[Samba] Upgrading from 3.0.23 but group_mapping.tdb is empty on current config

sgbarrett at eircom.net sgbarrett at eircom.net
Mon Jan 24 10:12:04 MST 2011 

Hi all,

I've done a serious amount of reading around this but I still can't figure out the implications of what I'm seeing.

I have inherited a CentOS 4 Samba 3.0.23 PDC & file server for 40 hosts that has been through the wars.  It is standalone and stable and uses the smbpasswd file authentication backend, however I need to upgrade for Windows 7 support.

I intend to build a server from scratch to the latest packages in CentOS 5 (3.3.8), set an identical local SID for the domain name, bring across the smbpasswd file and then migrate to a tdbsam passdb when I am confident that there are no issues.  

In practically every Samba PDC guide I have read it says that I need to map the Windows domain groups to unix groups.  On the current server, the net groupmap list command does not return any output.  Running 'strings' against /var/lib/samba/group_mapping.tdb shows the following entries:

# strings group_mapping.tdb
TDB file
&INFO/version
BBB0
UNIXGROUP/S-1-5-32-544
Administrators
&UNIXGROUP/S-1-5-32-545
Users
UNIXGROUP/S-1-5-32-546
Guests
&UNIXGROUP/S-1-5-32-547
Power Users
&UNIXGROUP/S-1-5-32-548
Account Operators
UNIXGROUP/S-1-5-32-549
System Operators
BBBP
&UNIXGROUP/S-1-5-32-550
Print Operators
&UNIXGROUP/S-1-5-32-551
Backup Operators
BBBP
UNIXGROUP/S-1-5-32-552
Replicators
&UNIXGROUP/S-1-5-21-2805943957-1905505361-2100739042-512
Domain Admins
&UNIXGROUP/S-1-5-21-2805943957-1905505361-2100739042-513
Domain Users
UNIXGROUP/S-1-5-21-2805943957-1905505361-2100739042-514
Domain Guests
&UNIXGROUP/S-1-5-21-3753518464-2681452192-3078135741-512
Domain Admins
UNIXGROUP/S-1-5-21-3753518464-2681452192-3078135741-513
Domain Users
&UNIXGROUP/S-1-5-21-3753518464-2681452192-3078135741-514
Domain Guests
&UNIXGROUP/S-1-5-21-4236374240-3432822334-3570386938-512
Domain Admins
UNIXGROUP/S-1-5-21-4236374240-3432822334-3570386938-513
Domain Users
&UNIXGROUP/S-1-5-21-4236374240-3432822334-3570386938-514
Domain Guests

That suggests to me that the group_mapping.tdb file has entries for three different domains for the groups Domain Admins, Domain Users and Domain Guests, but that none of them is my domain.  Is this correct?  We are not running any other domains here.

I also think that I will need to map Windows groups to unix groups on the new server.  Will this cause any trouble, given that the Windows machines aren't expecting it?  Currently no domain groups are available in Windows.  Access to the shares is managed at the Linux filesystem level with 'valid users' flags in the share options.

Should I start from scratch with an identical PDC SID, or will that cause other problems?

Best regards,

Simon Barrett

-----------------------------------------------------------------
Find the home of your dreams with eircom net property
Sign up for email alerts now http://www.eircom.net/propertyalerts

More information about the samba mailing list