Univention Corporate Server (UCS) » Services for Windows

ID #1283

Samba 4 - RID Pool renewal

Produktlogo UCS UCS 3

WORK IN PROGRESS

 

Problem:

No new RID's/objects can be created

The problem can be characterized by the following message especially when joining Windows clients::

The problem can be characterized by the following message especially when joining Windows clients:


Solution:

There are no new RID's free for the award - a new RID pool can be allocated:

1. Find current range

Each Samba 4 DC has its own RID-Pool. These pools are saved as seperate objects in the LDB underneath "their" computer object.
Because the needed attributes for this article, Attribute rIDAllocationPool and rIDNextRID, are not replicated via DRS, they are only found locally:

ldbsearch -H /var/lib/samba/private/sam.ldb \
CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)"
e.g.:
# record 1
dn: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=domain,DC=s4
objectClass: top
objectClass: rIDSet
cn: RID Set
instanceType: 4
whenCreated: 20131121092552.0Z
whenChanged: 20131121092552.0Z
uSNCreated: 3586
uSNChanged: 3586
showInAdvancedViewOnly: TRUE
name: RID Set
objectGUID: f68e16fc-e5c7-4471-bd2a-ba223e09a718
rIDAllocationPool: 1100-1599
rIDPreviousAllocationPool: 1100-1599
rIDUsedPool: 0
objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=domain,DC=s4
rIDNextRID: 1125
distinguishedName: CN=RID Set,CN=MASTER,OU=Domain Controllers,DC=domain,DC=s4
The attribute rIDAllocationPool shows the current pool.
The attribute rIDNextRID shows the last successfully given RID. In some situations some spaces within this range are already awared and blocked.
2. Allocate a new pool

It's not sufficient to only change this data locally. That's why you should navigate to  the system with the FSMO-role "RID Allocation Master" (the system which normally awards RID-Pools "samba-tool fsmo show") and allocate a new pool for your system there!
Just set rIDNextRID locally to the last possible value from the range:
 ldbedit -H /var/lib/samba/private/sam.ldb \
CN="RID Set" \
-b CN="$(ucr get hostname),OU=Domain Controllers,$(ucr get ldap/base)"
 "ldbedit" opens the object in an editor. Per default this is vi.
The attrbiute rIDNextRID can be edited diretcly. In the above example the last possbile value would be 1599 (last RID from Pool - 1100-1599).


If you add a new user then locally, the system recognizes that there are no RID's left and asks the RID Allocation master for a new Pool.:

samba-tool user add testbenutzer2 "Passwort123"
samba-tool user delete testbenutzer2 

Tags: -

Related entries:

Last update: 2014-08-07 09:54
Author: Tim Petersen
Revision: 1.0

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 1 (1 Vote)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry