[Samba] Samba 4.7.9 dbcheck error

Daniel Jordan d.jordan at gfd.de
Tue Sep 25 10:08:00 UTC 2018 

Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
> On Tue, 25 Sep 2018 11:18:03 +0200
> Daniel Jordan via samba <samba at lists.samba.org> wrote:
>
>>
>> Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
>>> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:
>>>> Hello list,
>>>>
>>>> I'm getting a weird error message regarding our file server when i
>>>> run
>>>> dbcheck on my
>>>> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is
>>>> fine,
>>>> the file server also
>>>> works fine but I want to clean the database before doing the
>>>> upgrade to
>>>> version 4.9
>>>>
>>>> dc01:~# samba-tool dbcheck --cross-ncs
>>>> Checking 4503 objects
>>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
>>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID
>>>> set
>>>> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
>>>> Please use --fix to fix these errors
>>>> Checked 4503 objects (1 errors)
>>>>
>>>>
>>>> Has any of you seen a error like this before and knows if it's save
>>>> to
>>>> remove the entry? Don't want
>>>> to remove the fileserver from my ad, as some of my users probably
>>>> won't
>>>> be ok with that ;)
>>>>
>>>> Thanks in advance!
>>> I'm more interested in how you created that file server, because it
>>> should be really hard to make Samba break this way, unless we got
>>> the dbcheck rule wrong.
>>>
>>> As to what --fix does, it doesn't delete the file server, it just
>>> advances the RID set to ensure you don't get a duplicate SID later
>>> in the domain's life.
>>>
>>> Andrew Bartlett
>>> -- 
>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team  http://samba.org
>>> Samba Developer, Catalyst IT
>>> http://catalyst.net.nz/services/samba
>>>
>>>
>>>
>>>
>> Hello Andrew,
>>
>> thanks for your answer.
>>
>> We're using the sernet samba packages and beside this issue the
>> installation is running very stable.
>> After joining the file server
> Yes, but how did you join the fileserver ?
> Can we see your smb.conf from the fileserver ?
>
> Rowland
>
>
>

Here's the global config part

fs01:~# net conf list
[global]
     workgroup = xx
     realm = xx.xx.xx
     security = ADS
     winbind use default domain = yes
     winbind refresh tickets = yes
     idmap config * : range = 10000 - 19999
     idmap config AD : backend = rid
     idmap config AD : range = 1000000 - 1999999
     inherit acls = yes
     store dos attributes = yes
     vfs objects = acl_xattr
     interfaces = 192.168.x.x
     bind interfaces only = yes


Daniel

-- 
Mit freundlichen Grüßen

Daniel Jordan
IT-Administration

GFD GmbH
Flugplatz Hohn
24806 Hohn

Tel.: + 49 (0) 4335 9202 58
Fax: + 49 (0) 4335 9202 15
d.jordan at gfd.de <mailto:d.jordan at gfd.de>
www.gfd.de

Sitz der Gesellschaft Hohn
Handelsregister Kiel HRB 908 RD
Geschäftsführung: Stefan Müller

More information about the samba mailing list