[Samba] clarify issues on joining Samba PDC, machines, RIDs,

John H Terpstra jht at samba.org
Thu Nov 6 22:00:54 GMT 2003 

On Thu, 6 Nov 2003, jonlists wrote:

> I'm running into issues trying to configure a server to be a Samba PDC in
> a small network that contains only Win2k/XP workstations. This will be
> going into an environment where there are no Windows server. There is a
> pre-existing Samba server that will be replaced, but it'll be easier to
> recreate user accounts than attempt migration (there were no machine
> accounts).
>
> Due to time/budget - we're not integrating this one with LDAP. We'll be
> sticking with smbpasswd. I'd like clarification on some things:
>
> - I did the net groupmap add commands, attempting to map a unix-created
> group - ntadmin - to the "Domain Admins" group. However, when i do a
> groupmap list, I get a double listing for the group, as is shown below.
>
> Domain Admins (S-1-5-21-4140922544-3110978470-4188555357-2005) -> ntadmin
> Domain Admins (S-1-5-21-4140922544-3110978470-4188555357-512) -> -1
>
> I assume this will cause problems when attempting to join machines to the
> domain, as one or the other SID will be recognized as a member of domain
> admins.
>
> Am I correct, and if so, how do I fix this?

Correct. You just hosed things here. To fix:

net groupmap delete ntgroup="Domain Admins"
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmin

>
> - If someone goes in and deletes the unix user - say "jimmy" without using
> pdbedit or the samba tools, pdbedit later complains that "jimmy" no longer
> exists, but will not allow me to delete him using "pdbedit -r". How can I
> clean this up so that "jimmy" can be fixed - I'm not finding any info on
> how to rebuild or fix the samba information. (Administration of this
> system will be turned over to someone else, and I need to be sure I can
> help them fix if they do this).

Add to your smb.conf [globals]
	passdb backend = tdbsam smbpasswd

Run:
	pdbedit -i tdbsam -e smbpasswd

Edit your the smbpasswd file to remove the dead entries.
Remove the passdb.tdb file.

Run:
	pdbedit -i smbpasswd -e tdbsam

Edit smb.conf to have:

	passdb backend = tdbsam

Delete the smbpasswd file.

Done.


- John T.
-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list