Am 25.09.18 um 14:26 schrieb Rowland Penny via samba:> On Tue, 25 Sep 2018 13:12:18 +0200 > Daniel Jordan <d.jordan at gfd.de> wrote: > >>>>>>>> dc01:~# samba-tool dbcheck --cross-ncs >>>>>>>> Checking 4503 objects >>>>>>>> SID S-1-5-21-3258148492-1502286889-3538134041-1601 for >>>>>>>> CN=FS01,OU=Server,DC=xx,DC=xx,DC=xx conflicts with our current >>>>>>>> RID set >>>>>>>> in CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >>>>>>>> Please use --fix to fix these errors >>>>>>>> Checked 4503 objects (1 errors) >>>>>>>> >>> There doesn't seem to be anything wrong there, I take it you joined >>> with something like 'net ads join -U Administrator' ? >>> >>> Rowland >>> >> Sorry, forgot that. >> I followed the guide in Stefan Kania's Samba 4 book and used the the >> "net ads join" command. >> >> Daniel >> > It sounds like you have done nothing wrong. The only questions I have > are: > > is 'S-1-5-21-3258148492-1502286889-3538134041-1601' the SID-RID for the > Unix domain member ? > > Does 'FS01' also exist in 'CN=Computers' ? > > If you did join with 'net ads join', how did 'FS01' end up in > 'OU=Server' ? > > Rowland >You're right, the 'S-1-5-21-3258148492-1502286889-3538134041-1601' is the SID for fs01. The system only exists 'OU=Server' as I moved it from 'OU=Computer' for organisational purposes. I could also move it back to the 'Computer' OU, but the error existed before the move, so this probably won't have any impact. Daniel -- Mit freundlichen Grüßen Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller
On Wed, 26 Sep 2018 14:29:24 +0200 Daniel Jordan <d.jordan at gfd.de> wrote:> You're right, the 'S-1-5-21-3258148492-1502286889-3538134041-1601' is > the SID for fs01. The system only exists 'OU=Server' as I moved it > from 'OU=Computer' > for organisational purposes. I could also move it back to the > 'Computer' OU, but the error existed before the move, so this > probably won't have any impact. >Run the following commands on dc01: ldbsearch -H /var/lib/samba/private/sam.ldb '(objectClass=domain)' objectSid ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool The first should display the domain SID, it should match the one in your first post. The second should display the rid pool(s). Ensure that 'sam.ldb' is in '/var/lib/samba/private', if not change to correct path. Rowland
dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb '(objectClass=domain)' objectSid # record 1 dn: DC=xx,DC=xx,DC=xx objectSid: S-1-5-21-3258148492-1502286889-3538134041 dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool # record 1 dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx rIDAllocationPool: 2100-2599 # record 2 dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx rIDAllocationPool: 1600-2099 Daniel Am 26.09.18 um 15:15 schrieb Rowland Penny via samba:> On Wed, 26 Sep 2018 14:29:24 +0200 > Daniel Jordan <d.jordan at gfd.de> wrote: > >> You're right, the 'S-1-5-21-3258148492-1502286889-3538134041-1601' is >> the SID for fs01. The system only exists 'OU=Server' as I moved it >> from 'OU=Computer' >> for organisational purposes. I could also move it back to the >> 'Computer' OU, but the error existed before the move, so this >> probably won't have any impact. >> > Run the following commands on dc01: > > ldbsearch -H /var/lib/samba/private/sam.ldb '(objectClass=domain)' objectSid > > ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool > > > The first should display the domain SID, it should match the one in your first post. > The second should display the rid pool(s). > > Ensure that 'sam.ldb' is in '/var/lib/samba/private', if not change to correct path. > > Rowland > > >-- Mit freundlichen Grüßen Daniel Jordan IT-Administration GFD GmbH Flugplatz Hohn 24806 Hohn Tel.: + 49 (0) 4335 9202 58 Fax: + 49 (0) 4335 9202 15 d.jordan at gfd.de <mailto:d.jordan at gfd.de> www.gfd.de Sitz der Gesellschaft Hohn Handelsregister Kiel HRB 908 RD Geschäftsführung: Stefan Müller