[Samba] Samba 4.7.9 dbcheck error

Rowland Penny rpenny at samba.org
Tue Sep 25 10:37:59 UTC 2018 

On Tue, 25 Sep 2018 12:08:00 +0200
Daniel Jordan <d.jordan at gfd.de> wrote:

> Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
> > On Tue, 25 Sep 2018 11:18:03 +0200
> > Daniel Jordan via samba <samba at lists.samba.org> wrote:
> >
> >>
> >> Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
> >>> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:
> >>>> Hello list,
> >>>>
> >>>> I'm getting a weird error message regarding our file server when
> >>>> i run
> >>>> dbcheck on my
> >>>> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is
> >>>> fine,
> >>>> the file server also
> >>>> works fine but I want to clean the database before doing the
> >>>> upgrade to
> >>>> version 4.9
> >>>>
> >>>> dc01:~# samba-tool dbcheck --cross-ncs
> >>>> Checking 4503 objects
> >>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
> >>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current
> >>>> RID set
> >>>> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> >>>> Please use --fix to fix these errors
> >>>> Checked 4503 objects (1 errors)
> >>>>
> >>>>
> >>>> Has any of you seen a error like this before and knows if it's
> >>>> save to
> >>>> remove the entry? Don't want
> >>>> to remove the fileserver from my ad, as some of my users probably
> >>>> won't
> >>>> be ok with that ;)
> >>>>
> >>>> Thanks in advance!
> >>> I'm more interested in how you created that file server, because
> >>> it should be really hard to make Samba break this way, unless we
> >>> got the dbcheck rule wrong.
> >>>
> >>> As to what --fix does, it doesn't delete the file server, it just
> >>> advances the RID set to ensure you don't get a duplicate SID later
> >>> in the domain's life.
> >>>
> >>> Andrew Bartlett
> >>> -- 
> >>> Andrew Bartlett                       http://samba.org/~abartlet/
> >>> Authentication Developer, Samba Team  http://samba.org
> >>> Samba Developer, Catalyst IT
> >>> http://catalyst.net.nz/services/samba
> >>>
> >>>
> >>>
> >>>
> >> Hello Andrew,
> >>
> >> thanks for your answer.
> >>
> >> We're using the sernet samba packages and beside this issue the
> >> installation is running very stable.
> >> After joining the file server
> > Yes, but how did you join the fileserver ?
> > Can we see your smb.conf from the fileserver ?
> >
> > Rowland
> >
> >
> >
> 
> Here's the global config part
> 
> fs01:~# net conf list
> [global]
>      workgroup = xx
>      realm = xx.xx.xx
>      security = ADS
>      winbind use default domain = yes
>      winbind refresh tickets = yes
>      idmap config * : range = 10000 - 19999
>      idmap config AD : backend = rid
>      idmap config AD : range = 1000000 - 1999999
>      inherit acls = yes
>      store dos attributes = yes
>      vfs objects = acl_xattr
>      interfaces = 192.168.x.x
>      bind interfaces only = yes
> 
> 
> Daniel
> 

There doesn't seem to be anything wrong there, I take it you joined
with something like 'net ads join -U Administrator' ?

Rowland

More information about the samba mailing list