Samba 4 server role, time sync, upgrade from alpha5 to alpha 7
Andrew Bartlett
abartlet at samba.org
Wed Mar 11 22:53:29 GMT 2009
On Wed, 2009-03-11 at 23:50 +0300, Matthieu Patou wrote:
>
> >> The technique used by my other production site was to:
> >>
> >> backup all of the existing data
> >>
> >> reprovision (over the top of the existing installation), but add the
> >> option --partitions-only to the provision script
> >>
> >> copy back the secrets.ldb from the backup
> > You'll need also to backup idmap.ldb it seems to be overwritten
> > (hkcu.ldb as well ..).
> > I would also recommend to test everything because my latests tests
> > with samba alpha7 showed some regression like: not able to
> > administrate the domain with a user in domain admin group using "AD
> > user and computers" tool.
> >
> After more research I discovered that with samba4 you must be in the
> Group Administrators (CN=Administrators,CN=Builtin,DC=....) to be able
> to use ADCU, by default the administrator account is in this group but
> simply admin an account in Domain Admins don't make the job with samba
> (but it's ok with w2k and +).
That makes a lot of sense. We don't currently unroll the groups of
groups - in particular builtin (which we presumably should not expose in
the PAC). Can you please file a bug on this (to help me keep track of
the issue).
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090312/1516ff4e/attachment.bin
More information about the samba-technical
mailing list