[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins " -solved
Markus Dellermann
li-mli at gmx.net
Tue Feb 2 15:52:12 UTC 2016
Hi!
Am Dienstag, 2. Februar 2016, 13:58:59 CET schrieb Rowland penny:
> On 02/02/16 13:38, Markus Dellermann wrote:
> > Hi again,
> >
> > Am Dienstag, 2. Februar 2016, 12:09:59 CET schrieb Rowland penny:
> >> On 02/02/16 11:26, Markus Dellermann wrote:
> >>> Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny:
> >>>> On 01/02/16 22:24, Markus Dellermann wrote:
> > [....]
> >
[...]
> > I have insert 0 there now and it gave "its already assigned...
>
> No, I said *remove* the uidNumber attribute from Administrator in AD. If
Yes you have!
> I run (on a DC) 'ldbedit -e nano -H /usr/local/samba/private/sam.ldb'
> and then search for Administrator, I get this:
>
> dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Administrator
> description: Built-in account for administering the computer/domain
> instanceType: 4
> whenCreated: 20151106115615.0Z
> uSNCreated: 3545
> name: Administrator
> objectGUID: fc9d301b-d893-4cc7-8167-8d977c531afb
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> pwdLastSet: 130912845750000000
> primaryGroupID: 513
> objectSid: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> adminCount: 1
> logonCount: 0
> sAMAccountName: Administrator
> sAMAccountType: 805306368
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c
> om
> isCriticalSystemObject: TRUE
> memberOf: CN=Administrators,CN=Builtin,DC=samdom,DC=example,DC=com
> memberOf: CN=Group Policy Creator
> Owners,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Enterprise Admins,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Schema Admins,CN=Users,DC=samdom,DC=example,DC=com
> memberOf: CN=Domain Admins,CN=Users,DC=samdom,DC=example,DC=com
> userAccountControl: 66048
> accountExpires: 0
> whenChanged: 20151111112600.0Z
> uSNChanged: 5899
> distinguishedName: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
>
OK!
> If I then run 'ldbedit -e nano -H /usr/local/samba/private/idmap.ldb'
> and search for the SID-RID I obtained above, I get this:
>
> dn: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> cn: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> objectClass: sidMap
> objectSid: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
>
> The above is what maps 'Administrator' to 'root' on a DC.
>
Argh!
ldbedit -e nano -H /var/lib/samba/private/idmap.ldb
no matching records - cannot edit
Something seems to go wrong here.
To be short - i replaced to idmap.ldb from my backup now and it works!
> > I see now, there is the user "root" in ad with uid 0
> > I changed this, but maybe i should delete root from ad ?
>
> No, put root back to being uid 0
OK
> > (I think, i should have changed this before classicupgrade)
>
> Again NO.
>
> >> If I run 'getent passwd administrator' on a DC, I get:
> >>
> >> SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash
> >
> > No, nothing, hm....
> > master:~ # getent passwd administrator
> > master:~ # getent passwd Administrator
>
This doesn`t show anything yet...
> This is probably because you are messing with Administrator.
>
> Rowland
Thank you very much!
Markus
More information about the samba
mailing list