[Samba] Samba 4.7.9 dbcheck error
Andrew Bartlett
abartlet at samba.org
Thu Sep 27 08:26:01 UTC 2018
On Thu, 2018-09-27 at 09:04 +0100, Rowland Penny via samba wrote:
> On Thu, 27 Sep 2018 07:46:40 +0200
> Daniel Jordan <d.jordan at gfd.de> wrote:
>
>
> >
> > Hello Andrew and Rowland,
> >
> > here's the ldbsearch output from both domain controllers:
> >
> >
> > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > # record 1
> > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 1495
> >
> > # record 2
> > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 0
> >
> >
> > dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> > '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID
> > # record 1
> > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> >
> > # record 2
> > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> > rIDNextRID: 1716
> >
> >
> > hope that helps
> >
> > Daniel
> Well yes an no ;-)
>
> You posted this:
>
> dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb
> '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool
> # record 1
> dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> rIDAllocationPool: 2100-2599
>
> # record 2
> dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx
> rIDAllocationPool: 1600-2099
>
> So how has 'rIDNextRID' been set to '1495' on DC01, when the
> 'rIDAllocationPool' is '2100-2599' ?
>
> How are you creating users etc ?
Because the attributes a horribly misnnamed!
>From ridalloc.c:
/*
Note: the RID allocation attributes in AD are very badly named. Here
is what we think they really do:
in RID Set object:
- rIDPreviousAllocationPool: the pool which a DC is currently
pulling RIDs from. Managed by client DC
- rIDAllocationPool: the pool that the DC will switch to next,
when rIDPreviousAllocationPool is exhausted. Managed by RID
Manager.
- rIDNextRID: the last RID allocated by this DC. Managed by client
DC
in RID Manager object:
- rIDAvailablePool: the pool where the RID Manager gets new rID
pools from when it gets a EXOP_RID_ALLOC getncchanges call (or
locally when the DC is the RID Manager)
*/
Almost none of them do what you would think they do!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list