samba - May 2024 - No RID Set found for this server. Can't self-allocate

Hello, everybody.


I have a Samba domain spread over 19 offices, 5 of them have a domain 
controller of their own.

Some of these DC work fine now that I have a quite homogeneous set of 
samba versions. Most of them are Debian 11 with samba 4.17.

The last two DC added (in different offices) have joined the domain 
without problems, but both have the same problem. The can't find a RID set:

No RID Set found for this server: CN=COR-DC2,OU=Domain 
Controllers,DC=my,DC=domain, and we are not the RID Master (so can not 
self-allocate)

This means that they can't create any new objects, so every time I need 
to add a new computer or create a user, I have to take down these 
servers and let the objects be created on the "healthy" servers.


I have checked Andrew's answer here:

https://lists.samba.org/archive/samba/2018-May/215621.html

He says that they eventually they will find a RID set, but it has been 
long enough and they don't seem to get a RID set.


Any clue of why this happens?

Thank you


-- 
Carta

Felipe Mart?nez Hermo

Servizos Inform?ticos

UGT Galicia

981 57 71 71

*Uni?n Xeral de Traballadoras e Traballadores*

Miguel Ferro Caaveiro, 12 - 15707, Santiago de Compostela

<https://www.instagram.com/ugt_galicia/?hl=es><https://www.facebook.com/ugtgalicia?ref=hl><https://www.youtube.com/channel/UCvmQas6GB5fWAuxc1UM8XVg><https://twitter.com/UGT_Galicia>www.ugtgalicia.org
<http://www.ugtgalicia.org>


--
Este mensaje y los ficheros anexos que pueda contener son confidenciales. Los
mismos pueden contener informaci?n reservada que no puede ser difundida. Si
usted ha recibido este correo por error, tenga la amabilidad de eliminarlo de su
sistema. No deber? copiar el mensaje ni divulgar su contenido.Su direcci?n de
correo electr?nico, junto a sus datos personales recibidos, ser?n gestionados
por UGT Galicia con la finalidad de la gesti?n de la comunicaci?n recibida y el
contacto con usted, y se adoptar?n sobre los mismos las medidas de seguridad
oportunas en garant?a del RGPD y la LOPDGDD. Para cualquier informaci?n
adicional o cuesti?n relacionada con Protecci?n de Datos, dir?jase a dpo at
galicia.ugt.org o a nuestras Pol?ticas de Privacidad ubicadas en
www.ugt.es/clausulas-rgpd

On Tue, 2024-05-21 at 18:24 +0200, Felipe Mart?nez Hermo via samba
wrote:
> Hello, everybody.
> 
> 
> I have a Samba domain spread over 19 offices, 5 of them have a
> domain 
> controller of their own.
> 
> Some of these DC work fine now that I have a quite homogeneous set
> of 
> samba versions. Most of them are Debian 11 with samba 4.17.
> 
> The last two DC added (in different offices) have joined the domain 
> without problems, but both have the same problem. The can't find a
> RID set:
> 
> No RID Set found for this server: CN=COR-DC2,OU=Domain 
> Controllers,DC=my,DC=domain, and we are not the RID Master (so can
> not 
> self-allocate)
> 
> This means that they can't create any new objects, so every time I
> need 
> to add a new computer or create a user, I have to take down these 
> servers and let the objects be created on the "healthy" servers.

I suspect the new servers can't reach the RID master.  

Once the servers can reach the RID Master, try creating a user again,
it may fail but should trigger getting a RID pool.

Sadly we don't seem to have a way to trigger this manually with a
samba-tool DRS command, which is an oversight. 
> I have checked Andrew's answer here:
> 
> https://lists.samba.org/archive/samba/2018-May/215621.html
> 
> 
> He says that they eventually they will find a RID set, but it has
> been 
> long enough and they don't seem to get a RID set.
The note about join-time is correct, except it is possible to join
without creating a RID set, if you didn't happen to join to the RID
master.  (But we reduced these errors significantly by making it as
proactive as possible). 

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions