samba4 migration problems
Marc Muehlfeld
Marc.Muehlfeld at medizinische-genetik.de
Tue May 8 04:05:13 MDT 2012
Am 19.04.2012 15:02, schrieb Andrew Bartlett:
>> smbldap-tools create the machine-accounts when joining. The UID is
>> always high like 2136, but the sambaSID that was choosen was
>> S-1-5-21-1362721961-1801182073-732966438-40
>> For users it's calculated correct (UID * 2 + 1000)
>
> This would appear to be a very serious issue with smbldap-tools then.
I'm not sure if this is a problem in smbldap-tools. I updated my very old
0.9.4 to the latest 0.9.8-1 and still have this problem for machine accounts.
In my smb.conf I have
add machine script = /usr/sbin/smbldap-useradd -t 0 -w %u
and if I run this command by hand, the new created account doesn't have a
sambaSID entry. See screenshot
http://img27.imageshack.us/img27/2839/ldap.png
I also found old postings with the information, that samba creates the
sambaSID entry (http://lists.samba.org/archive/samba/2007-June/133330.html).
In a level 10 debug log I saw, that samba get the RID from sambaNextGroupRid
out of LDAP, which is just incremented by samba every time a new machine joins
a domain. Are machine RIDs not calculated by UID * 2 + 1000?
> If you are using ldapsam:trusted, perhaps consider ldapsam:editposix?
> Anyway, it doesn't matter much if you are moving to samba4 anyway.
So if I switch to s4, I don't have to fix the wrong RIDs?
Regards,
Marc
More information about the samba-technical
mailing list