Am 25.09.2018 um 12:37 schrieb Rowland Penny via samba:> On Tue, 25 Sep 2018 12:08:00 +0200
> Daniel Jordan <d.jordan at gfd.de> wrote:
>
>> Am 25.09.2018 um 11:35 schrieb Rowland Penny via samba:
>>> On Tue, 25 Sep 2018 11:18:03 +0200
>>> Daniel Jordan via samba <samba at lists.samba.org> wrote:
>>>
>>>> Am 24.09.2018 um 19:33 schrieb Andrew Bartlett via samba:
>>>>> On Mon, 2018-09-24 at 13:51 +0200, Daniel Jordan via samba
wrote:
>>>>>> Hello list,
>>>>>>
>>>>>> I'm getting a weird error message regarding our
file server when
>>>>>> i run
>>>>>> dbcheck on my
>>>>>> dc01 running Samba v4.7.9. The error only occurs on
dc01, dc02 is
>>>>>> fine,
>>>>>> the file server also
>>>>>> works fine but I want to clean the database before
doing the
>>>>>> upgrade to
>>>>>> version 4.9
>>>>>>
>>>>>> dc01:~# samba-tool dbcheck --cross-ncs
>>>>>> Checking 4503 objects
>>>>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for
>>>>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our
current
>>>>>> RID set
>>>>>> in CN=RID Set,CN=DC01,OU=Domain
Controllers,DC=xx,DC=xx,DC=xx
>>>>>> Please use --fix to fix these errors
>>>>>> Checked 4503 objects (1 errors)
>>>>>>
>>>>>>
>>>>>> Has any of you seen a error like this before and knows
if it's
>>>>>> save to
>>>>>> remove the entry? Don't want
>>>>>> to remove the fileserver from my ad, as some of my
users probably
>>>>>> won't
>>>>>> be ok with that ;)
>>>>>>
>>>>>> Thanks in advance!
>>>>> I'm more interested in how you created that file
server, because
>>>>> it should be really hard to make Samba break this way,
unless we
>>>>> got the dbcheck rule wrong.
>>>>>
>>>>> As to what --fix does, it doesn't delete the file
server, it just
>>>>> advances the RID set to ensure you don't get a
duplicate SID later
>>>>> in the domain's life.
>>>>>
>>>>> Andrew Bartlett
>>>>> --
>>>>> Andrew Bartlett
http://samba.org/~abartlet/
>>>>> Authentication Developer, Samba Team http://samba.org
>>>>> Samba Developer, Catalyst IT
>>>>> http://catalyst.net.nz/services/samba
>>>>>
>>>>>
>>>>>
>>>>>
>>>> Hello Andrew,
>>>>
>>>> thanks for your answer.
>>>>
>>>> We're using the sernet samba packages and beside this issue
the
>>>> installation is running very stable.
>>>> After joining the file server
>>> Yes, but how did you join the fileserver ?
>>> Can we see your smb.conf from the fileserver ?
>>>
>>> Rowland
>>>
>>>
>>>
>> Here's the global config part
>>
>> fs01:~# net conf list
>> [global]
>> workgroup = xx
>> realm = xx.xx.xx
>> security = ADS
>> winbind use default domain = yes
>> winbind refresh tickets = yes
>> idmap config * : range = 10000 - 19999
>> idmap config AD : backend = rid
>> idmap config AD : range = 1000000 - 1999999
>> inherit acls = yes
>> store dos attributes = yes
>> vfs objects = acl_xattr
>> interfaces = 192.168.x.x
>> bind interfaces only = yes
>>
>>
>> Daniel
>>
> There doesn't seem to be anything wrong there, I take it you joined
> with something like 'net ads join -U Administrator' ?
>
> Rowland
>
Sorry, forgot that.
I followed the guide in Stefan Kania's Samba 4 book and used the the
"net ads join" command.
Daniel
--
Mit freundlichen Grüßen
Daniel Jordan
IT-Administration
GFD GmbH
Flugplatz Hohn
24806 Hohn
Tel.: + 49 (0) 4335 9202 58
Fax: + 49 (0) 4335 9202 15
d.jordan at gfd.de <mailto:d.jordan at gfd.de>
www.gfd.de
Sitz der Gesellschaft Hohn
Handelsregister Kiel HRB 908 RD
Geschäftsführung: Stefan Müller