[Samba] winbind pam trouble
Rowland penny
rpenny at samba.org
Tue Apr 12 07:55:00 UTC 2016
On 12/04/16 08:03, lists wrote:
> Some other observations in log.winbindd-idmap:
>
>> [2016/04/12 08:37:54.028456, 1]
>> ../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
>> Could not get unix ID for SID
>> S-1-5-21-90839350-987482234-868425949-133237
>> [2016/04/12 08:45:57.051863, 1]
>> ../source3/winbindd/idmap_ad.c:523(idmap_ad_sids_to_unixids)
>> Could not get unix ID for SID
>> S-1-5-21-90839350-987482234-868425949-133222
>
> This happens for 30 different SID's: some with a long last RID:
>
>> Could not get unix ID for SID
>> S-1-5-21-90839350-987482234-868425949-133237
>> Could not get unix ID for SID
>> S-1-5-21-90839350-987482234-868425949-132270
>> Could not get unix ID for SID
>> S-1-5-21-90839350-987482234-868425949-132722
>
> and with shorter RID's like
>> Could not get unix ID for SID S-1-5-21-90839350-987482234-868425949-501
>> Could not get unix ID for SID S-1-5-21-90839350-987482234-868425949-502
>> Could not get unix ID for SID S-1-5-21-90839350-987482234-868425949-517
>
> However, and looking at an ldif dump of our CN=Users, I can't find
> these numbers...?
>
> Anyone..?
>
> MJ
>
You have real trouble if you don't have the last three :-D
They are well known SIDs
501 is Guest
502 is krbtgt
517 is Cert Publishers
Try opening a terminal on the DC and run this:
ldbsearch -H /usr/local/samba/private/sam.ldb
'(objectsid=S-1-5-21-90839350-987482234-868425949-501)'
This should display the AD object for the SID, provided you have
compiled Samba yourself or have installed ldb-tools and changed
'/usr/local/samba/private' for the path to your sam.ldb.
Repeat for the other SIDs.
Rowland
More information about the samba
mailing list