[Samba] Samba 4.7.9 dbcheck error
Daniel Jordan
d.jordan at gfd.de
Thu Sep 27 05:46:40 UTC 2018
Am 26.09.18 um 20:42 schrieb Rowland Penny via samba:
> On Thu, 27 Sep 2018 06:29:26 +1200
> Andrew Bartlett <abartlet at samba.org> wrote:
>
>> On Wed, 2018-09-26 at 14:47 +0100, Rowland Penny via samba wrote:
>>> On Wed, 26 Sep 2018 15:28:42 +0200
>>> Daniel Jordan <d.jordan at gfd.de> wrote:
>>>
>>>>
>>>> dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
>>>> '(objectClass=domain)' objectSid
>>>> # record 1
>>>> dn: DC=xx,DC=xx,DC=xx
>>>> objectSid: S-1-5-21-3258148492-1502286889-3538134041
>>>>
>>>>
>>>>
>>>> dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
>>>> '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
>>>> # record 1
>>>> dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
>>>> rIDAllocationPool: 2100-2599
>>>>
>>>> # record 2
>>>> dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
>>>> rIDAllocationPool: 1600-2099
>>> Strange, you originally posted this SID-RID:
>>>
>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601
>>>
>>> For: CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx
>>>
>>> The error message said :
>>>
>>> conflicts with our current RID set in
>>> CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
>>>
>>> Which is '2100-2599', so it does conflict, but it matches
>>> '1600-2099' from CN=DC02
>>>
>>> Do you have two DC's ?
>>> Have you tried transferring the FSMO roles to DC02 ?
>> I don't think changing FSMO roles would change what is going on here.
> Never really thought it would do, just trying to draw answers out ;-)
>
>> I suspect a dbcheck bug.
> Oh yes.
>
>> If it ins't, the typical way to get a bug like this would be to steal
>> the RID master between servers, rather than a proper transfer. The
>> facts don't suggest this here, but for others reading this later if
>> two servers think they are a RID master, something similar to this
>> could happen (but more likely replication will fail with an index
>> conflict).
>>
>> Rowland and Daniel,
>>
>> Thank you so much for chasing up the details here, and replying! We
>> just need one more detail, which is the current rIDNextRID value in
>> each of those RID Set objects.
>>
>> Then I hope I can play the logic though the code and figure out what
>> we got wrong.
>>
>> Thanks,
>>
>> Andrew Bartlett
>>
> If you cannot work it out Daniel, that would be the output of:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb
> '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
>
> Rowland
>
Hello Andrew and Rowland,
here's the ldbsearch output from both domain controllers:
dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
'(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
# record 1
dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 1495
# record 2
dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 0
dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb
'(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
# record 1
dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
# record 2
dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
rIDNextRID: 1716
hope that helps
Daniel
More information about the samba
mailing list