[Samba] BUILTIN not mapping on DC

Ryan Bair ryandbair at gmail.com
Mon Apr 28 12:18:39 MDT 2014 

I'm hoping to find another way to resolve the issue, but how did you edit
the uid and gids in idmap.ldb? According to `ldbsearch -H ldaps://localhost
cn=Account\ Operators` I already have a GID assigned.


On Fri, Apr 25, 2014 at 4:31 PM, Achim Gottinger <achim at ag-web.biz> wrote:

> Also had GPO issues related to BUILTIN Users and Groups.
> Fixed the issues with different uid's gid's beeing assigend to the by
> winbind by manually editing uid's and gid's in idmap.ldb with ldbedit.
> Tried  rid mapping for BUILDIN but it did not work on the ADDC's.
>
> achim~
>
> Am 25.04.2014 21:58, schrieb Ryan Bair:
>
>  Running 4.1.6-SerNet-RedHat-7.el6 on CentOS 6.5.
>>
>> I've been bumping my head against GPO issues and am now wondering if its
>> connected to my BUILTIN groups not mapping on my DC.
>>
>> For instance on DC:
>> sh-4.1# wbinfo --gid-info=544
>> failed to call wbcGetgrgid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for gid 544
>>
>> But on a member:
>> sh-4.1# wbinfo --gid-info=544
>> BUILTIN\administrators:x:544:
>>
>> Likewise `getent group BUILTIN\\administrators` fails on the DC.
>>
>> Any ideas?
>>
>> Here is my smb.conf:
>>
>> [global]
>>          workgroup = xxx
>>          realm = xxx
>>          netbios name = SERVER
>>          server role = active directory domain controller
>>          wins support = yes
>>          idmap_ldb:use rfc2307 = yes
>>          winbind nss info = rfc2307
>>          template shell = /bin/sh
>>          dns forwarder = x.x.x.x
>>          server services = -smb +s3fs
>>          dcerpc endpoint servers = -winreg -srvsvc
>>          vfs objects = netatalk
>>          unix extensions = no
>>          tls enabled = yes
>>          tls keyfile = tls/server_AD_DC.key
>>          tls certfile = tls/server_AD_DC.crt
>>          tls cafile = tls/xxx_CA.crt
>>
>> [netlogon]
>>          path = /var/lib/samba/sysvol/xxx/scripts
>>          read only = No
>>
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list