[Samba] Fwd: Migrating server

Rob Thoman emailthomasrob at gmail.com
Wed Mar 7 05:16:38 UTC 2018 

dn: cn=Domain Admins,ou=groups,dc=mydomain
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3936576374-1604348213-1812465911-512
sambaGroupType: 2
displayName: Domain Admins
memberUid: root
memberUid: sadmin

dn: cn=Domain Users,ou=groups,dc=mydomain
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3936576374-1604348213-1812465911-513
sambaGroupType: 2
displayName: Domain Users

dn: cn=Domain Computers,ou=groups,dc=mydomain
objectClass: top
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 515
cn: Domain Computers
description: Netbios Domain Computers accounts
sambaSID: S-1-5-21-3936576374-1604348213-1812465911-515
sambaGroupType: 2
displayName: Domain Computers


If I search for the user

ldapsearch -x cn=sadmin -b dc=mydomain
dn: uid=sadmin,ou=users,dc=mydomain
uid: sadmin
cn: sadmin
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: sambaSamAccount
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/sh
uidNumber: 1359
gidNumber: 1359
homeDirectory: /home/admin
sambaSID: S-1-5-21-3936576374-1604348213-1812465911-1006
sambaNTPassword: B8AF1F54013E322D0A02F9B9FF4B5B1F
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
 00000000
sambaAcctFlags: [U          ]
sambaPwdLastSet: 1520247253

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Tried to add the machine to the domain using the "sadmin"

Mar  6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (uid) not
indexed
Mar  6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (gidNumber)
not indexed
Mar  6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (gidNumber)
not indexed
Mar  6 00:22:28 Dozer5 slapd[5581]: <= bdb_equality_candidates: (memberUid)
not indexed
Mar  6 00:22:28 sam3dc slapd[5581]: <= bdb_equality_candidates: (gidNumber)
not indexed
Mar  6 00:22:29 sam3dc slapd[5581]: <= bdb_equality_candidates: (uid) not
indexed

[2018/03/06 00:22:29.101185,  1] auth/server_info.c:447(samu_to_SamInfo3)
  Failed to get groups from sam account.
[2018/03/06 00:22:29.101275,  0] auth/check_samsec.c:492(check_sam_security)
  check_sam_security: make_server_info_sam() failed with
'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2018/03/06 00:22:29.101322,  5] auth/auth.c:271(check_ntlm_password)
  check_ntlm_password: sam authentication for user [sundata] FAILED with
error NT_STATUS_INTERNAL_DB_CORRUPTION




On Tue, Mar 6, 2018 at 9:32 PM, Harry Jede <walk2sun at arcor.de> wrote:

> Am Dienstag, 6. März 2018, 16:42:23 CET schrieb Rob Thoman:
>
> > I have the following in the samba logs for that machine
>
> >
>
> > Failed to get groups from sam account.
>
> >
>
> >
>
> > So basically it is telling me there are issues with groups, fair
>
> > enough. What is the best way to get the groups in ldap? I have tried
>
> > the pdedit -i tdbsam -e ldapam, also have tried adding it via the
>
> > migration tools
>
> Fine you have find something I have assumed in a previous mail.
>
> Once again the command to retrieve the groups:
>
>
>
> # for s in 512 513 515 ;do ldapsearch -LLLY EXTERNAL -H ldapi:/// -b
> dc=mydomain -s sub "sambasid=S-1-5-21-2631908330-1812305667-41686038-$s";done
> 2>/dev/null
>
>
>
> This is a one liner. Between sub and " character is a space.
>
>
>
> The output should look like:
>
>
>
> dn: cn=DomainAdmins,ou=groups,dc=afrika,dc=xx
>
> objectClass: top
>
> objectClass: posixGroup
>
> objectClass: sambaGroupMapping
>
> gidNumber: 512
>
> cn: DomainAdmins
>
> memberUid: Administrator
>
> memberUid: root
>
> description: Netbios Domain Administrators
>
> sambaSID: S-1-5-21-1507708399-2130971284-2230424465-512
>
> sambaGroupType: 2
>
> displayName: Domain Admins
>
>
>
> dn: cn=DomainUsers,ou=groups,dc=afrika,dc=xx
>
> objectClass: top
>
> objectClass: posixGroup
>
> objectClass: sambaGroupMapping
>
> gidNumber: 513
>
> cn: DomainUsers
>
> description: Netbios Domain Users
>
> sambaSID: S-1-5-21-1507708399-2130971284-2230424465-513
>
> sambaGroupType: 2
>
> displayName: Domain Users
>
>
>
> dn: cn=DomainComputers,ou=groups,dc=afrika,dc=xx
>
> objectClass: top
>
> objectClass: posixGroup
>
> objectClass: sambaGroupMapping
>
> gidNumber: 515
>
> cn: DomainComputers
>
> description: Netbios Domain Computers accounts
>
> sambaSID: S-1-5-21-1507708399-2130971284-2230424465-515
>
> sambaGroupType: 2
>
> displayName: Domain Computers
>
>
>
> --
>
>
>
> Gruss
>
> Harry Jede
>

More information about the samba mailing list