samba4 migration problems
Marc Muehlfeld
Marc.Muehlfeld at medizinische-genetik.de
Thu Apr 19 06:27:30 MDT 2012
Am 19.04.2012 14:06, schrieb Andrew Bartlett:
>> Also I saw lines like
>> > Skipping wellknown rid=149 (for username=vm-02$)
>> > ...
>> > Skipping wellknown rid=150 (for username=test_member$)
>> for my machine accounts. How can I check if everything was migrated?
>
> You have allocated SIDS with RID values from the 'well known' range (<
> 1000). This is broken, and much be corrected before importing into
> Samba4, as these RIDs belong to special objects in Active Directory.
I just did a short search and through my production server. I have 132 entries
in my LDAP, where the last part of the SID < 1000. It looks like just machine
accounts are affected.
smbldap-tools create the machine-accounts when joining. The UID is always high
like 2136, but the sambaSID that was choosen was
S-1-5-21-1362721961-1801182073-732966438-40
For users it's calculated correct (UID * 2 + 1000)
> As long as your machines do not own files, changing the SID should be
> mostly harmless.
Don't I have to rejoin the machine to the domain if I change the SID? Can I
just rename it in LDAP?
Regards,
Marc
--
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780
http://www.medizinische-genetik.de
More information about the samba-technical
mailing list