Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote: >> Hello list, >> >> I'm getting a weird error message regarding our file server when i >> run >> dbcheck on my >> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is >> fine, >> the file server also >> works fine but I want to clean the database before doing the upgrade >> to >> version 4.9 >> >> dc01:~# samba-tool dbcheck --cross-ncs >> Checking 4503 objects >> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for >> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID >> set >> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> Please use --fix to fix these errors >> Checked 4503 objects (1 errors) >> >> >> Has any of you seen a error like this before and knows if it's save >> to >> remove the entry? Don't want >> to remove the fileserver from my ad, as some of my users probably >> won't >> be ok with that ;) >> >> Thanks in advance! > I'm more interested in how you created that file server, because it > should be really hard to make Samba break this way, unless we got the > dbcheck rule wrong. > > As to what --fix does, it doesn't delete the file server, it just > advances the RID set to ensure you don't get a duplicate SID later in > the domain's life. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > > >Hello Andrew, thanks for your answer. We're using the sernet samba packages and beside this issue the installation is running very stable. After joining the file server we only added some shares, no special config or anything. So I can't really tell, if the error already happened during the join or if something broke while updating or other ways. -- Mit freundlichen Grüßen / Best regards Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller
On Tue, 25 Sep 2018 11:18:03 +0200 Daniel Jordan via samba <samba at lists.samba.org> wrote:> > > Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba: > > On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote: > >> Hello list, > >> > >> I'm getting a weird error message regarding our file server when i > >> run > >> dbcheck on my > >> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is > >> fine, > >> the file server also > >> works fine but I want to clean the database before doing the > >> upgrade to > >> version 4.9 > >> > >> dc01:~# samba-tool dbcheck --cross-ncs > >> Checking 4503 objects > >> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for > >> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID > >> set > >> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx > >> Please use --fix to fix these errors > >> Checked 4503 objects (1 errors) > >> > >> > >> Has any of you seen a error like this before and knows if it's save > >> to > >> remove the entry? Don't want > >> to remove the fileserver from my ad, as some of my users probably > >> won't > >> be ok with that ;) > >> > >> Thanks in advance! > > I'm more interested in how you created that file server, because it > > should be really hard to make Samba break this way, unless we got > > the dbcheck rule wrong. > > > > As to what --fix does, it doesn't delete the file server, it just > > advances the RID set to ensure you don't get a duplicate SID later > > in the domain's life. > > > > Andrew Bartlett > > -- > > Andrew Bartlett http://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > Samba Developer, Catalyst IT > > http://catalyst.net.nz/services/samba > > > > > > > > > Hello Andrew, > > thanks for your answer. > > We're using the sernet samba packages and beside this issue the > installation is running very stable. > After joining the file serverYes, but how did you join the fileserver ? Can we see your smb.conf from the fileserver ? Rowland
Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:> On Tue, 25 Sep 2018 11:18:03 +0200 > Daniel Jordan via samba <samba at lists.samba.org> wrote: > >> >> Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba: >>> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba wrote: >>>> Hello list, >>>> >>>> I'm getting a weird error message regarding our file server when i >>>> run >>>> dbcheck on my >>>> dc01 running Samba v4.7.9. The error only occurs on dc01, dc02 is >>>> fine, >>>> the file server also >>>> works fine but I want to clean the database before doing the >>>> upgrade to >>>> version 4.9 >>>> >>>> dc01:~# samba-tool dbcheck --cross-ncs >>>> Checking 4503 objects >>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for >>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current RID >>>> set >>>> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >>>> Please use --fix to fix these errors >>>> Checked 4503 objects (1 errors) >>>> >>>> >>>> Has any of you seen a error like this before and knows if it's save >>>> to >>>> remove the entry? Don't want >>>> to remove the fileserver from my ad, as some of my users probably >>>> won't >>>> be ok with that ;) >>>> >>>> Thanks in advance! >>> I'm more interested in how you created that file server, because it >>> should be really hard to make Samba break this way, unless we got >>> the dbcheck rule wrong. >>> >>> As to what --fix does, it doesn't delete the file server, it just >>> advances the RID set to ensure you don't get a duplicate SID later >>> in the domain's life. >>> >>> Andrew Bartlett >>> -- >>> Andrew Bartlett http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> Samba Developer, Catalyst IT >>> http://catalyst.net.nz/services/samba >>> >>> >>> >>> >> Hello Andrew, >> >> thanks for your answer. >> >> We're using the sernet samba packages and beside this issue the >> installation is running very stable. >> After joining the file server > Yes, but how did you join the fileserver ? > Can we see your smb.conf from the fileserver ? > > Rowland > > >Here's the global config part fs01:~# net conf list [global] workgroup = xx realm = xx.xx.xx security = ADS winbind use default domain = yes winbind refresh tickets = yes idmap config * : range = 10000 - 19999 idmap config AD : backend = rid idmap config AD : range = 1000000 - 1999999 inherit acls = yes store dos attributes = yes vfs objects = acl_xattr interfaces = 192.168.x.x bind interfaces only = yes Daniel -- Mit freundlichen Grüßen Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller