Actually, what I ended up doing to fix this was the following, in case it benefits the next person.
On my samba3 doamin, I did: # net groupmap delete sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1066 # net groupmap add rid=513 unixgroup=users type=domain ntgroup="Domain Users" # net groupmap delete sid=S-1-5-21-XXXXXXXXXXXXXXXXXX-1057 # net groupmap add rid=512 unixgroup=smbadmins type=domain ntgroup="Domain Admins" Then on my Windows server (a separate member server of the domain, which has a few shares on it), I redid the sharing and Security permissions, since Windows had the old SID in there. Simply re-adding the proper group sufficed, and users were good to go. I then was able to successfully complete the classicupgrade tool on my resulting tdbs. --scott *Scott Goodwin* IT Lead Mimic Technologies, Inc 811 First Avenue, Suite 408 | Seattle, WA 98104 phone: 1.800.918.1670 | direct: 206.456.9180 fax: 206.623.3491 | cell: 206.355.7767 On Tue, Aug 20, 2013 at 2:25 PM, Andrew Bartlett <[email protected]> wrote: > On Tue, 2013-08-20 at 11:33 -0700, Scott Goodwin wrote: > > Update: > > Upon further investigation, the group with SID ending in -1057 is my > Domain > > Admins group, which is mapped to unix group "smbadmins". SID ending in > > -1066 (see my original posting) is Domain Users, which I have mapped to > > unix group "users". > > I suspect that if I remove these two mappings, the classic upgrade may > > succeed, at which point I can re-add them. > > > > Two things: > > 1) Is it a problem that my Domain Admins and Domain Users groups do not > > have the standard NT4 domain suffixes (I think Domain Admins typically > ends > > with -512. Can't remember what the suffix for Domain Users is, but it > isn't > > -1066). > > Yes. > > > 2) Is there a way to remove these mappings from the .tdb files I have > > copied over to the new server? I know I can remove the mapping from my > old > > server, then re-copy the tdb files over, then re-add the mapping on my > > samba3 server, but the Domain Users mapping would impact users (I'm > pretty > > sure), and I want to avoid that if possible. So, I'm hoping there is a > way > > to manually edit the tdb's in the test environment where my samba4 server > > is, or some tool that can assist in such. > > The 'Samba3' tools still work in Samba 4.0, so if you put the files in > the 'expected' locations on in the new server, then you should be able > to just edit them there, as if it was the original server. Then > upgrade. > > I hope this helps, > > Andrew Bartlett > > -- > Andrew Bartlett > http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
