[Samba] Samba on Debian 8; NT4 domain, win10
Rowland Penny
rpenny at samba.org
Mon Nov 28 14:03:38 UTC 2016
On Mon, 28 Nov 2016 14:22:00 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> NT4-PDC:
>
> # net groupmap list
> Domain Users (S-1-5-21-2940660672-4062535256-4144655499-513) -> users
> Domain-Admins (S-1-5-21-2940660672-4062535256-4144655499-512) -> root
> Klienten (S-1-5-21-2940660672-4062535256-4144655499-1010) -> klienten
>
> User pl13 is member of group "Domain Users":
>
> # pdbedit -Lv pl13
> Unix username: pl13
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-2940660672-4062535256-4144655499-2026
> Primary Group SID: S-1-5-21-2940660672-4062535256-4144655499-513
>
> This group seems not to be converted, see server after classic
> upgrade:
>
> # net groupmap list
> #
>
> -> no groups
>
> This puts all these users into some new group:
Yes, and the group is called 'Domain Users' ;-)
In AD, ALL users are members of 'Domain Users' but are not
explicitly added to the 'Domain Users' object
>
> # pdbedit -L | grep pl
>
> pl01:4294967295:
> pl02:4294967295:
> pl03:4294967295:
> pl04:4294967295:
> pl05:4294967295:
>
> while on the old server this was:
>
> # pdbedit -L | grep pl | sort
>
> pl01:501:
> pl02:502:
> pl03:503:
> pl04:504:
> pl05:505:
>
> Am I on the right track here?
>
Yes, you have found the reason why most of your users are being
ignored ;-)
in the upgrade python code, there is is this:
if entry['rid'] < 1000:
logger.info(" Skipping wellknown rid=%d (for username=%s)", entry['rid'], username)
continue
Which basically means, if the 'RID' is less than '1000', ignore and move
to next user. what I don't fully understand is why the users are
getting the '4294967295' number.
The cure, change all users RIDs to be more than '1000' before the
upgrade.
Rowland
More information about the samba
mailing list