[Samba] When accessing the User Properties only SIDs are shown instead of real name

Anantha Raghava raghav at exzatech.net
Fri Mar 22 10:12:55 UTC 2024 

Hello Rowland,

1. We always have been using self compiled samba not the binaries. In 
fact, when we started we started on CentOS and then when CentOS became 
an upstream edition, we moved to RHEL, but continued with self compiled 
samba, never moved to prebuilt binaries.

2. SSSD - We are not using sssd anywhere. We have many Linux Servers but 
those are not members of AD domain. Only the web applications running 
from Linux Servers are integrated with AD and other SSO layers for 
authentication. Whereas all Windows PCs and Windows Servers are members 
of AD Domain.

3. We discovered this issue when we started evaluation of "Service Now" 
for our asset management needs. Initially we were using PDQ Inventory 
which we had to discard since our security team disabled the ADMIN$ 
share. PDQ depended on ADMIN$ share for asset discovery. Service Now is 
able to discover most of the assets, but on Windows members we are 
observing the above issue, that particular member is not getting 
discovered and even the network shares are not working.

4. We are using samba internal DNS and all name resolutions are working 
properly - Forward and reverse both are working properly. No Issues.

Do think enabling TCP IP NetBIOS Helper Service on Windows members will 
help? I have not really checked this.

Thanks & Regards,

Anantha Raghava H A


DISCLAIMER:
This e-mail communication and any attachments may be privileged and 
confidential to Exza Technology Consulting & Services, Bangalore, and 
are intended only for the use of the recipients named above If you are 
not the addressee you may not copy, forward, disclose or use any part of 
it. If you have received this message in error, please delete it and all 
copies from your system and notify the sender immediately by return 
e-mail. Internet communications cannot be guaranteed to be timely, 
secure, error or virus-free. The sender does not accept liability for 
any errors or omissions.

Do not print this e-mail unless required. Save Paper & trees.


On 22/03/24 3:14 pm, Rowland Penny via samba wrote:
> On Thu, 21 Mar 2024 22:10:20 +0530
> Anantha Raghava via samba<samba at lists.samba.org>  wrote:
>
>> Hello Rowland
>>
>> Samba is running on RHEL 8.9 (subscribed edition)
> Then why are you not asking redhat ?
> I am not saying I will not try to help you, but I would have thought
> that redhat would have been your first port of call.
>
>> Domain is ktkbankltd.com and the work group is ktkbankltd. This is
>> the AD domain, not reachable from internet.
> fair enough
>
>> We have 5 servers named pdc.ktkbankltd.com, dc1.ktkbankltd.com,
>> dc2.ktkbankltd.com, dc3.ktkbankltd.com and dc4.ktkbankltd.com The
>> name PDC is just the name, unlike NT4 domain. These servers were
>> initially installed during 2016 and we started with Samba-AD 4.8, we
>> are upgrading the versions over a period and currently we are using
>> 4.18.1.
> Ah, light dawns, you are running RHEL in an unsupported (by redhat)
> way, which is why you are running a self compiled version of Samba.
>
>> WORKGROUP entered twice - Thanks for notifying.
> Are you also running sssd anywhere ?
>
>> Pattern for non-mapped SIDs - There is no specific pattern. It may be
>> user, or a group or a computer object. Interesting thing is, in most
>> of the members it appears properly, However, we cannot say which
>> member we face this problem. It appears randomly. Another important
>> point to note
>> - From the member which has this problem, when we try to access the
>> shares using <ip-address>/share, it fails to open. However, when we
>> access the same share using <hostname>/share, it works fine.
> Now that is strange, using the ipaddress means using rpc and using the
> hostname usually means using kerberos and rpc is usually the most
> reliable.
>
>> I confirm that we have not deleted any user or group or computer
>> object from AD which may result in this particular problem. To think
>> that this could be a DNS issue, it randomly appears in different
>> clients and not all.
> I take it that you are using the AD DCs as the dns servers for the AD
> domain.
>
> Rowland
>
>
>

More information about the samba mailing list