Markus Dellermann
2016-Feb-01 22:24 UTC
[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins "
Hi at all, i´am using samba 4.3.4 as "ad", "migrated by classicupgrade" some time ago from an nt4-domain. By trying samba_upgradedns --dns-backend=BIND9_DLZ i get the following error: Traceback (most recent call last): File "/usr/sbin/samba_upgradedns", line 262, in <module> paths, lp.configfile, lp) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 298, in find_provision_key_parameters raise ProvisioningError("Unable to find uid/gid for Domain Admins rid (%s- %s" % (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR)) samba.provision.ProvisioningError: ProvisioningError: Unable to find uid/gid for Domain Admins rid (S-1-5-21-855155194-824588496-1214258294-500 "Domain Admins" seems to be in "ad" wbinfo -i 'MYDOMAIN\Domain Admins' MYDOMAIN\domain admins:*:3000008:3000008::/home/MYDOMAIN/domain admins:/bin/ false I know, it was working "some time ago" I deleted some groups like "domainadmins:!:15008:administrator,root" from /etc/groups -i have thought I didn't need them anymore Could this be the problem? Where should I search? Thank you for all your hints! Markus
Rowland penny
2016-Feb-02 09:51 UTC
[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins "
On 01/02/16 22:24, Markus Dellermann wrote:> Hi at all, > > i´am using samba 4.3.4 as "ad", "migrated by classicupgrade" some time ago > from an nt4-domain. > > By trying > samba_upgradedns --dns-backend=BIND9_DLZ > > i get the following error: > > Traceback (most recent call last): > File "/usr/sbin/samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line > 298, in find_provision_key_parameters > raise ProvisioningError("Unable to find uid/gid for Domain Admins rid (%s- > %s" % (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR)) > samba.provision.ProvisioningError: ProvisioningError: Unable to find uid/gid > for Domain Admins rid (S-1-5-21-855155194-824588496-1214258294-500 > > "Domain Admins" seems to be in "ad"Domain Admins may be in AD but that is not what is being searched for, it is actually searching for Administrator, have you do anything to Administrator in AD or idmap.ldb ? Rowland
Markus Dellermann
2016-Feb-02 11:26 UTC
[Samba] samba_upgradedns returned an error "Unable to find uid/gid for Domain Admins "
Am Dienstag, 2. Februar 2016, 09:51:03 CET schrieb Rowland penny:> On 01/02/16 22:24, Markus Dellermann wrote: > > Hi at all, > > > > i´am using samba 4.3.4 as "ad", "migrated by classicupgrade" some time ago > > from an nt4-domain. > > > > By trying > > samba_upgradedns --dns-backend=BIND9_DLZ > > > > i get the following error: > > > > Traceback (most recent call last): > > File "/usr/sbin/samba_upgradedns", line 262, in <module> > > > > paths, lp.configfile, lp) > > > > File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", > > line > > > > 298, in find_provision_key_parameters > > > > raise ProvisioningError("Unable to find uid/gid for Domain Admins rid > > (%s- > > > > %s" % (str(names.domainsid), security.DOMAIN_RID_ADMINISTRATOR)) > > samba.provision.ProvisioningError: ProvisioningError: Unable to find > > uid/gid for Domain Admins rid > > (S-1-5-21-855155194-824588496-1214258294-500 > > > > "Domain Admins" seems to be in "ad" > > Domain Admins may be in AD but that is not what is being searched for, > it is actually searching for Administrator, have you do anything to > Administrator in AD or idmap.ldb ? > > RowlandHi Rowland, ah, ok -thank your for your answer. There is a local user named "administrator" in /etc/passwd administrator:x:1039:100::/home/administrator:/bin/bash There was a username-mapping in /etc/samba/smbusers #!root = MYDOMAIN\Administrator MYDOMAIN\administrator Administrator administrator I have changed this two month ago, because that shoudn`t be needed.(?) Domain-Administrators UID in "aduc" is "10000" -is this korrekt? In my nt4-domain the domain-administrator was mapped to root and the rid "500" was assigned to root Maybe this is missing now? Do i have to assign this again? Thank you Markus