Hi all, I'm having a problems with leaving and joining a client to the domain. I'm using samba-4.1.4 as an AD server. When I join and leave and join and leave after a while this error comes up: Failed to join domain: failed to join domain 'AIIAS' over rpc: NT_STATUS_IO_TIMEOUT And when I look at the logs it says: Failed to re-index objectSid in CN=sambatest,CN=Computers,DC=aiias,DC=edu - ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=sambatest,CN=Computers,DC=aiias,DC=edu - ../l I went to debug the samba server and I discovered that it was having conflicts with the SID of another user. Meaning the newly created dn for the computer is conflicting with an added user. These users where imported using pdbedit -i tdbsam:smbpasswd.tdb -u <user>. How can I avoid this problem? Thank you for your replies. Sincerely, Shem Pasamba
On 2/10/2014 12:16 PM, Shem Pasamba wrote:> I went to debug the samba server and I discovered that it was having > conflicts with the SID of another user. Meaning the newly created dn > for the computer is conflicting with an added user. These users where > imported using pdbedit -i tdbsam:smbpasswd.tdb -u <user>. How can I > avoid this problem?Solved this by editing the rIDAllocationPool: and rIDNextRID: in ldbedit -H ldap://localhost -U administrator to the highest rid that I can find. I can find the highest RID using: ldbsearch -H ldap://localhost -U administrator%password | grep objectSid | cut -d"-" -f8 | sort -n
On Mon, 2014-02-10 at 12:16 +0800, Shem Pasamba wrote:> Hi all, > > I'm having a problems with leaving and joining a client to the domain. > I'm using samba-4.1.4 as an AD server. When I join and leave and join > and leave after a while this error comes up: > > Failed to join domain: failed to join domain 'AIIAS' over rpc: > NT_STATUS_IO_TIMEOUT > > And when I look at the logs it says: > > Failed to re-index objectSid in > CN=sambatest,CN=Computers,DC=aiias,DC=edu - > ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in > CN=sambatest,CN=Computers,DC=aiias,DC=edu - ../l > > I went to debug the samba server and I discovered that it was having > conflicts with the SID of another user. Meaning the newly created dn for > the computer is conflicting with an added user. These users where > imported using pdbedit -i tdbsam:smbpasswd.tdb -u <user>. How can I > avoid this problem?Yeah, don't do that :-) This is one of the many reasons why we have the classicupgrade tool, it ensures there is space below the RID pools to fit the imported users. That said, I think we can and should prevent that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba