[Samba] Why would "net rpc rights grant" fail ?

Koenraad Lelong samba.k.lelong at ace-electronics.be
Mon Apr 14 08:01:35 MDT 2014


op 14-04-14 12:00, L.P.H. van Belle schreef:
> Ok,
>
> first you have the latest script, so thats ok.
> If only the Privileges go wrong atm then thats a "root/Administrator" thingy.
>
> but.. if its only the Privileges ( on the dc) , i would say, continue with the upgrade first.
> and when its all done, stop samba and bind
> backup /var/cache/bind  /var/cache/samba /var/lib/samba /etc/samba
> start up again and.. im guessing big time, so just try ...
>
> net rpc rights grant YOURDOMAIN\\"Domain Admins" SeDiskOperatorPrivilege -UAdministrator
> net rpc rights grant YOURDOMAIN\\"Domain Admins" SeDiskOperatorPrivilege -UYOURDOMAIN\\Administrator
> net rpc rights grant YOURDOMAIN\\"Domain Admins" SeDiskOperatorPrivilege -UYOURDOMAIN\\Adminkoen
> net rpc rights grant YOURDOMAIN\\"Domain Admins" SeDiskOperatorPrivilege -UAdminkoen
> net rpc rights grant YOURDOMAIN\\"Domain Admins" SeDiskOperatorPrivilege -Uroot
>
> and something as : ( /etc/samba/smb.conf )
> username map = /etc/samba/samba_usermapping
>
> !root = YOURDOMAIN\Administrator YOURDOMAIN\administrator
>
>
> Best regards,
>
> Louis
>
Hi,

I tried some combinations, but none work. I did set the log level to 1 
and I get this in log.samba :

[2014/04/14 15:46:43.274413,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for 
id[2]=S-1-5-21-177555115-702490737-1861429907-520: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.275186,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for 
id[3]=S-1-5-21-177555115-702490737-1861429907-572: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.275769,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for 
id[4]=S-1-5-21-177555115-702490737-1861429907-519: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.276372,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for 
id[5]=S-1-5-21-177555115-702490737-1861429907-518: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.277049,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for id[7]=S-1-1-0: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.277547,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for id[8]=S-1-5-2: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.278062,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for id[9]=S-1-5-11: NT_STATUS_NONE_MAPPED
[2014/04/14 15:46:43.278886,  1] 
../source4/winbind/idmap.c:831(idmap_sids_to_xids)
   idmapping sid_to_xid failed for id[12]=S-1-5-32-554: 
NT_STATUS_NONE_MAPPED

Does this mean anything ? In the mailinglist I found someone that 
has/had the same problem (see : samba4 classicupgrade problem idmapping 
sid_to_xid failed on 28 feb 2014).

ldbsearch -H /var/lib/samba/private/idmap.ldb -a
# record 1
dn: CN=S-1-5-21-177555115-702490737-1861429907-500
cn: S-1-5-21-177555115-702490737-1861429907-500
objectClass: sidMap
objectSid: S-1-5-21-177555115-702490737-1861429907-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-177555115-702490737-1861429907-500

# record 2
dn: CN=CONFIG
cn: CONFIG
upperBound: 4000000
lowerBound: None
xidNumber: None
distinguishedName: CN=CONFIG

# record 3
dn: CN=S-1-5-7
cn: S-1-5-7
objectClass: sidMap
objectSid: S-1-5-7
type: ID_TYPE_UID
xidNumber: 65534
distinguishedName: CN=S-1-5-7

# record 4
dn: CN=S-1-5-21-177555115-702490737-1861429907-513
cn: S-1-5-21-177555115-702490737-1861429907-513
objectClass: sidMap
objectSid: S-1-5-21-177555115-702490737-1861429907-513
type: ID_TYPE_GID
xidNumber: 100
distinguishedName: CN=S-1-5-21-177555115-702490737-1861429907-513

# returned 4 records
# 4 entries
# 0 referrals

Is this OK ?

Koenraad


More information about the samba mailing list