[Samba] BUIILTIN accounts with Samba 3.0.24 + LDAP
Justin Zipperle
justin at shaggydawg.com
Mon May 21 20:41:15 GMT 2007
On 5/21/2007 8:29 AM, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Justin Zipperle wrote:
>
>>> ...and everything worked well until I migrated all the user, machine,
>>> and group accounts from the old domain and the PDC went into
>>> production this morning. Once the machine went live, I started to
>>> notice that there were significant delays when connecting to shares or
>>> viewing security on files or folders within shares from WinXP Pro SP2
>>> workstations. When viewing security, certain builtin accounts (Domain
>>> Users, Domain Admins, etc) wouldn't resolve to their DisplayNames and
>>> would instead show the SID...this after much delay.
>>>
>
> Two things.
>
> (a) Domain Users, etc...are not builtin groups. BUILTIN
> represents a specific domain (S-1-5-32)
> (b) make sure that you installed the latest schema file
> and included eq and sub nidexes for sambaSID
> (c) group mapping entries can be view and/or modified
> using 'net sam' and 'net groupmap'
>
>
I stand corrected :) After verifying that I had the latest schema file,
I found the problem by looking more closely at the data in my LDAP
database. Some of the SIDs didn't match the SID of the domain I had
created. I can only guess that I screwed something up during the
install which caused the SID of the domain to be changed, which would
explain why my manually created users and groups resolved and the
smbldap-populate populated ones did not. After I manually adjusted all
of the SIDs back to match the domain SID, everything started working
properly.
Thanks for the nudge!
-Justin
More information about the samba
mailing list