[Samba] [PATCH] Re: Changing administrator password after Samba4 classic upgrade

Andrew Bartlett abartlet at samba.org
Sat Dec 22 02:13:28 MST 2012 

On Sat, 2012-12-22 at 12:55 +1100, Andrew Bartlett wrote:
> On Thu, 2012-12-20 at 22:55 +1300, Mario Codeniera wrote:
> > I used to upgrade samba3 to samba4 with almost successful with one problem,
> > administrator can't access. As administrator, by default it is the only
> > user account that is given full control over the system.
> > 
> > My query is how to change the administrator password? we have one account
> > which can join to the samba 4 AD based on the migrated data but the problem
> > can't change the administrator or can't alter the domain.
> 
> > After that re-run the classic upgrade, and found out that the administrator
> > SID was wrong and modified to xxx-500 where xxx domain SID and modified
> > group Administrators because there are other domain SIDs.
> > 
> > *- (remove the description, displaying only the last part)
> > -
> > Importing idmap database
> > Importing groups
> > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-512,
> > groupname=Domain Admins existing_groupname=Domain Admins, Ignoring.
> > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-514,
> > groupname=Domain Guests existing_groupname=Domain Guests, Ignoring.
> > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-515,
> > groupname=Domain Computers existing_groupname=Domain Computers, Ignoring.
> > Group already exists sid=S-1-5-32-544, groupname=Administrators
> > existing_groupname=Administrators, Ignoring.
> > Group already exists sid=S-1-5-32-545, groupname=Users
> > existing_groupname=Users, Ignoring.
> > Group already exists sid=S-1-5-21-1511653421-423844657-761698953-513,
> > groupname=Domain Users existing_groupname=Domain Users, Ignoring.
> > Importing users
> > User 'Administrator' in your existing directory has SID
> > S-1-5-21-1511653421-423844657-761698953-20001, expected it to be
> > S-1-5-21-1511653421-423844657-761698953-500
> > ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception -
> > ProvisioningError: User 'Administrator' in your existing directory does not
> > have SID ending in -500
> >   File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> >     return self.run(*args, **kwargs)
> >   File
> > "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> > line 1318, in run
> >     useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
> >   File "/usr/local/samba/lib64/python2.6/site-packages/samba/upgrade.py",
> > line 889, in upgrade_from_samba3
> >     raise ProvisioningError("User 'Administrator' in your existing
> > directory does not have SID ending in -500")*
> > 
> > 
> > Finally got this with no errors, but again the administrator can't login
> > even using the kinit. As mentioned above I used to login other user in
> > Windows 7 and run the Windows Remote Administration Tools and able to check
> > the data is successfully migrated including administrator (but the problem
> > it was changed during upgrading) and I observed in the log see highlighted.
> > And every time I run the samba-tool domain classicupgrade, the Admin
> > password: (see other highlighted below) have different values (
> > >0ngHrG~IIMHZ>DhNIP    YOU<AKoN~+wPZ!Am *  * SXJ96re1=zYO* *respectively).
> 
> This is interesting, as at one point we had logic to not show these
> unused passwords. 
> 
> I've attached a patch that should do this, let me know if it makes the
> output (which I agree is very, very verbose) clearer. 

The attached corrected patch should work better.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-samba-tool-classicupgrade-Do-not-print-the-admin-pas.patch
Type: text/x-patch
Size: 1982 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20121222/098b1869/attachment.bin>

More information about the samba mailing list