[Samba] PDC forgot it was part of domain... "official" (ha!) samba hack around to fix...

Wed Aug 3 00:59:36 MDT 2011

Among various problems since I upgraded to 3.6 (none of which got answered
really, -- so I backgraded to 3.5.10 and started debugging from there,
considering 3.6.0 too unstable/too incompatible for 'whatever' reason...

One of the probs I had was 'root' couldn't use "net rpc" <anything> --
kept getting auth failures.

Wasn't the passwd, -- could reset it via smbpasswd, no prob, and my
normal UID could do an rpc user, but didn't have the auth to the
local files to read them (so got no results back).

Steps...
1) add self to group root
2) in /var/lib/samba and /etc/samba:
find . -gid 0 -print0|xargs -0 chmod g+rw
find . -gid 0 -type d|xargs -0 chmod g+xs

Then I noted that my 'user' could no longer auth either!
Bonus!

turned on -d10 on net rpc cmd,
Noted, it was trying to look up '*' for a pw server,

'*' doesn't resolve so well on my DNS server.

My domain name does, but it was trying to contact '*' for
a pw server instead of using itself  (this used to work before
I tried upgrading to 3.6, FWIW)...

Anyway, explicit hackaround:

added:
     passwd server=localhost

to my smb.conf.

Now the PDC is smart enough to know to look up passwords on
itself rather than going out and looking for '*', which
"wbinfo" REALLY didn't like --

lots of "*" not found messages from wbinfo...

Along with the idmap tdb format becoming incompat, (or maybe that's
the only one involved), apparently during the 'upgrade'[sic],
I didn't get the benefit of '*' added to my wbinfo...

Of course, as noted earlier, my wbinfo also doesn't seem to know about
builtin SID's either .. so am having to add them...

(writing script ...)

</tmp/domsid perl -e 'while (<>) {
printf "net groupmap add %s",$_;
}
'
/tmp/domsid:
"Administrators" sid="S-1-5-32-544" type=builtin
"Users" sid="S-1-5-32-545" type=builtin
"Domain Controllers" sid="S-1-5-32-516" type=builtin
"Guests" sid="S-1-5-32-546" type=builtin
"Power Users" sid="S-1-5-32-547" type=builtin
"Account Operators" sid="S-1-5-32-552" type=builtin
....

For some reason part of the refrain to the theme from Gilligan's Island
just popped into my head...
	"As primitive as can be...."

You'd think there'd be a better way, but ...C'est la vie...

linda
(always winning friends and influencing people...*cough* (To do what?)...)