thr3ads.net - samba - [Samba] Error "Failed extended allocation RID pool operation..." [Sep 2016]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2016-Sep-19 15:15 UTC

[Samba] Error "Failed extended allocation RID pool operation..."

On Mon, 19 Sep 2016 10:42:34 -0400
Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
> > No it shouldn't be replicated, the big hint is
> > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that
holds
> > the
> > RID master FSMO role, so I supposed the question is, what does
> > 'samba-tool fsmo show' display for the RidAllocationMasterRole
?
> 
> 
> Huh.  
Log into a DC, run 'samba-tool fsmo show' and look at the line that
starts 'RidAllocationmasterRole'
It should show 'CN=NTDS Settings,CN=LARKIN27'
> 
> Under ADSI Edit I only see the value for the DC I am corrected to [and
> not the other two].  That seems correct???
Try running this on the DC:

ldbsearch -H /usr/local/samba/private/sam.ldb '(objectClass=rIDSet)' dn
rIDNextRID

Replace the path to 'sam.ldb' with the path to your sam.ldb.

It should should show the DN's of your DCs followed by the contents of
the 'rIDNextRID' attributes. these should be '0' on all DC's
except
the RID master.

Rowland
 
> 
> I have three DCs: LARKIN26, LARKIN27, LARKIN28.  LARKIN27 holds all
> the FSMO roles.
> 
> Should I unset the value connected to the other two DCs?
>

Adam Tauno Williams

2016-Sep-19 15:57 UTC

head link

[Samba] Error "Failed extended allocation RID pool operation..."

On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba
wrote:> On Mon, 19 Sep 2016 10:42:34 -0400
> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> > On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
> > > No it shouldn't be replicated, the big hint is
> > > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC
that
> > > holds the RID master FSMO role, so I supposed the question is, 
> > > what does 'samba-tool fsmo show' display for the
> > > RidAllocationMasterRole ?
> Log into a DC, run 'samba-tool fsmo show' and look at the line that
> starts 'RidAllocationmasterRole'
> It should show 'CN=NTDS Settings,CN=LARKIN27'
[root at larkin28 ~]# samba-tool fsmo show
..
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
...
> > Try running this on the DC: ldbsearch -H/usr/local/samba/private/sa
> > m.ldb '(objectClass=rIDSet)' dn rIDNextRID
> It should should show the DN's of your DCs followed by the contents
> of the 'rIDNextRID' attributes. these should be '0' on all
DC's
> except the RID master.

[root at larkin28 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb 
 '(objectClass=rIDSet)' dn rIDNextRID
# record 1
dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
# record 2
dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
# record 3
dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
rIDNextRID: 53611
# Referral
ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
# returned 6 records
# 3 entries
# 3 referrals


[root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb 
 '(objectClass=rIDSet)' dn rIDNextRID
# record 1
dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
# record 2
dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
rIDNextRID: 55584
# record 3
dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
# Referral
ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
# returned 6 records
# 3 entries
# 3 referrals


[root at larkin27 ~]#  ldbsearch -H /var/lib/samba/private/sam.ldb 
 '(objectClass=rIDSet)' dn rIDNextRID
# record 1
dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
# record 2
dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
rIDNextRID: 55584
# record 3
dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
# Referral
ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
# Referral
ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
# returned 6 records
# 3 entries
# 3 referrals


-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

Rowland Penny

2016-Sep-19 16:21 UTC

head link

[Samba] Error "Failed extended allocation RID pool operation..."

On Mon, 19 Sep 2016 11:57:38 -0400
Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote:
> > On Mon, 19 Sep 2016 10:42:34 -0400
> > Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> 
> > > On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
> > > > No it shouldn't be replicated, the big hint is
> > > > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the
DC that
> > > > holds the RID master FSMO role, so I supposed the question
is,
> > > > what does 'samba-tool fsmo show' display for the
> > > > RidAllocationMasterRole ?
> > Log into a DC, run 'samba-tool fsmo show' and look at the line
that
> > starts 'RidAllocationmasterRole'
> > It should show 'CN=NTDS Settings,CN=LARKIN27'
> 
> [root at larkin28 ~]# samba-tool fsmo show
> ..
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site
> -Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> ...
> 
> > > Try running this on the DC: ldbsearch
> > > -H/usr/local/samba/private/sa m.ldb
'(objectClass=rIDSet)' dn
> > > rIDNextRID
> > It should should show the DN's of your DCs followed by the
contents
> > of the 'rIDNextRID' attributes. these should be '0' on
all DC's
> > except the RID master.
> 
> 
> [root at larkin28 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb 
>  '(objectClass=rIDSet)' dn rIDNextRID
> # record 1
> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> # record 2
> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> # record 3
> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> rIDNextRID: 53611
> # Referral
> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> # returned 6 records
> # 3 entries
> # 3 referrals
> 
> 
> [root at larkin27 ~]# ldbsearch -H /var/lib/samba/private/sam.ldb 
>  '(objectClass=rIDSet)' dn rIDNextRID
> # record 1
> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> # record 2
> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> rIDNextRID: 55584
> # record 3
> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> # returned 6 records
> # 3 entries
> # 3 referrals
> 
> 
> [root at larkin27 ~]#  ldbsearch -H /var/lib/samba/private/sam.ldb 
>  '(objectClass=rIDSet)' dn rIDNextRID
> # record 1
> dn: CN=RID Set,CN=LARKIN26,OU=Domain Controllers,DC=micore,DC=us
> # record 2
> dn: CN=RID Set,CN=LARKIN27,OU=Domain Controllers,DC=micore,DC=us
> rIDNextRID: 55584
> # record 3
> dn: CN=RID Set,CN=LARKIN28,OU=Domain Controllers,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/CN=Configuration,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=DomainDnsZones,DC=micore,DC=us
> # Referral
> ref: ldap://micore.us/DC=ForestDnsZones,DC=micore,DC=us
> # returned 6 records
> # 3 entries
> # 3 referrals
> 
> 
OK, on the DC that holds the RID master role:

root at dc1:~# ldbsearch -H /usr/local/samba/private/sam.ldb
'(objectClass=rIDSet)' dn rIDNextRID
# record 1
dn: CN=RID Set,CN=MEMBER1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
rIDNextRID: 0

# record 2
dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com
rIDNextRID: 1152

and on my other DC:

root at member1:~# ldbsearch -H /usr/local/samba/private/sam.ldb
'(objectClass=rIDSet)' dn rIDNextRID
# record 1
dn: CN=RID Set,CN=MEMBER1,OU=Domain Controllers,DC=samdom,DC=example,DC=com

# record 2
dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=samdom,DC=example,DC=com

So as far as I understanding it, you should only have the 'rIDNextRID'
attribute on the DC that holds the RID master role. I suggest you run
'samba-tool dbcheck' on your DCs

Rowland

Maybe Matching Threads

Search for more seemingly similar threads

samba - Sep 2016 - Error "Failed extended allocation RID pool operation..."

[Samba] Error "Failed extended allocation RID pool operation..."

[Samba] Error "Failed extended allocation RID pool operation..."

[Samba] Error "Failed extended allocation RID pool operation..."

Maybe Matching Threads