Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid
- Date: Fri, 25 May 2018 16:39:22 +0200
- From: Henry Jensen via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] syscolcheck error / Could not convert sid S-1-5-32-544 to uid
On Fri, 25 May 2018 15:07:57 +0100
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > running "samba-tool ntacl sysvolcheck" doesn't fix this.
> Well it wouldn't, they are both borked.
> Just do administration from Windows
OK, maybe this is something which should be mentioned in the wiki. The
reason I got to this was that I wanted to try sysvol replication. The wiki mentions at
you should i.e. copy idmap.ldb from the first DC to the new DC and then run
"samba-tool ntacl sysvolreset".
Is this instruction still valid?
> > S-1-5-32-544 is the Administrator group, which is a builtin group. I
> No, it is the 'Administrators' group
Yes, of course
> > noticed, that this group already existed in the Samba 3 OpenLDAP DIT
> > with gidNumber 514.
> If we take it that '514' is actually a windows RID, then the group
> should be Domain Guests.
Yeah, it was 544. It is Friday afternoon - maybe not the best time to
write technical mails;)
> From my experience, the only AD user/group in AD with a RID less than
> 1000 that should have a uidNumber or gidNumber is Domain Users.
> > So my first idea was to remove those Posix attributes from the
> > problematic groups (I tried it on Backup Operators S-1-5-32-551), but
> > to no avail.
> Ah, you probably missed the magic incantation 'net cache flush' ;-)
That was it. Thank you.
To unsubscribe from this list go to the following URL and read the