[Samba] 3.x to 4.x (classic PDC) migration & group mapping problems

Mike Morris mike at musicplace.com
Mon Dec 29 19:04:22 MST 2014

Hi Samba wizards! Thanks in advance for your support!

I am working on migrating an existing Samba 3.x PDC to new hardware, 
Samba 4.x and, eventually, LDAP.

I'm finding out in the process that I don't understand it at all :-)

Old configuration was 3.x as PDC, with tdbsam backend. Both NIS and 
winbind are running on the same server (as well as smb and nmb of course).

Since I want the 4.x server role = "classic primary domain controller", 
I started by copying over all the TDBs, secrets, and smb.conf file. It 
is basicall working (for linux and win authentication) but once logged 
in, the available user rights are bizarre.

My immediate problem (I think :) is manifest by the fact that:

  * wbinfo --group-info anygroup

correctly returns the group name and membership, but *always* gives the 
GID as "4294967295", and that's not even a valid group ID. Also, not 

  * wbinfo --gid-to-sid xxx

always fails for any valid GID, including the "4294967295" value.

Obviously my group mapping is hosed, but I'm not sure where to start.

Is the 4294967295 number some well known id that may be giving me a hint?

Any tips on how to troubleshoot this problem?

Thanks again,


More information about the samba mailing list