[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins "

Markus Dellermann li-mli at gmx.net
Tue Feb 2 13:38:36 UTC 2016 

Hi again,

Am Dienstag, 2. Februar 2016, 12:09:59 CET schrieb Rowland penny:
> On 02/02/16 11:26, Markus Dellermann wrote:
> > Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny:
> >> On 01/02/16 22:24, Markus Dellermann wrote:
[....]
> Ok, there are two schools of thought here, you can give Administrator a
> uidNumber attribute, but this, as far as Unix is concerned, turns
> 'Administrator' into just another user, with no more privileges than any
> other Unix user.
> 
> What I use on a domain member and recommend, is the use of the user
> mapping in smb.conf, with this 'Administrator' becomes 'root' and as
> such, has all the privileges of 'root'.
> 
Yes, so it is here alright on my members..

> However, you are trying to do something on a DC and you shouldn't use
> the name mapping, as this should be done for you in idmap.ldb. I suggest
> you remove any users that appear in /etc/passwd, such as administrator,
> that are also in AD, I would also remove the uidNumber attribute from
> 'Administrator' in AD.
OK
> 
> This should then reset 'Administrator' to '0'
> 
I have insert 0 there now and it gave "its already assigned...
I see now, there is the user "root" in ad with uid 0
I changed this, but maybe i should delete root from ad ?
(I think, i should have changed this before classicupgrade)
> If I run 'getent passwd administrator' on a DC, I get:
> 
> SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash
> 
No, nothing, hm....
master:~ # getent passwd administrator
master:~ # getent passwd Administrator

master:~ # pdbedit -Lv administrator
Unix username:        Administrator
NT username:          
Account Flags:        [U          ]
User SID:             S-1-5-21-855155194-824588496-1214258294-500
Primary Group SID:    S-1-5-21-855155194-824588496-1214258294-513
Full Name:            
Home Directory:       \\samba\home\administrator
HomeDir Drive:        H:
Logon Script:         
Profile Path:         \\samba\profiles\administrator\.msprofile
Domain:               
Account desc:         Built-in account for administering the computer/domain
Workstations:         
Munged dial:          
Logon time:           Di, 02 Feb 2016 11:38:16 CET
Logoff time:          0
Kickoff time:         Do, 14 Sep 30828 04:48:05 CEST
Password last set:    Mi, 30 Sep 2015 19:23:24 CEST
Password can change:  Mi, 30 Sep 2015 19:23:24 CEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

master:~ # wbinfo -i administrator
4MA3MA\administrator:*:10000:10004::/home/4MA3MA/administrator:/bin/false


"samba_upgradedns --dns-backend=BIND9_DLZ" still doesnt work

> but if run the same command on a domain member, I get nothing.
> 
Yes!

> Rowland

Markus

More information about the samba mailing list