[Samba] Why would "net rpc rights grant" fail ?
Rowland Penny
rowlandpenny at googlemail.com
Thu Apr 17 03:05:59 MDT 2014
On 17/04/14 09:24, Koenraad Lelong wrote:
> op 14-04-14 17:55, Rowland Penny schreef:
>
>>>
>> Hmm, I wonder if the classicupgrade got confused here ? you should have
>> 'CN=Administrators,CN=Builtin,DC=example,DC=com'
>>
>> Any chance of you posting a sanitized version of the administrator group
>> from your AD dump ?
>>
>> Rowland
>>
> Hi,
>
> If you mean a dump of the new AD-server, that should be no problem if
> you can point me to some information about what data is confidential.
> I'll sanitize it.
>
> Koenraad.
>
If you run this command (replacing 'DC=example,DC=com' with your suffix
and assuming that sam.ldb is in /var/lib/samba/private/) :
ldbsearch --show-binary -H /var/lib/samba/private/sam.ldb -b
CN=Administrators,CN=Builtin,DC=example,DC=com -s sub "(objectclass=*)"
You should get somthing similar to this:
# record 1
dn: CN=Administrators,CN=Builtin,DC=example,DC=com
objectClass: top
objectClass: group
cn: Administrators
description: Administrators have complete and unrestricted access to the
computer/domain
member: CN=Domain Admins,CN=Users,DC=example,DC=com
member: CN=Enterprise Admins,CN=Users,DC=example,DC=com
member: CN=Administrator,CN=Users,DC=example,DC=com
instanceType: 4
whenCreated: 20140410144023.0Z
whenChanged: 20140410144023.0Z
uSNCreated: 3562
uSNChanged: 3562
name: Administrators
objectGUID: 56e40a37-9aae-4819-b645-2774fb568c56
objectSid: S-1-5-32-544
adminCount: 1
sAMAccountName: Administrators
sAMAccountType: 536870912
systemFlags: -1946157056
groupType: -2147483643
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com
isCriticalSystemObject: TRUE
distinguishedName: CN=Administrators,CN=Builtin,DC=example,DC=com
And no, my suffix is not 'DC=example,DC=com' ;-)
Rowland
More information about the samba
mailing list