Samba4 primaryGroupID problem
steve at steve-ss.com
Wed May 2 11:44:12 MDT 2012
On 02/05/12 17:24, Matthias Dieter Wallnöfer wrote:
> Hi steve,
> the question is how you are performing the modifications. It seems that
> somehow our SAMDB LDB modules get omitted.
> Could it be that you are using operations like "ldbmodify"/"ldbedit" -H
> /usr/local/samba/private/sam.ldb.d/<something>.ldb? The files under
> "sam.ldb.d" are the real (internal) data files of our AD-like database
> and should *never* be accessed directly unless you know what you are doing.
> Hence please always access using the "sam.ldb" file directly under the
> "private" directory (as "root") or the IP address with administrator
> user+password as a "-H" parameter. For other name contexts (schema,
> configuration) you need to provide the appropriate "-b" argument as well.
> Summed up it is a serious issue. You might also try to do a complete s4
> rebuild if the problem persists.
> Matthias Wallnöfer
We're not accessing files in sam.ldb.d
The LDAP is accessed in as correct a way as possible:
ldbmodify --url=ldap://$host --krb5-ccache=$ccache
I think that's the correct way.
examples would be:
$primarygid 1118 (cut as the last field of the SID of laser)
The primaryGroupID is changed fine. It's just worrying to have to run
dbcheck --fix afterward.
Reproduced on two separate builds: Ubuntu 12.04, of 2 days ago and
openSUSE 12.1 built over 2 weeks ago. I shall try new git and rebuild too.
More information about the samba-technical