[Samba] BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND

[Rowland Penny]

On Tue, 5 Sep 2017 14:45:02 +0200
L.P.H. van Belle <belle at bazuin.nl> wrote:

> Rowland, 
> 
> Are (one) these not an option for him to correct this? 
> 
>       --allocate-uid                                 Get a new UID
> out of idmap --allocate-gid                                 Get a new
> GID out of idmap --set-uid-mapping=UID,SID
> Create or modify uid to sid mapping in idmap
> --set-gid-mapping=GID,SID                      Create or modify gid
> to sid mapping in idmap
> --remove-uid-mapping=UID,SID                   Remove uid to sid
> mapping in idmap --remove-gid-mapping=GID,SID
> Remove gid to sid mapping in idmap
> --sids-to-unix-ids=Sid-List                    Translate SIDs to Unix
> IDs --unix-ids-to-sids=ID-List (u<num> g<num>)     Translate Unix IDs
> to SIDs 
> 

Don't think so, the problem seems to be that somebody thought it would
be a good idea to mess with idmap.ldb during the classicupgrade.

This from upgrade.py:

    logger.info("Adding groups")
    try:
        # Export groups to samba4 backend
        logger.info("Importing groups")
        for g in grouplist:
            # Ignore uninitialized groups (gid = -1)
            if g.gid != -1:
                add_group_from_mapping_entry(result.samdb, g, logger)
                add_ad_posix_idmap_entry(result.samdb, g.sid, g.gid, "ID_TYPE_GID", logger)
                add_posix_attrs(samdb=result.samdb, sid=g.sid,
                name=g.nt_name, nisdomain=domainname.lower(),
                xid_type="ID_TYPE_GID", logger=logger)

There is a similar one for users.

I am beginning to think that it is a BAD idea to upgrade from a PDC to
an AD DC, you would probably be better off creating a new AD domain and
exporting the users & groups to it, that way you can ensure it works as
expected.

Rowland