[Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP

Justin Zipperle justin at shaggydawg.com
Mon May 21 20:41:15 GMT 2007

On 5/21/2007 8:29 AM, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Justin Zipperle wrote:
>>> ...and everything worked well until I migrated all the user, machine,
>>> and group accounts from the old domain and the PDC went into
>>> production this morning.  Once the machine went live, I started to
>>> notice that there were significant delays when connecting to shares or
>>> viewing security on files or folders within shares from WinXP Pro SP2
>>> workstations.  When viewing security, certain builtin accounts (Domain
>>> Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and
>>> would instead show the SID...this after much delay.
> Two things.
> (a) Domain Users, etc...are not builtin groups.  BUILTIN
>     represents a specific domain (S-1-5-32)
> (b) make sure that you installed the latest schema file
>     and included eq and sub nidexes for sambaSID
> (c) group mapping entries can be view and/or modified
>     using 'net sam' and 'net groupmap'
I stand corrected :)  After verifying that I had the latest schema file, 
I found the problem by looking more closely at the data in my LDAP 
database.  Some of the SIDs didn't match the SID of the domain I had 
created.  I can only guess that I screwed something up during the 
install which caused the SID of the domain to be changed, which would 
explain why my manually created users and groups resolved and the 
smbldap-populate populated ones did not.  After I manually adjusted all 
of the SIDs back to match the domain SID, everything started working 

Thanks for the nudge!

More information about the samba mailing list