>> It appears that the built in domain groups' SIDs do not match the
>> domain's SID. I used the IDEALX scripts to create these accounts and I
>> obviously thought everything was fine before proceeding to add users and
>> groups.
>
> Did you change the SID inside the IDEALX scripts?
I bet I populated these groups before I changed the SID in the IDEALX
scripts while testing things out and I never went back to correct it. I
see that the SID is currently set correctly for them.
Thanks for pointing that out! Seeing that set correctly makes me a bit
more comfortable using those scripts.
>> Any suggestions on how I can correct this without wiping out the users
>> and groups I've already added?
>
> Hmmm, you can remap it. :)
Would remapping them correct the SIDs? Can I just use a LDAP editor and
manually change the SID to what it should be without screwing up other
things? To my understanding, all the important Samba data is stored in
LDAP. So I shouldn't have to worry about the contents of smbpasswd,
secrets.tdb, or anything of that nature, right?
Given I can just edit the SIDs, I do know that I may have to restart the
SMB daemon, rejoin some users to groups, correct the local
administrators group on workstations, etc. I understand the clean up, I
don't want to ruin anything else that's not a simple text edit or
command call.
Thank you,
Jason
Felipe Augusto van de Wiel wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/30/2006 04:16 PM, Jason Shaw escreveu:
Hello,
I'm having a few problems, but I'm thinking this should be fixed first.
It may solve my other issues.
It appears that the built in domain groups' SIDs do not match the
domain's SID. I used the IDEALX scripts to create these accounts and I
obviously thought everything was fine before proceeding to add users and
groups.
Did you change the SID inside the IDEALX scripts?
Any suggestions on how I can correct this without wiping out the users
and groups I've already added?
Hmmm, you can remap it. :)
Samba PDC 3.0.20b
OpenLDAP backend
# net groupmap list
Domain Admins (S-1-5-21-220492119-3728255649-3324185874-512) -> Domain
Admins
Domain Users (S-1-5-21-220492119-3728255649-3324185874-513) -> Domain Users
Domain Guests (S-1-5-21-220492119-3728255649-3324185874-514) -> Domain
Guests
Domain Computers (S-1-5-21-220492119-3728255649-3324185874-515) ->
Domain Computers
# net getlocalsid
SID for domain FS02 is: S-1-5-21-580359677-1468577533-2286006929
Much appreciated!
Jason
Kind regards,
- --
Felipe Augusto van de Wiel <[EMAIL PROTECTED]>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFE9vNxCj65ZxU4gPQRAr+8AJ4vYKoKwbZ99LHFBU71PqnwzK7VhgCgpIwx
wFJ4M2ngWacJ1FK5pEW5hgo=
=k0AI
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
