[Samba] When accessing the User Properties only SIDs are shown instead of real name

Rowland Penny rpenny at samba.org
Fri Mar 22 09:44:28 UTC 2024 

On Thu, 21 Mar 2024 22:10:20 +0530
Anantha Raghava via samba <samba at lists.samba.org> wrote:

> Hello Rowland
> 
> Samba is running on RHEL 8.9 (subscribed edition)

Then why are you not asking redhat ?
I am not saying I will not try to help you, but I would have thought
that redhat would have been your first port of call.

> 
> Domain is ktkbankltd.com and the work group is ktkbankltd. This is
> the AD domain, not reachable from internet.

fair enough

> 
> We have 5 servers named pdc.ktkbankltd.com, dc1.ktkbankltd.com, 
> dc2.ktkbankltd.com, dc3.ktkbankltd.com and dc4.ktkbankltd.com The
> name PDC is just the name, unlike NT4 domain. These servers were
> initially installed during 2016 and we started with Samba-AD 4.8, we
> are upgrading the versions over a period and currently we are using
> 4.18.1.

Ah, light dawns, you are running RHEL in an unsupported (by redhat)
way, which is why you are running a self compiled version of Samba.

> 
> WORKGROUP entered twice - Thanks for notifying.

Are you also running sssd anywhere ?

> 
> Pattern for non-mapped SIDs - There is no specific pattern. It may be 
> user, or a group or a computer object. Interesting thing is, in most
> of the members it appears properly, However, we cannot say which
> member we face this problem. It appears randomly. Another important
> point to note 
> - From the member which has this problem, when we try to access the 
> shares using <ip-address>/share, it fails to open. However, when we 
> access the same share using <hostname>/share, it works fine.

Now that is strange, using the ipaddress means using rpc and using the
hostname usually means using kerberos and rpc is usually the most
reliable.

> 
> I confirm that we have not deleted any user or group or computer
> object from AD which may result in this particular problem. To think
> that this could be a DNS issue, it randomly appears in different
> clients and not all.

I take it that you are using the AD DCs as the dns servers for the AD
domain.

Rowland

More information about the samba mailing list