Samba4 primaryGroupID problem

steve steve at
Wed May 2 11:44:12 MDT 2012

On 02/05/12 17:24, Matthias Dieter Wallnöfer wrote:
> Hi steve,
> the question is how you are performing the modifications. It seems that
> somehow our SAMDB LDB modules get omitted.
> Could it be that you are using operations like "ldbmodify"/"ldbedit" -H
> /usr/local/samba/private/sam.ldb.d/<something>.ldb? The files under
> "sam.ldb.d" are the real (internal) data files of our AD-like database
> and should *never* be accessed directly unless you know what you are doing.
> Hence please always access using the "sam.ldb" file directly under the
> "private" directory (as "root") or the IP address with administrator
> user+password as a "-H" parameter. For other name contexts (schema,
> configuration) you need to provide the appropriate "-b" argument as well.
> Summed up it is a serious issue. You might also try to do a complete s4
> rebuild if the problem persists.
> Cheers,
> Matthias Wallnöfer
Hi Matthias

We're not accessing files in sam.ldb.d

The LDAP is accessed in as correct a way as possible:

ldbmodify --url=ldap://$host --krb5-ccache=$ccache
dn: cn=$2,cn=Users,$basedn
changetype: modify
replace: primaryGroupID
primaryGroupID: $primarygid

I think that's the correct way.

examples would be:
$ccache /tmp/krb5cc_0
$2 steve2
$basedn dc=hh3,dc=site
$primarygid 1118 (cut as the last field of the SID of laser)

The primaryGroupID is changed fine. It's just worrying to have to run 
dbcheck --fix afterward.

Reproduced on two separate builds: Ubuntu 12.04, of 2 days ago and 
openSUSE 12.1 built over 2 weeks ago. I shall try new git and rebuild too.


More information about the samba-technical mailing list