Hello list, I'm getting a weird error message regarding our file server when i run dbcheck on my dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is fine, the file server also works fine but I want to clean the database before doing the upgrade to version 4.9 dc01:~# samba-tool dbcheck --cross-ncs Checking 4503 objects SID S-1-5-21-3258148492-1502286889-3538134041-1601 for CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID set in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx Please use --fix to fix these errors Checked 4503 objects (1 errors) Has any of you seen a error like this before and knows if it's save to remove the entry? Don't want to remove the fileserver from my ad, as some of my users probably won't be ok with that ;) Thanks in advance! -- Best regards Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller
> dc01:~# samba-tool dbcheck --cross-ncs > Checking 4503 objects > SID S-1-5-21-3258148492-1502286889-3538134041-1601 for > CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID set > in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx > Please use --fix to fix these errors > Checked 4503 objects (1 errors)Why didn't you run "samba-tool dbcheck --cross-ncs --fix"?
I'm not sure what happens if I try to fix this error. If the fileserver will just get a new SID or if it will be removed from the AD. ----------------ursprüngliche Nachricht----------------- Von:miguel medalha via samba [samba at lists.samba.org ] An:'Daniel Jordan' [d.jordan at gfd.de ], samba at lists.samba.org Datum:Mon, 24 Sep 2018 16:12:12 +0100 -------------------------------------------------> >> dc01:~# samba-tool dbcheck --cross-ncs >> Checking 4503 objects >> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for >> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID >> set in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> Please use --fix to fix these errors >> Checked 4503 objects (1 errors) > > Why didn't you run "samba-tool dbcheck --cross-ncs --fix"? > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Mit freundlichen Grüßen/Best regards Daniel Jordan GFD GmbH Flugplatz Hohn 24806 Hohn mailto:d.jordan at gfd.de www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller
On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote:> Hello list, > > I'm getting a weird error message regarding our file server when i > run > dbcheck on my > dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is > fine, > the file server also > works fine but I want to clean the database before doing the upgrade > to > version 4.9 > > dc01:~# samba-tool dbcheck --cross-ncs > Checking 4503 objects > SID S-1-5-21-3258148492-1502286889-3538134041-1601 for > CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID > set > in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx > Please use --fix to fix these errors > Checked 4503 objects (1 errors) > > > Has any of you seen a error like this before and knows if it's save > to > remove the entry? Don't want > to remove the fileserver from my ad, as some of my users probably > won't > be ok with that ;) > > Thanks in advance!I'm more interested in how you created that file server, because it should be really hard to make Samba break this way, unless we got the dbcheck rule wrong. As to what --fix does, it doesn't delete the file server, it just advances the RID set to ensure you don't get a duplicate SID later in the domain's life. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
./samba-tool dbcheck
Checking 905 objects
ERROR(<type 'exceptions.UnicodeEncodeError'>): uncaught exception
- 'ascii' codec can't encode character u'\xe1' in position
313: ordinal not in range(128)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 177, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dbcheck.py",
line 157, in run
controls=controls, attrs=attrs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/dbchecker.py",
line 221, in check_database
error_count += self.check_object(object.dn, attrs=attrs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/dbchecker.py",
line 2230, in check_object
error_count += self.check_dn(obj, attrname, syntax_oid)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/dbchecker.py",
line 1139, in check_dn
self.check_duplicate_links(obj, attrname, syntax_oid, linkID,
reverse_link_name)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/dbchecker.py",
line 947, in check_duplicate_links
dsdb_dn = dsdb_Dn(self.samdb, val.decode('utf8'), forward_syntax)
File "/usr/local/samba/lib/python2.7/site-packages/samba/common.py",
line 101, in __init__
self.dn = ldb.Dn(samdb, self.dnstring)
Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote: >> Hello list, >> >> I'm getting a weird error message regarding our file server when i >> run >> dbcheck on my >> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is >> fine, >> the file server also >> works fine but I want to clean the database before doing the upgrade >> to >> version 4.9 >> >> dc01:~# samba-tool dbcheck --cross-ncs >> Checking 4503 objects >> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for >> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID >> set >> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> Please use --fix to fix these errors >> Checked 4503 objects (1 errors) >> >> >> Has any of you seen a error like this before and knows if it's save >> to >> remove the entry? Don't want >> to remove the fileserver from my ad, as some of my users probably >> won't >> be ok with that ;) >> >> Thanks in advance! > I'm more interested in how you created that file server, because it > should be really hard to make Samba break this way, unless we got the > dbcheck rule wrong. > > As to what --fix does, it doesn't delete the file server, it just > advances the RID set to ensure you don't get a duplicate SID later in > the domain's life. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > > >Hello Andrew, thanks for your answer. We're using the sernet samba packages and beside this issue the installation is running very stable. After joining the file server we only added some shares, no special config or anything. So I can't really tell, if the error already happened during the join or if something broke while updating or other ways. -- Mit freundlichen Grüßen / Best regards Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller