Am 27.09.18 um 10:04 schrieb Rowland Penny via samba:> On Thu, 27 Sep 2018 07:46:40 +0200 > Daniel Jordan <d.jordan at gfd.de> wrote: > > >> Hello Andrew and Rowland, >> >> here's the ldbsearch output from both domain controllers: >> >> >> dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb >> '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID >> # record 1 >> dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> rIDNextRID: 1495 >> >> # record 2 >> dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> rIDNextRID: 0 >> >> >> dc02:~# ldbsearch -H /var/lib/samba/private/sam.ldb >> '(&(objectClass=rIDSet)(cn=RID Set))' rIDNextRID >> # record 1 >> dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> >> # record 2 >> dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx >> rIDNextRID: 1716 >> >> >> hope that helps >> >> Daniel > Well yes an no ;-) > > You posted this: > > dc01:~# ldbsearch -H /var/lib/samba/private/sam.ldb '(&(objectClass=rIDSet)(cn=RID Set))' rIDAllocationPool > # record 1 > dn: CN=RID Set,CN=DC01,OU=Domain Controllers,DC=xx,DC=xx,DC=xx > rIDAllocationPool: 2100-2599 > > # record 2 > dn: CN=RID Set,CN=DC02,OU=Domain Controllers,DC=xx,DC=xx,DC=xx > rIDAllocationPool: 1600-2099 > > So how has 'rIDNextRID' been set to '1495' on DC01, when the > 'rIDAllocationPool' is '2100-2599' ? > > How are you creating users etc ? > > Rowland >Now that's weird, how could that happen? We mostly use Windows RSAT-Tools for administration purposes. Daniel
On Thu, 2018-09-27 at 10:14 +0200, Daniel Jordan via samba wrote:> > Am 27.09.18 um 10:04 schrieb Rowland Penny via samba: > > > Now that's weird, how could that happen? We mostly use Windows > RSAT-Tools for administration purposes. >It is a bug. Can you file one for me in bugzilla (I've sent you an invite). Attached is a preliminary patch. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-dbcheck-check-correct-RID-set-attributes-when-lookin.patch Type: text/x-patch Size: 4053 bytes Desc: not available URL: <http://lists.samba.org/pipermail/samba/attachments/20180927/5e7259bc/0001-dbcheck-check-correct-RID-set-attributes-when-lookin.bin>
I had a small peak at your patch. This also applies to samba 4.8.5? Now, basicly, i dont know anythis what that patch is doing, im not a coder, i can read it a bit. But if did read it correct, its about rID pool alloctions where rID = 0 ? Like this: (dn: CN=RID Set,CN=DC2,OU=Domain Controllers,) rIDAllocationPool: 2100-2599 rIDPreviousAllocationPool: 0-0 rIDUsedPool: 0 rIDNextRID: 0 And on DC1 i see : rIDAllocationPool: 2600-3099 rIDPreviousAllocationPool: 2600-3099 rIDUsedPool: 1 whenChanged: 20161220102428.0Z uSNChanged: 73513 rIDNextRID: 2651 Because then i can confirm this happens also in Samba 4.8.5. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Andrew Bartlett via samba > Verzonden: donderdag 27 september 2018 10:32 > Aan: Daniel Jordan; Rowland Penny; samba at lists.samba.org > Onderwerp: Re: [Samba] Samba 4.7.9 dbcheck error > > On Thu, 2018-09-27 at 10:14 +0200, Daniel Jordan via samba wrote: > > > > Am 27.09.18 um 10:04 schrieb Rowland Penny via samba: > > > > > Now that's weird, how could that happen? We mostly use Windows > > RSAT-Tools for administration purposes. > > > > It is a bug. Can you file one for me in bugzilla (I've sent you an > invite). > > Attached is a preliminary patch. > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 27 Sep 2018 10:43:55 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> I had a small peak at your patch. > This also applies to samba 4.8.5? > > Now, basicly, i dont know anythis what that patch is doing, im not a > coder, i can read it a bit. But if did read it correct, its about rID > pool alloctions where rID = 0 ? > > Like this: (dn: CN=RID Set,CN=DC2,OU=Domain Controllers,) > rIDAllocationPool: 2100-2599 > rIDPreviousAllocationPool: 0-0 > rIDUsedPool: 0 > rIDNextRID: 0 > > And on DC1 i see : > rIDAllocationPool: 2600-3099 > rIDPreviousAllocationPool: 2600-3099 > rIDUsedPool: 1 > whenChanged: 20161220102428.0Z > uSNChanged: 73513 > rIDNextRID: 2651 > > Because then i can confirm this happens also in Samba 4.8.5. >I have a feeling it has been there for a very long time and has everything to do with Microsoft creating attributes with very wrong names. Why call the attribute that holds the current rid pool 'rIDPreviousAllocationPool' ? any sane person would think that it contains the last rid pool used. Rowland
On Thu, 2018-09-27 at 10:43 +0200, L.P.H. van Belle via samba wrote:> I had a small peak at your patch. > This also applies to samba 4.8.5? > > Now, basicly, i dont know anythis what that patch is doing, im not a > coder, i can read it a bit. > But if did read it correct, its about rID pool alloctions where rID > 0 ?Sort of the reverse, it only worked in such situations.> Like this: (dn: CN=RID Set,CN=DC2,OU=Domain Controllers,) > rIDAllocationPool: 2100-2599 > rIDPreviousAllocationPool: 0-0 > rIDUsedPool: 0 > rIDNextRID: 0 > > And on DC1 i see : > rIDAllocationPool: 2600-3099 > rIDPreviousAllocationPool: 2600-3099 > rIDUsedPool: 1 > whenChanged: 20161220102428.0Z > uSNChanged: 73513 > rIDNextRID: 2651 > > Because then i can confirm this happens also in Samba 4.8.5.Yeah, this test has been in for a while, unfixed. It only worked on DCs that had not exhausted their first RID pool. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba