib/util/util.c:559(dump_data)
> >   [0000] C8 6B 73 58 EC 59 4E 06   46 26 7E DA D5 DE 4E
> > 8F   .ksX.YN.
> > F&~...N.
> > [2016/09/19 09:33:02.991790,  0]
> > ../source4/rpc_server/drsuapi/getncchanges.c:807(getncchanges_rid_a
> > ll
> > oc
> > )
> >   ../source4/rpc_server/drsuapi/getncchanges.c:807: Failed extended
> > allocation RID pool operation - Failed to modify RID Set object
> > CN=RID
> > Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us -
> > objectclass_attrs: at least one mandatory attribute ('rIDNextRID')
> > on
> > entry 'CN=RID Set,CN=LARKIN28,OU=Domain
> > Controllers,DC=micore,DC=us'
> > wasn't specified!
> > [2016/09/19 09:33:03.814390,  0]
> > ../source4/smb_server/smb2/sesssetup.c:242(smb2srv_cleanup_session_
> > de
> > st
> > ructor)
> 
> To provide some background on this to avoid speculation:
> 
> rIDNextRid is a non-replicated attribute.  However it is also a
> mandatory attribute.  This creates issues, because our code tries to
> enforce the schema, even on 'system' operations, but this confusion
> as
> to if the attribute should always be present causes us pain.
> 
> We just fixed a similar issue here: https://bugzilla.samba.org/show_b
> ug
> .cgi?id=12178
> 
> The issue is that the FSMO master doesn't ever see the ridNextRid
> value, so if you add most of your users on the non-FSMO server, then
> this will happen when the pool needs refreshing. 
> 
> It is too late here for me to safely suggest hacks, but I can think
> of
> workarounds to satisfy the check until we can just remove it
> properly.

My untested thoughts are to set ridNextRid to 0 on the DC holding the
RID master role, so that this check passes.

The correct fix is either to not enforce MUST restrictions on non-
replicated attributes, or not enforce it for unrelated modifications.

I'm still a little confused how this ever worked in the first place,
but we will look into it.  

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list