Rowland Penny
2016-Sep-19 14:15 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
On Mon, 19 Sep 2016 09:56:16 -0400 Adam Tauno Williams via samba <samba at lists.samba.org> wrote:> On Mon, 2016-09-19 at 09:31 -0400, Adam Tauno Williams via samba > wrote: > > Package: sernet-samba-4.2.14-23.el6.x86_64 > > These DCs were very recently upgraded from a prior version. > > [2016/09/19 09:32:55.168161, 0] > > ../source4/libcli/smb2/signing.c:116(smb2_check_signature) > > Bad SMB2 signature for message of size 202 > > ../source4/rpc_server/drsuapi/getncchanges.c:807: Failed extended > > allocation RID pool operation - Failed to modify RID Set object > > CN=RID > > Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us - > > objectclass_attrs: at least one mandatory attribute ('rIDNextRID') > > on entry 'CN=RID Set,CN=DC3,OU=Domain Controllers,DC=example,DC=us' > > wasn't specified! > > [2016/09/19 09:33:03.814390, 0] > > ../source4/smb_server/smb2/sesssetup.c:242(smb2srv_cleanup_session_de > > structor) > > Verified that the rIDNextRID attribute only has an ID on one of the > DC's. My understanding is that this is correct; should Samba not be > attempting to replicate this attribute? > > Checked > CN=RID Set,CN=DC3,OU=Domain Controllers,DC=example,DC=us > CN=RID Set,CN=DC2,OU=Domain Controllers,DC=example,DC=us > CN=RID Set,CN=DC1,OU=Domain Controllers,DC=example,DC=us > > <https://msdn.microsoft.com/en-us/library/cc220818.aspx> > cn: RID-Next-RID > ldapDisplayName: rIDNextRID > attributeId: 1.2.840.113556.1.4.374 > attributeSyntax: 2.5.5.9 > omSyntax: 2 > isSingleValued: TRUE > schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9 > systemOnly: TRUE > searchFlags: 0 > systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED > schemaFlagsEx: FLAG_ATTR_IS_CRITICAL > >No it shouldn't be replicated, the big hint is 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that holds the RID master FSMO role, so I supposed the question is, what does 'samba-tool fsmo show' display for the RidAllocationMasterRole ? Rowland
Adam Tauno Williams
2016-Sep-19 14:42 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:> No it shouldn't be replicated, the big hint is > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that holds > the > RID master FSMO role, so I supposed the question is, what does > 'samba-tool fsmo show' display for the RidAllocationMasterRole ?Huh. Under ADSI Edit I only see the value for the DC I am corrected to [and not the other two]. That seems correct??? I have three DCs: LARKIN26, LARKIN27, LARKIN28. LARKIN27 holds all the FSMO roles. Should I unset the value connected to the other two DCs? -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA
Rowland Penny
2016-Sep-19 15:15 UTC
[Samba] Error "Failed extended allocation RID pool operation..."
On Mon, 19 Sep 2016 10:42:34 -0400 Adam Tauno Williams via samba <samba at lists.samba.org> wrote:> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote: > > No it shouldn't be replicated, the big hint is > > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that holds > > the > > RID master FSMO role, so I supposed the question is, what does > > 'samba-tool fsmo show' display for the RidAllocationMasterRole ? > > > Huh.Log into a DC, run 'samba-tool fsmo show' and look at the line that starts 'RidAllocationmasterRole' It should show 'CN=NTDS Settings,CN=LARKIN27'> > Under ADSI Edit I only see the value for the DC I am corrected to [and > not the other two]. That seems correct???Try running this on the DC: ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=rIDSet)' dn rIDNextRID Replace the path to 'sam.ldb' with the path to your sam.ldb. It should should show the DN's of your DCs followed by the contents of the 'rIDNextRID' attributes. these should be '0' on all DC's except the RID master. Rowland> > I have three DCs: LARKIN26, LARKIN27, LARKIN28. LARKIN27 holds all > the FSMO roles. > > Should I unset the value connected to the other two DCs? >
Reasonably Related Threads
- Error "Failed extended allocation RID pool operation..."
- Error "Failed extended allocation RID pool operation..."
- Error "Failed extended allocation RID pool operation..."
- Error "Failed extended allocation RID pool operation..."
- Error "Failed extended allocation RID pool operation..."