From b58dc1826e69c61a30d38b05e7f451404670baef Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 16 Jun 2012 14:19:42 +1000 Subject: s4-s3upgrade: Assert that administrator has a SID of -500, and only skip root if it is -500 Many upgraded installations have root as -1000, and so that account needs to be kept. Andrew Bartlett --- source4/scripting/python/samba/upgrade.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source4') diff --git a/source4/scripting/python/samba/upgrade.py b/source4/scripting/python/samba/upgrade.py index 85c2c8c6fa..09a52c182c 100644 --- a/source4/scripting/python/samba/upgrade.py +++ b/source4/scripting/python/samba/upgrade.py @@ -746,8 +746,15 @@ Please fix this account before attempting to upgrade again # Export users to samba4 backend logger.info("Importing users") for username in userdata: - if username.lower() == 'administrator' or username.lower() == 'root': - continue + if username.lower() == 'administrator': + if userdata[username].user_sid != dom_sid(str(domainsid) + "-500"): + raise ProvisioningError("User 'Administrator' in your existing directory does not have SID ending in -500") + if username.lower() == 'root': + if userdata[username].user_sid == dom_sid(str(domainsid) + "-500"): + logger.warn('User root has been replaced by Administrator') + else: + logger.warn('User root has been kept in the directory, it should be removed in favour of the Administrator user') + s4_passdb.add_sam_account(userdata[username]) if username in uids: add_ad_posix_idmap_entry(result.samdb, userdata[username].user_sid, uids[username], "ID_TYPE_UID", logger) -- cgit