Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

Link zu der Vergleichsansicht

Nächste Überarbeitung		 Vorherige Überarbeitung
prebuilt_systems:ucs:failed_to_re-index_objectsid_sambadb [2023/12/26 13:47] – angelegt lomaprebuilt_systems:ucs:failed_to_re-index_objectsid_sambadb [2023/12/31 13:40] (aktuell) loma
Zeile 1: Zeile 1:
 +Du möchtest dich gerne für unsere Hilfe erkenntlich zeigen 8-o. Gerne. Wir bedanken uns bei dir für deine Spende! LOL \\
 +[[https://www.paypal.com/donate/?hosted_button_id=JTFYJYVH37MNE|{{:wiki:btn_donatecc_lg.gif|}}]] \\
 +\\
 +Hauseigenes Apt-Repo: [[https://apt.iteas.at]]   
 +\\
 +GITLAB Enterprise: [[https://git.osit.cc|{{:gitlab_logo.png?nolink&60|}}]] 
 +\\
 +\\
 +
 ====== Failed to re-index objectSid (SambaDB) ====== ====== Failed to re-index objectSid (SambaDB) ======
 Failed to re-index objectSid in a non ucs@school environment, may happen if you add a user. Failed to re-index objectSid in a non ucs@school environment, may happen if you add a user.
Zeile 27: Zeile 36:
  
 ===== Investigation: ===== ===== Investigation: =====
-The message indicates, that the SID, samba would like to give, is already occupied by an other userobject. +The message indicates, that the SID, samba would like to give, is already occupied by an other userobject. To find out, you can check the ‘Rid Set’ of the server.
-To find out, you can check the ‘Rid Set’ of the server.+
  
 <code bash> <code bash>
Zeile 36: Zeile 44:
 rIDAllocationPool rIDNextRID rIDAllocationPool rIDNextRID
 </code> </code>
-dn: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=schein,DC=ig +dn: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=schein,DC=ig \\ 
-rIDNextRID: **1161** +rIDNextRID: **1161** \\ 
-The attribute rIDNextRID shows the last successfully given RID. +The attribute rIDNextRID shows the last successfully given RID. Now you can check if this RID (should ) and the next following RID (should not ) (be)/is used. \\ 
-Now you can check if this RID (should ) and the next following RID (should not ) (be)/is used. +Take the SID from an other user or extract the Domain SID part: 
-Take the SID from an other user or extract the Domain SID part:+
  
  univention-ldapsearch -xLLL sambaDomainName=* sambaSID | sed -ne 's|sambaSID: ||p'  univention-ldapsearch -xLLL sambaDomainName=* sambaSID | sed -ne 's|sambaSID: ||p'
Zeile 47: Zeile 54:
  univention-ldapsearch -LLL sambaSID=S-1-5-21-2438365080-1175145288-4246282840-1161 dn  univention-ldapsearch -LLL sambaSID=S-1-5-21-2438365080-1175145288-4246282840-1161 dn
  
-dn: uid=b.baumann,cn=users,dc=schein,dc=ig :heavy_check_mark:+dn: uid=b.baumann,cn=users,dc=schein,dc=ig -> OK 
 + 
 + univention-ldapsearch -LLL sambaSID=S-1-5-21-2438365080-1175145288-4246282840-1162 dn 
 + 
 +dnuid=l.croft,cn=users,dc=schein,dc=ig -> NOK \\ 
 +The user l.croft already occupies the rid, which should be next in samba’s opinion. So this is the cause of the ‘“constraint violation”’ from.  \\ 
 + 
 +===== Solution===== 
 +Edit the ‘Rid Set’ in samba to the last successfully used RID. 
 + ldbedit -H /var/lib/samba/private/sam.ldb CN="RID Set" -b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)" 
 + 
 +<code bash> 
 +# editing 1 records 
 +# record 1 
 +dn: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=schein,DC=ig 
 +objectClass: top 
 +objectClass: rIDSet 
 +cn: RID Set 
 +instanceType:
 +whenCreated: 20190514144243.0Z 
 +whenChanged: 20190514144243.0Z 
 +uSNCreated: 3667 
 +uSNChanged: 3667 
 +showInAdvancedViewOnly: TRUE 
 +name: RID Set 
 +objectGUID: 993ec2b2-c611-4cb4-8924-781111a47832 
 +rIDAllocationPool: 1100-1599 
 +rIDPreviousAllocationPool: 1100-1599 
 +rIDUsedPool:
 +objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=schein,DC=ig 
 +rIDNextRID: 1162 
 +distinguishedName: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=schein,DC=ig 
 +</code> 
 + 
 + 
 +Quelle: https://help.univention.com/t/problem-failed-to-re-index-objectsid-non-school/16853