Hi,
In time honoured fashion I am replying to my own post, as I think I have
figured out a workaround to my issue. Hopefully this will help others -
here's what I did.
On 22 July 2013 22:01, Jonathan Hunter <jmhunt...@gmail.com> wrote:
> Now, I try to join the new server (CentOS 6.4 clean install; Samba 4.0.7
> from source), but I get the following:
>
[...]
> ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM
> - <00002035: ../source4/dsdb/samdb/ldb_modules/ridalloc.c:517: No RID Set
> DN - Failed to add RID Set CN=RID Set,CN=EXISTING-DC,OU=Domain
> Controllers,DC=mydomain,DC=org - objectclass: object class 'rIDSet' is
> system-only, rejecting creation of 'CN=RID Set,CN=EXISTING-DC,OU=Domain
> Controllers,DC=mydomain,DC=org'!> <>
>
>
After some careful googling, and trying to figure out what the heck a RID
Set was, and why it couldn't be added, I discovered it was a property of a
domain controller, and I think I should really have one against my existing
DC - but I didn't.
First step was ADSI Edit, to create it - but then I discovered that whilst
ADSI Edit can create many things, a RID Set is not one of them.
Second step was LDIFDE, I exported the RID Set from my other DC (in the
other site), edited the LDIF to make a new RID Set for my existing DC - but
couldn't import it ("The server is unwilling to process the request")
Finally I hit upon the plan of transferring the RIDAllocationMaster FSMO
role across between the DCs:
second-existing-dc# samba-tool fsmo seize --role=rid
Attempting transfer...
FSMO transfer of 'rid' role successful
ERROR: Failed to initiate role seize of 'rid' role: objectclass: modify
message must have elements/attributes!
The transfer was successful, but some kind of error occurred.. (!)
But, I was able to transfer the role back to the first DC - and this time,
a RID Set finally appeared in AD! I did, however, get exactly the same
error. This happened however many times I transfer the role, and for any
role (I tried all of them :-))
existing-dc# samba-tool fsmo seize --role=rid
Attempting transfer...
FSMO transfer of 'rid' role successful
ERROR: Failed to initiate role seize of 'rid' role: objectclass: modify
message must have elements/attributes!
Still.. I have now been able to successfully join my domain - which does
solve my initial problem, so I'm happy there at least.
(Interestingly, my shiny new DC does not have a RID Set.. I'm not yet sure
if this is good, or bad! :))
Hopefully this post will be helpful to somebody in the future... Just a
note, however - I hardly ever check this gmail account, so please don't
rely on a speedy response if you do see this post and want to reply to me
personally!
Thanks all,
Jonathan
--
"If we knew what it was we were doing, it would not be called research,
would it?"
- Albert Einstein
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
