[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins "
li-mli at gmx.net
Tue Feb 2 13:38:36 UTC 2016
Am Dienstag, 2. Februar 2016, 12:09:59 CET schrieb Rowland penny:
> On 02/02/16 11:26, Markus Dellermann wrote:
> > Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny:
> >> On 01/02/16 22:24, Markus Dellermann wrote:
> Ok, there are two schools of thought here, you can give Administrator a
> uidNumber attribute, but this, as far as Unix is concerned, turns
> 'Administrator' into just another user, with no more privileges than any
> other Unix user.
> What I use on a domain member and recommend, is the use of the user
> mapping in smb.conf, with this 'Administrator' becomes 'root' and as
> such, has all the privileges of 'root'.
Yes, so it is here alright on my members..
> However, you are trying to do something on a DC and you shouldn't use
> the name mapping, as this should be done for you in idmap.ldb. I suggest
> you remove any users that appear in /etc/passwd, such as administrator,
> that are also in AD, I would also remove the uidNumber attribute from
> 'Administrator' in AD.
> This should then reset 'Administrator' to '0'
I have insert 0 there now and it gave "its already assigned...
I see now, there is the user "root" in ad with uid 0
I changed this, but maybe i should delete root from ad ?
(I think, i should have changed this before classicupgrade)
> If I run 'getent passwd administrator' on a DC, I get:
No, nothing, hm....
master:~ # getent passwd administrator
master:~ # getent passwd Administrator
master:~ # pdbedit -Lv administrator
Unix username: Administrator
Account Flags: [U ]
User SID: S-1-5-21-855155194-824588496-1214258294-500
Primary Group SID: S-1-5-21-855155194-824588496-1214258294-513
Home Directory: \\samba\home\administrator
HomeDir Drive: H:
Profile Path: \\samba\profiles\administrator\.msprofile
Account desc: Built-in account for administering the computer/domain
Logon time: Di, 02 Feb 2016 11:38:16 CET
Logoff time: 0
Kickoff time: Do, 14 Sep 30828 04:48:05 CEST
Password last set: Mi, 30 Sep 2015 19:23:24 CEST
Password can change: Mi, 30 Sep 2015 19:23:24 CEST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
master:~ # wbinfo -i administrator
"samba_upgradedns --dns-backend=BIND9_DLZ" still doesnt work
> but if run the same command on a domain member, I get nothing.
More information about the samba