[Samba] classicupgrade migration issues

Sonic sonicsmith at gmail.com
Fri Mar 18 17:25:37 UTC 2016 

On Fri, Mar 18, 2016 at 12:01 PM, Rowland penny <rpenny at samba.org> wrote:
> The Domain group is found and checked for users and none are found, could
> this be because the users are actually members of the Unix group that is
> mapped to the Samba group i.e the Samba group has no members.

Correct me if I'm wrong but in the old PDC world Samba users and
groups were all members of the underlying Unix system. You couldn't
add a user to Samba unless they existed as a Unix user. Similarly with
groups. And groupmap mapped Samba groups to Unix groups. So in the
case shown the domain group "Assistants" is mapped to the Unix group
"asst". Perfectly normal. And adding any user using 'nix tools to the
'nix group makes them members of the mapped Samba Domain group as well
- isn't this the point of group mapping?

In the original PDC the Samba Domain group "Assistants" clearly
exists, as well as its mapped 'nix counterpart "asst". And every
member of "asst" is automatically a member of "Assistants" due to the
group mapping.

And indeed on the PDC:
==========================================
# net rpc user info usernameX
Accounting
Assistants
Domain Users
Print Operators
Office
Projects
==========================================
clearly shows any usernameX as members of their respective domain
groups (due to group mapping).

So why does the migration report it ignores these groups? Yet they do
actually exist after the migration. However, they have no members:
==========================================
# samba-tool group listmembers 'Assistants' |wc -l
0
==========================================
All of the ignored groups do get migrated yet even though they all
have members in the PDC none of them have any members after the
migration.
BTW, I think that "samba-tool group listmembers NONEXISTENTGROUP"
should output that the group doesn't exist.

And, as posted earlier, why do I appear to have all of the users in
the "Domain Users" and "Domain Computers" groups:
==========================================
# samba-tool group listmembers 'Domain Users' |wc -l
270
# samba-tool group listmembers 'Domain Computers' |wc -l
35
==========================================
and
yet only 5 shown (username*) using the following command.
==========================================
# samba-tool user list
Administrator
dns-kwad
usernameone
usernametwo
usernamethree
krbtgt
usernamefour
Guest
usernamefive
root
==========================================

What are the ramifications of the above? When is user not a user? What
does it mean to be a member of "Domain Users" yet not listed in the
Samba user list after the migration?

And most of all what is the fix or workaround?

Thanks again.

Chris

More information about the samba mailing list