[Samba] Samba 4.7.9 dbcheck error

Daniel Jordan d.jordan at gfd.de
Tue Sep 25 11:12:18 UTC 2018 

Am 25.09.2018 um 12:37 schrieb Rowland Penny via samba:
> On Tue, 25 Sep 2018 12:08:00 +0200
> Daniel Jordan <d.jordan at gfd.de> wrote:
>
>> Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
>>> On Tue, 25 Sep 2018 11:18:03 +0200
>>> Daniel Jordan via samba <samba at lists.samba.org> wrote:
>>>
>>>> Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
>>>>> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:
>>>>>> Hello list,
>>>>>>
>>>>>> I'm getting a weird error message regarding our file server when
>>>>>> i run
>>>>>> dbcheck on my
>>>>>> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is
>>>>>> fine,
>>>>>> the file server also
>>>>>> works fine but I want to clean the database before doing the
>>>>>> upgrade to
>>>>>> version 4.9
>>>>>>
>>>>>> dc01:~# samba-tool dbcheck --cross-ncs
>>>>>> Checking 4503 objects
>>>>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
>>>>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current
>>>>>> RID set
>>>>>> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
>>>>>> Please use --fix to fix these errors
>>>>>> Checked 4503 objects (1 errors)
>>>>>>
>>>>>>
>>>>>> Has any of you seen a error like this before and knows if it's
>>>>>> save to
>>>>>> remove the entry? Don't want
>>>>>> to remove the fileserver from my ad, as some of my users probably
>>>>>> won't
>>>>>> be ok with that ;)
>>>>>>
>>>>>> Thanks in advance!
>>>>> I'm more interested in how you created that file server, because
>>>>> it should be really hard to make Samba break this way, unless we
>>>>> got the dbcheck rule wrong.
>>>>>
>>>>> As to what --fix does, it doesn't delete the file server, it just
>>>>> advances the RID set to ensure you don't get a duplicate SID later
>>>>> in the domain's life.
>>>>>
>>>>> Andrew Bartlett
>>>>> -- 
>>>>> Andrew Bartlett                       http://samba.org/~abartlet/
>>>>> Authentication Developer, Samba Team  http://samba.org
>>>>> Samba Developer, Catalyst IT
>>>>> http://catalyst.net.nz/services/samba
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Hello Andrew,
>>>>
>>>> thanks for your answer.
>>>>
>>>> We're using the sernet samba packages and beside this issue the
>>>> installation is running very stable.
>>>> After joining the file server
>>> Yes, but how did you join the fileserver ?
>>> Can we see your smb.conf from the fileserver ?
>>>
>>> Rowland
>>>
>>>
>>>
>> Here's the global config part
>>
>> fs01:~# net conf list
>> [global]
>>       workgroup = xx
>>       realm = xx.xx.xx
>>       security = ADS
>>       winbind use default domain = yes
>>       winbind refresh tickets = yes
>>       idmap config * : range = 10000 - 19999
>>       idmap config AD : backend = rid
>>       idmap config AD : range = 1000000 - 1999999
>>       inherit acls = yes
>>       store dos attributes = yes
>>       vfs objects = acl_xattr
>>       interfaces = 192.168.x.x
>>       bind interfaces only = yes
>>
>>
>> Daniel
>>
> There doesn't seem to be anything wrong there, I take it you joined
> with something like 'net ads join -U Administrator' ?
>
> Rowland
>
Sorry, forgot that.
I followed the guide in Stefan Kania's Samba 4 book and used the the 
"net ads join" command.

Daniel

-- 
Mit freundlichen Grüßen

Daniel Jordan
IT-Administration

GFD GmbH
Flugplatz Hohn
24806 Hohn

Tel.: + 49 (0) 4335 9202 58
Fax: + 49 (0) 4335 9202 15
d.jordan at gfd.de <mailto:d.jordan at gfd.de>
www.gfd.de

Sitz der Gesellschaft Hohn
Handelsregister Kiel HRB 908 RD
Geschäftsführung: Stefan Müller

More information about the samba mailing list