[Samba] Why would "net rpc rights grant" fail ?

Koenraad Lelong samba.k.lelong at ace-electronics.be
Thu Apr 17 07:50:26 MDT 2014


op 17-04-14 12:07, Rowland Penny schreef:
> OK, I take it that you have not altered the Administrators group
> yourself, all you have done is run 'samba-tool domain classicupgrade',
> is this correct ?
Yes, that's correct.

>
> If this is correct, then somehow the group 'nobody' on the old server
> with the gid of '65533' has got mapped to your Administrators group.
>
Shouldn't I (try to) correct the source of the error then ? Since it's a 
virtual test-environment, I can go back and try again with new data.
How to correct it is of course an other matter.

> I would suggest that you remove the following from your Administrators
> group:
>
> objectClass: posixGroup
> gidNumber: 65533
> msSFU30NisDomain: ace_domain
>
> You can do this with ldbedit:
>
> ldbedit -e nano -H /var/lib/samba/private/sam.ldb
>
> Search for
> 'CN=Administrators,CN=Builtin,DC=ad01,DC=ace-electronics,DC=be' and then
> just delete them.
>
> then run 'samba-tool ntacl sysvolreset'
>
> Hopefully, this should reset the ownership of sysvol to what it should be.
>
> Rowland

In another post you said I lack a bunch of groups. So that has to be 
fixed also. This also suggests that my classicupgrade did not go like it 
should.

As an experiment I'm going to try to modify that guid.

Koenraad



More information about the samba mailing list