[Samba] Migration from samba-3.0.21b-i486 to samba-3.0.27a-x86_64 corrupts root group mapping

Adam Williams awilliam at mdah.state.ms.us
Thu Jun 25 20:34:18 GMT 2009

fix the sid with net setlocalsid and net setdomainsid.  change the 
primary group SID with net groupmap, or if you use ldap, you can fix it 
in your ldap tree.

damjanster wrote:
> Hello.
> I went and copied the config files from <source>/etc/samba/* and
> <source>/var/cache/samba/* to the target server and deleted the browse.dat
> and wins.dat files. The source and target servers have different IPs and
> hostnames, so we use "netbios alias". This has worked fine a couple of years
> ago. Now after all files have been copied, the old server shut down and the
> new samba in place there are several differences between the systems:
> $pdbedit -vL root
> ------------------------
> Unix username:        root
> NT username:
> Account Flags:        [U          ]
> User SID:             S-1-5-21-528702806-1563566892-1083768929-1000
> Primary group for user root is a Local Group and not a domain group
> Primary Group SID:    S-1-5-21-528702806-1563566892-1083768929-513
> -------------------------
> the Primary Group SID is wrong. It should end with 512 (Domain Admins) -
> here it becomes -513 (Users) - all the permissions are therefor corrupt - no
> admin can login via windows XP clients.
> I have a test server where I've put all the linux user/group files from the
> source server and tried to place the same samba server there, but the result
> is exactly the same.
> net getlocalsid doesn't work on the source server (previously migrated from
> even older server)
> net getlocalsid <DOMAINNAME> returns the same value on source and target
> servers.
> net groupmap list shows a lot more groups on source server then target.
> What else can I try? 

More information about the samba mailing list