damjanster
2009-Jun-24 18:54 UTC
[Samba] Migration from samba-3.0.21b-i486 to samba-3.0.27a-x86_64 corrupts root group mapping
Hello. I went and copied the config files from <source>/etc/samba/* and <source>/var/cache/samba/* to the target server and deleted the browse.dat and wins.dat files. The source and target servers have different IPs and hostnames, so we use "netbios alias". This has worked fine a couple of years ago. Now after all files have been copied, the old server shut down and the new samba in place there are several differences between the systems: $pdbedit -vL root ------------------------ Unix username: root NT username: Account Flags: [U ] User SID: S-1-5-21-528702806-1563566892-1083768929-1000 Primary group for user root is a Local Group and not a domain group Primary Group SID: S-1-5-21-528702806-1563566892-1083768929-513 ------------------------- the Primary Group SID is wrong. It should end with 512 (Domain Admins) - here it becomes -513 (Users) - all the permissions are therefor corrupt - no admin can login via windows XP clients. I have a test server where I've put all the linux user/group files from the source server and tried to place the same samba server there, but the result is exactly the same. net getlocalsid doesn't work on the source server (previously migrated from even older server) net getlocalsid <DOMAINNAME> returns the same value on source and target servers. net groupmap list shows a lot more groups on source server then target. What else can I try? -- View this message in context: http://www.nabble.com/Migration-from-samba-3.0.21b-i486-to-samba-3.0.27a-x86_64-corrupts-root-group-mapping-tp24182571p24182571.html Sent from the Samba - General mailing list archive at Nabble.com.
Adam Williams
2009-Jun-25 20:33 UTC
[Samba] Migration from samba-3.0.21b-i486 to samba-3.0.27a-x86_64 corrupts root group mapping
fix the sid with net setlocalsid and net setdomainsid. change the primary group SID with net groupmap, or if you use ldap, you can fix it in your ldap tree. damjanster wrote:> Hello. > > I went and copied the config files from <source>/etc/samba/* and > <source>/var/cache/samba/* to the target server and deleted the browse.dat > and wins.dat files. The source and target servers have different IPs and > hostnames, so we use "netbios alias". This has worked fine a couple of years > ago. Now after all files have been copied, the old server shut down and the > new samba in place there are several differences between the systems: > $pdbedit -vL root > ------------------------ > Unix username: root > NT username: > Account Flags: [U ] > User SID: S-1-5-21-528702806-1563566892-1083768929-1000 > Primary group for user root is a Local Group and not a domain group > Primary Group SID: S-1-5-21-528702806-1563566892-1083768929-513 > ------------------------- > the Primary Group SID is wrong. It should end with 512 (Domain Admins) - > here it becomes -513 (Users) - all the permissions are therefor corrupt - no > admin can login via windows XP clients. > > I have a test server where I've put all the linux user/group files from the > source server and tried to place the same samba server there, but the result > is exactly the same. > > net getlocalsid doesn't work on the source server (previously migrated from > even older server) > net getlocalsid <DOMAINNAME> returns the same value on source and target > servers. > net groupmap list shows a lot more groups on source server then target. > > What else can I try? >