[Samba] [EXTERNAL] Re: Failed to convert SID to a UID

Buchanan, Ted tbuchanan at vinu.edu
Sun Jun 18 19:25:14 UTC 2023 

Yes, please and thank you.

On Sun, Jun 18, 2023 at 12:00 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 18/06/2023 16:29, Dale Renton via samba wrote:
> > On Sat, Jun 10, 2023 at 1:49 PM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >> Dale, just checking back on what you posted earlier and you had:
> >>
> >> create krb5 conf = no
> >>
> >> in your smb.conf
> >>
> >> Is that line still there ?
> >> If so, try removing it.
> >>
> >> If it works, can you post the contents of /etc/krb5.conf
> >
> > If I remove the create krb5.conf line getent works.
> >
> > So I figured I would just copy the contents of
> > /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD to /etc/krb5.conf
> > excluding the "include /etc/krb5.conf" line.  To my surprise when I add
> > back the "create krb5.conf = no" line to smb.conf getent stop working,
> even
> > though /etc/krb5.conf is equal to
> > /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
> >
> > I tried what Rownland and Christian suggested for the /etc/krb5.conf file
> > with no success.  I also commented out the lines in
> > /etc/krb5.conf.d/crypto-policies. Here is what I currently have, the same
> > as /var/lib/samba/lock/smb_krb5/krb5.conf.EXAMPLEAD.
> >
> >
> > [libdefaults]
> >          default_realm = AD.EXAMPLE.COM
> >          default_tgs_enctypes = aes256-cts-hmac-sha1-96
> > aes128-cts-hmac-sha1-96 RC4-HMAC
> >          default_tkt_enctypes = aes256-cts-hmac-sha1-96
> > aes128-cts-hmac-sha1-96 RC4-HMAC
> >          preferred_enctypes = aes256-cts-hmac-sha1-96
> > aes128-cts-hmac-sha1-96 RC4-HMAC
> >          dns_lookup_realm = false
> >          dns_lookup_kdc = true
> >
> > [realms]
> >          AD.EXAMPLE.COM = {
> >                  kdc = 192.168.1.1
> >                  kdc = 192.168.1.2
> >          }
> >          EXAMPLEAD = {
> >                  kdc = 192.168.1.1
> >                  kdc = 192.168.1.2
> >          }
> >
> >
> >
> >
> > Thanks,
> > Dale
>
> Hi Dale, I have Samba working on Rocky Linux 8 using 4.17.5, but this
> uses the 'rid' idmap backend, not that it should matter.
>
> I just used the same /etc/krb5.conf I use on all my tests and it seems
> to work, it also seems to look nothing like the RHEL/Rocky Linux one.
>
> Would you like a copy of the notes I made installing a Unix domain
> member on Rocky Linux 8 ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Ted Buchanan
Senior Systems Administrator - Vincennes University
tbuchanan at vinu.edu

More information about the samba mailing list