[Samba] Failed to convert SID to a UID
Dale Renton
drenton at gmail.com
Sun Jun 18 15:29:12 UTC 2023
On Sat, Jun 10, 2023 at 1:49 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> Dale, just checking back on what you posted earlier and you had:
>
> create krb5 conf = no
>
> in your smb.conf
>
> Is that line still there ?
> If so, try removing it.
>
> If it works, can you post the contents of /etc/krb5.conf
If I remove the create krb5.conf line getent works.
So I figured I would just copy the contents of
/var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD to /etc/krb5.conf
excluding the "include /etc/krb5.conf" line. To my surprise when I add
back the "create krb5.conf = no" line to smb.conf getent stop working, even
though /etc/krb5.conf is equal to
/var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
I tried what Rownland and Christian suggested for the /etc/krb5.conf file
with no success. I also commented out the lines in
/etc/krb5.conf.d/crypto-policies. Here is what I currently have, the same
as /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
[libdefaults]
default_realm = AD.EXAMPLE.COM
default_tgs_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC
default_tkt_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC
preferred_enctypes = aes256-cts-hmac-sha1-96
aes128-cts-hmac-sha1-96 RC4-HMAC
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
AD.EXAMPLE.COM = {
kdc = 192.168.1.1
kdc = 192.168.1.2
}
EXAMPLEAD = {
kdc = 192.168.1.1
kdc = 192.168.1.2
}
Thanks,
Dale
More information about the samba
mailing list