On Fri, 26 Oct 2018 16:23:32 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> > > Il 26/10/2018 15:59, Rowland Penny via samba ha scritto: > > Did you test the upgrade process in a separate network ? > yes i have installed 2 new vm with centos 7 from dvd > > Did you carry out the upgrade on the original PDC or on a new > > computer ? > i used 2 new computer with a fresh install and without samba > > You say you compiled Samba yourself, was an earlier OS version of > > Samba installed and if so, did you alter $PATH so your your new > > Samba was found first ? > no samba installed before > > Did you check for duplicate SID's ? > yes > > Did you check if any of your users had a RID less than '1000' ? > mmmmm > > Did you check for usernames that were also being used as group > > names. > yes, i renamed all group with g_ because all old users had one group > with same name > > > > If this was a new computer, did you transfer all the old databases > > from the old PDC to the new computer ? > yes i followed classciupgrade from wiki.samba.org > > Did you run the upgrade as 'root' ? > yes > > Was the output from the upgrade similar to the example on the wiki > > page, without errors ? > yes > > if you want, i can destroy my domain and set up new one from scratchThe one question I didn't ask was, did your old PDC have users and groups, but I think you answered that by saying you renamed the user groups. OK, two further ldbsearches: ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=*)(uidNumber=*))' uidNumber | grep uidNumber | awk '{print $NF}' ldbsearch -H ldap://$(hostname -s) -k yes -P '(&(samaccountname=*)(gidNumber=*))' gidNumber | grep gidNumber | awk '{print $NF}' They should both print a string of numbers, if either doesn't then there is your problem, but why, is another question. Rowland
thank you for your comprehension Il 26/10/2018 16:40, Rowland Penny via samba ha scritto:> OK, two further ldbsearches: > > ldbsearch -Hldap://$(hostname -s) -k yes -P > '(&(samaccountname=*)(uidNumber=*))' uidNumber | grep uidNumber | awk > '{print $NF}'1289 1690 673 1613 1527 1661 1542 822 1280 647 596 1699 650 1766 592 1674 629 1127 1065 966 & more,more,more,more :-)> > ldbsearch -Hldap://$(hostname -s) -k yes -P > '(&(samaccountname=*)(gidNumber=*))' gidNumber | grep gidNumber | awk > '{print $NF}'736 501 767 501 501 759 615 729 669 603 611 1239 681 618 713 553 690 757 501 501 679 501 528 517 501 more,more,more> They should both print a string of numbers, if either doesn't then > there is your problem, but why, is another question.i have many numbers :-) -- *Corrado Ravinetto * Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 Lanificio F.lli CERRUTI *Lanificio F.lli Cerruti S.p.A. * Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> Twitter <https://twitter.com/Lan_Cerruti> Facebook <https://www.facebook.com/LanificioCerruti> Instagram <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary
On Fri, 26 Oct 2018 16:47:52 +0200 Corrado Ravinetto via samba <samba at lists.samba.org> wrote:> thank you for your comprehension > > Il 26/10/2018 16:40, Rowland Penny via samba ha scritto: > > OK, two further ldbsearches: > > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=*)(uidNumber=*))' uidNumber | grep uidNumber | > > awk '{print $NF}' > 1289 > 1690 > 673 > 1613 > 1527 > 1661 > 1542 > 822 > 1280 > 647 > 596 > 1699 > 650 > 1766 > 592 > 1674 > 629 > 1127 > 1065 > 966 > > & more,more,more,more :-) > > > > ldbsearch -Hldap://$(hostname -s) -k yes -P > > '(&(samaccountname=*)(gidNumber=*))' gidNumber | grep gidNumber | > > awk '{print $NF}' > 736 > 501 > 767 > 501 > 501 > 759 > 615 > 729 > 669 > 603 > 611 > 1239 > 681 > 618 > 713 > 553 > 690 > 757 > 501 > 501 > 679 > 501 > 528 > 517 > 501 > > more,more,more > > They should both print a string of numbers, if either doesn't then > > there is your problem, but why, is another question. > i have many numbers :-) >Thank goodness, but why does Domain Users not seem to have a gidNumber ? Anyway, no problem ;-) On the DC (note, replace 'dc4' with your DC short hostname ldbedit -e nano -H ldap://dc4 -U Administrator Enter Administrators password when prompted. Press the 'Ctrl' and 'w' keys together enter the search: dn: CN=Domain Users check for a line in the object that starts 'gidNumber', there shouldn't be one. Add this one anywhere in the object: gidNumber: 513 Press 'Ctrl' and 'x' together, press 'y' when prompted Now go to the Unix domain member and open smb.conf in an editor, change the low range on the DOMAIN 'idmap config' line to '500', restart Samba, run 'net cache flush' and check a user again. Rowland