[Samba] 3.x to 4.x (classic PDC) migration & group mapping problems
mike at musicplace.com
Mon Dec 29 19:04:22 MST 2014
Hi Samba wizards! Thanks in advance for your support!
I am working on migrating an existing Samba 3.x PDC to new hardware,
Samba 4.x and, eventually, LDAP.
I'm finding out in the process that I don't understand it at all :-)
Old configuration was 3.x as PDC, with tdbsam backend. Both NIS and
winbind are running on the same server (as well as smb and nmb of course).
Since I want the 4.x server role = "classic primary domain controller",
I started by copying over all the TDBs, secrets, and smb.conf file. It
is basicall working (for linux and win authentication) but once logged
in, the available user rights are bizarre.
My immediate problem (I think :) is manifest by the fact that:
* wbinfo --group-info anygroup
correctly returns the group name and membership, but *always* gives the
GID as "4294967295", and that's not even a valid group ID. Also, not
* wbinfo --gid-to-sid xxx
always fails for any valid GID, including the "4294967295" value.
Obviously my group mapping is hosed, but I'm not sure where to start.
Is the 4294967295 number some well known id that may be giving me a hint?
Any tips on how to troubleshoot this problem?
More information about the samba