thr3ads.net - samba - [Samba] SID ... conflicts with our current RID set in ... [Jun 2021]

If this information is useful, please help other people find it:
Share via:

Marco Gaiarin

2021-Jun-01 16:07 UTC

[Samba] SID ... conflicts with our current RID set in ...

Doing some health check on my samba AD domain, i've got this:

 root at vdcpp1:~# samba-tool dbcheck --cross-ncs
 Checking 5173 objects
 [... some warnings...]
 SID S-1-5-21-160080369-3601385002-3131615632-2100 for
CN=ENRICO,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it conflicts
with our current RID set in CN=RID Set,CN=VDCPP1,OU=Domain
Controllers,DC=ad,DC=fvg,DC=lnf,DC=it
 Please use --fix to fix these errors
 Checked 5173 objects (1 errors)

Two question:

1) why this error is DC specific and not domain-wide? DC RID is not
 written in AD but only in local DB?
 If i run 'samba-tool dbcheck --cross-ncs' in another DC, there's no
error...

2) it is safe to use '--fix'? Or, because 'ENRICO' is a simple
windows
 pc, it is safer to simply delete 'ENRICO' computer account and rejoin
 it?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bont?, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Rowland penny

2021-Jun-01 16:31 UTC

head link

[Samba] SID ... conflicts with our current RID set in ...

On 01/06/2021 17:07, Marco Gaiarin via samba wrote:> Doing some health check on my samba AD domain, i've got this:
>
>   root at vdcpp1:~# samba-tool dbcheck --cross-ncs
>   Checking 5173 objects
>   [... some warnings...]
>   SID S-1-5-21-160080369-3601385002-3131615632-2100 for
CN=ENRICO,OU=Computers,OU=SanVito,OU=FVG,DC=ad,DC=fvg,DC=lnf,DC=it conflicts
with our current RID set in CN=RID Set,CN=VDCPP1,OU=Domain
Controllers,DC=ad,DC=fvg,DC=lnf,DC=it
>   Please use --fix to fix these errors
>   Checked 5173 objects (1 errors)
>
> Two question:
>
> 1) why this error is DC specific and not domain-wide?

Because every DC has (or should have) its own RID pool
>   DC RID is not
>   written in AD but only in local DB?

RID's are in AD
>   If i run 'samba-tool dbcheck --cross-ncs' in another DC,
there's no error...

Different RID pool
>
> 2) it is safe to use '--fix'? Or, because 'ENRICO' is a
simple windows
>   pc, it is safer to simply delete 'ENRICO' computer account and
rejoin
>   it?

Try '--fix' first, you can always fall back to leaving the domain and 
rejoining if it doesn't work.

Rowland

>
>
> Thanks.
>

samba - Jun 2021 - SID ... conflicts with our current RID set in ...

[Samba] SID ... conflicts with our current RID set in ...

[Samba] SID ... conflicts with our current RID set in ...