[Samba] Failed to convert SID to a UID

Rowland Penny rpenny at samba.org
Sun Jun 18 16:00:27 UTC 2023 


On 18/06/2023 16:29, Dale Renton via samba wrote:
> On Sat, Jun 10, 2023 at 1:49 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>> Dale, just checking back on what you posted earlier and you had:
>>
>> create krb5 conf = no
>>
>> in your smb.conf
>>
>> Is that line still there ?
>> If so, try removing it.
>>
>> If it works, can you post the contents of /etc/krb5.conf
> 
> If I remove the create krb5.conf line getent works.
> 
> So I figured I would just copy the contents of
> /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD to /etc/krb5.conf
> excluding the "include /etc/krb5.conf" line.  To my surprise when I add
> back the "create krb5.conf = no" line to smb.conf getent stop working, even
> though /etc/krb5.conf is equal to
> /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
> 
> I tried what Rownland and Christian suggested for the /etc/krb5.conf file
> with no success.  I also commented out the lines in
> /etc/krb5.conf.d/crypto-policies. Here is what I currently have, the same
> as /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
> 
> 
> [libdefaults]
>          default_realm = AD.EXAMPLE.COM
>          default_tgs_enctypes = aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 RC4-HMAC
>          default_tkt_enctypes = aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 RC4-HMAC
>          preferred_enctypes = aes256-cts-hmac-sha1-96
> aes128-cts-hmac-sha1-96 RC4-HMAC
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
> 
> [realms]
>          AD.EXAMPLE.COM = {
>                  kdc = 192.168.1.1
>                  kdc = 192.168.1.2
>          }
>          EXAMPLEAD = {
>                  kdc = 192.168.1.1
>                  kdc = 192.168.1.2
>          }
> 
> 
> 
> 
> Thanks,
> Dale

Hi Dale, I have Samba working on Rocky Linux 8 using 4.17.5, but this 
uses the 'rid' idmap backend, not that it should matter.

I just used the same /etc/krb5.conf I use on all my tests and it seems 
to work, it also seems to look nothing like the RHEL/Rocky Linux one.

Would you like a copy of the notes I made installing a Unix domain 
member on Rocky Linux 8 ?

Rowland

More information about the samba mailing list