Hello, I've set up 2 DCs. The first as been set up using the command: samba-tool domain provision ? The second, using the command: samba-tool domain join <realm> DC? As far as command return status say the commands went well. Using only the first DC, I can add windows client to the domain, I can manage users, everything seems to be ok. When adding the second DC, users database is correctly replicated from the first to the second DC. Troubles come into the place when I try to create a user on the 2nd DC, I get the following error message: samba-tool user create usr1 usr1 ERROR(ldb): Failed to add user 'usr1': - ../source4/dsdb/samdb/ldb_modules/ridalloc.c:547: No RID Set DN - Remote RID Set creation needed More over, new users created on the first DC are never synced to the second one. I've tested different things found in the ml and the wiki without luck, so I'm coming back to you. Please, feel free to ask if you need more information to help me. Regards, -- - no title specified Jean-Fran?ois
Hello Jean-Fran?ois, Am 04.02.2015 um 17:51 schrieb Jean-Fran?ois Morcillo:> Troubles come into the place when I try to create a user on the 2nd DC, > I get the following error message: > samba-tool user create usr1 usr1 > ERROR(ldb): Failed to add user 'usr1': - > ../source4/dsdb/samdb/ldb_modules/ridalloc.c:547: No RID Set DN - Remote > RID Set creation neededThis sounds like your DC, didn't got an RID pool assigned from the RID master. See https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#RID_Master for details. If you just have two DCs in your domain, then the first one has this role, if you haven't transfered. Did you had more DCs in the past and maybe haven't demoted correctly and the AD still thinks one of the missing DCs is RID master? Please check, which DC owns the RID master role: # samba-tool fsmo show> More over, new users created on the first DC are never synced to the > second one.Does your replication works in both direction? Check with # samba-tool drs showrepl Regards, Marc
Le 06/02/2015 17:49, Marc Muehlfeld a ?crit :> Hello Jean-Fran?ois, > > Am 04.02.2015 um 17:51 schrieb Jean-Fran?ois Morcillo: >> Troubles come into the place when I try to create a user on the 2nd DC, >> I get the following error message: >> samba-tool user create usr1 usr1 >> ERROR(ldb): Failed to add user 'usr1': - >> ../source4/dsdb/samdb/ldb_modules/ridalloc.c:547: No RID Set DN - Remote >> RID Set creation needed > This sounds like your DC, didn't got an RID pool assigned from the RID > master. See > https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#RID_Master > for details. > > If you just have two DCs in your domain, then the first one has this > role, if you haven't transfered. > > Did you had more DCs in the past and maybe haven't demoted correctly and > the AD still thinks one of the missing DCs is RID master? > > Please check, which DC owns the RID master role: > # samba-tool fsmo show > > > >> More over, new users created on the first DC are never synced to the >> second one. > Does your replication works in both direction? Check with > # samba-tool drs showrepl > > > > Regards, > Marc > >Hello, Just for information, if someone face the same issue, the problem was due to the way we manage the DNS (manually). As far as I understand, for the purpose of synchronization, samba contacts the first DC using an alias (which looks like an UUID, this can be seen in samba.log) and we were lacking this alias in our DNS. Anyway, thank you for your reply. -- - no title specified Jean-Fran?ois Morcillo Cluster MBS Phone: +33 176 641 661 email: jfmorcillo at mandriva.com <mailto:jfmorcillo at mandriva.com> <http://www.mandriva.com/en/eva/> * Reclaim your digital independence * Mandriva SA - Paris- FR - http://www.mandriva.com <http://www.mandriva.com/>