[Samba] wbinfo not resolving SID to username
Rowland Penny
rpenny at samba.org
Mon Jul 2 13:23:57 UTC 2018
On Mon, 2 Jul 2018 14:36:57 +0200
"Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote:
>
> > you should remove 'winbind' from the shadow line, it isn't required.
> Done, thanks.
>
> > That is all perfectly normal on a Samba AD DC. The only way to get
> > all users and groups mapped to names, is to use uidNumber &
> > gidNumber attributes for all users & groups. This is NOT
> > recommended on a DC, this is because of sysvol, where some groups
> > have also to be users to own things. This is done in idmap.ldb
> > where groups are mapped to ID_TYPE_BOTH, if you give the wrong
> > group a gidNumber, it will become just a group and a group cannot
> > own anything on Linux.
> Ok. This is the first Samba DC I'm playing with and I like to check
> everything before putting it into production.
Best way of doing things, if you make mistakes, you can always start
again ;-)
>
> > Just as an aside, I think you will find that 'sysvol' is mostly
> > empty, you will need to sync it from the DC you joined this one to.
> > Rowland
> I've replicated sysvol with robocopy (from the Windows) and
> configured a task to keep things in sync till the Windows DC will be
> demoted.
Okay, just thought I would mention it.
>
> What about the strange chars in getfacl output? They seem like escape
> sequences:
> "default:group:BUILTIN\134administrators:rwx" should read
> "default:group:BUILTIN\administrators:rwx", right?
In an ideal world, yes, but this isn't an ideal world and yes, they are
a type of escape sequence (for want of a better word) and they are
quite normal, you can ignore them.
Rowland
More information about the samba
mailing list