samba4 migration problems

Marc Muehlfeld Marc.Muehlfeld at medizinische-genetik.de
Thu Apr 19 06:27:30 MDT 2012


Am 19.04.2012 14:06, schrieb Andrew Bartlett:
>> Also I saw lines like
>>   >  Skipping wellknown rid=149 (for username=vm-02$)
>>   >  ...
>>   >  Skipping wellknown rid=150 (for username=test_member$)
>> for my machine accounts. How can I check if everything was migrated?
>
> You have allocated SIDS with RID values from the 'well known' range (<
> 1000).  This is broken, and much be corrected before importing into
> Samba4, as these RIDs belong to special objects in Active Directory.

I just did a short search and through my production server. I have 132 entries 
in my LDAP, where the last part of the SID < 1000. It looks like just machine 
accounts are affected.

smbldap-tools create the machine-accounts when joining. The UID is always high 
like 2136, but the sambaSID that was choosen was 
S-1-5-21-1362721961-1801182073-732966438-40
For users it's calculated correct (UID * 2 + 1000)



> As long as your machines do not own files, changing the SID should be
> mostly harmless.

Don't I have to rejoin the machine to the domain if I change the SID? Can I 
just rename it in LDAP?




Regards,
Marc




-- 
Marc Muehlfeld (IT-Leiter)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-780
http://www.medizinische-genetik.de


More information about the samba-technical mailing list