Hello,
I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun about 2 days after the rollback.
I am running Samba 3.0.37 on Solaris 10 5/08.
There are 2 domain admins on our system and we have both lost privledges. I have tried remapping w/out success:
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmins
I am listed as a member of ntadmins in /etc/group. I am also listed in the "root" group, of which ntadmins is also included. Currently I set the groupmap to "root", but that hasn't helped.
When I type pdbedit -Lv stringer I get a User SID of:
S-1-5-21-3716986799-1692006562-677724103-2020
and a Primary Group SID of:
S-1-5-21-3716986799-1692006562-677724103-513
I believe one of my SIDs should end in 512 to be a true admin recognized by Unix? All regular users have Primary Group SIDs ending in 513. Whenever I remap using groupmap, I get a new User SID (4 digit). If I could get my SID to be S-1-5-21-3716986799-1692006562-677724103-512, I think it would be fixed.
I'm at a loss here. My local admin account has expired and I cannot reset it until my domain privledges are reinstituted. Any help would be greatly appreciated. Thanks in advance.
Ken
---------- Post updated 02-11-11 at 12:35 PM ---------- Previous update was 02-10-11 at 01:59 PM ----------
Problem solved. The groupmap command would never work, so I went looking through the .tdb DBs in /var/samba/locks using tdbdump. There was a group_mapping.tdb file (and .ldb) that contained the new and incorrect mappings. There was also a file called group_mapping.tdb.updated dated August 2010, which contained the correct SIDs (S-1-5-21-3716986799-1692006562-677724103-512 and S-1-5-21-3716986799-1692006562-677724103-513). I then moved the group_mapping.tdb and .ldb files to .old and renambed the .updated file to group_mapping.tdb. After rebooting Samba and logging off and back on to XP, everything seems to be working.
There was a small hiccup when I tried to change permissions on a RAID folder, and there will probably be more problems. But at least now I have admin rights as Domain Admins on the workstations.