27.06.2016 18:45, mathias dufresne:> Perhaps you don't have yet duplicate objectSid as that's not
supposed to be
> possible.
> Rather than scripting something to look for objectSid used twice I would
> start with dbcheck and other tools to verify that your database is
> consistent and identical on all servers.
[root at pdc ~]# samba-tool dbcheck
Checking 3346 objects
Checked 3346 objects (0 errors)
[root at bdc ~]# samba-tool dbcheck
Checking 3346 objects
Checked 3346 objects (0 errors)
[root at dc46 ~]# samba-tool dbcheck
Checking 3346 objects
Checked 3346 objects (0 errors)
[root at pdc ~]# samba-tool ldapcmp ldap://pdc ldap://bdc -Uadministrator
--filter=msDS-NcType,serverState,subrefs,whenChanged
Password for [administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 3207
* Result for [DOMAIN]: SUCCESS
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1621
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 196
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 19
* Result for [DNSFOREST]: SUCCESS
[root at pdc ~]# samba-tool ldapcmp ldap://pdc ldap://dc46 -Uadministrator
--filter=msDS-NcType,serverState,subrefs,whenChanged
Password for [administrator]:
* Comparing [DOMAIN] context...
* Objects to be compared: 3207
* Result for [DOMAIN]: SUCCESS
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1621
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1550
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 196
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 19
* Result for [DNSFOREST]: SUCCESS
>
> 2016-06-27 15:21 GMT+02:00 Zhuchenko Valery <zvn at belkam.com>:
>
>> Hi all!
>>
>> Today, after two years of production, I get this error:
>>
>> samba-tool user create test20160627 testpassword
>>
>> ERROR(ldb): Failed to add user 'test20160627': -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
>> CN=test20160627,CN=Users,DC=ad... -
../lib/ldb/ldb_tdb/ldb_index.c:1148:
>> unique index violation on objectSid in
CN=test20160627,CN=Users,DC=ad...
>>
>> Help me please, how to find which objectSid is not unique?
>> I have 3 DC's on centos 7, samba 4.1 (I know, old version).
>>
>> Valery