[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins " -solved

Markus Dellermann li-mli at gmx.net
Tue Feb 2 15:52:12 UTC 2016


Hi!
Am Dienstag, 2. Februar 2016, 13:58:59 CET schrieb Rowland penny:
> On 02/02/16 13:38, Markus Dellermann wrote:
> > Hi again,
> > 
> > Am Dienstag, 2. Februar 2016, 12:09:59 CET schrieb Rowland penny:
> >> On 02/02/16 11:26, Markus Dellermann wrote:
> >>> Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny:
> >>>> On 01/02/16 22:24, Markus Dellermann wrote:
> > [....]
> > 
[...]
> > I have insert 0 there now and it gave "its already assigned...
> 
> No, I said *remove* the uidNumber attribute from Administrator in AD. If
Yes you have!
> I run (on a DC) 'ldbedit -e nano -H /usr/local/samba/private/sam.ldb'
> and then search for Administrator, I get this:
> 
> dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Administrator
> description: Built-in account for administering the computer/domain
> instanceType: 4
> whenCreated: 20151106115615.0Z
> uSNCreated: 3545
> name: Administrator
> objectGUID: fc9d301b-d893-4cc7-8167-8d977c531afb
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> pwdLastSet: 130912845750000000
> primaryGroupID: 513
> objectSid: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> adminCount: 1
> logonCount: 0
> sAMAccountName: Administrator
> sAMAccountType: 805306368
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c
>   om
> isCriticalSystemObject: TRUE
> memberOf: CN=Administrators,CN=Builtin,DC=samdom,DC=example,DC=com
> memberOf: CN=Group Policy Creator
> Owners,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
> userAccountControl: 66048
> accountExpires: 0
> whenChanged: 20151111112600.0Z
> uSNChanged: 5899
> distinguishedName: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
> 
OK!
> If I then run 'ldbedit -e nano -H /usr/local/samba/private/idmap.ldb'
> and search for the SID-RID I obtained above, I get this:
> 
> dn: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> cn: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> objectClass: sidMap
> objectSid: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> 
> The above is what maps 'Administrator' to 'root' on a DC.
> 
Argh!

ldbedit -e nano -H  /var/lib/samba/private/idmap.ldb        
no matching records - cannot edit

Something seems to go wrong here.
To be short - i replaced to idmap.ldb from my backup now and it works!

> > I see now, there is the user "root" in ad with uid 0
> > I changed this, but maybe i should delete root from ad ?
> 
> No, put root back to being uid 0

OK
> > (I think, i should have changed this before classicupgrade)
> 
> Again NO.
> 
> >> If I run 'getent passwd administrator' on a DC, I get:
> >> 
> >> SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash
> > 
> > No, nothing, hm....
> > master:~ # getent passwd administrator
> > master:~ # getent passwd Administrator
> 
This doesn`t show anything yet...
> This is probably because you are messing with Administrator.
> 
> Rowland
Thank you very much!

Markus




More information about the samba mailing list