[Samba] uid <-> sid conversion with winbindd

Christoph Klein christophk at cip.wiwi.uni-karlsruhe.de
Mon Nov 28 16:00:10 GMT 2005

Today i tried to update samba and winbindd with the debs from samba.org
from 3.0.14 to 3.0.20. Most things worked out of the box, but uid <->
sid conversion was broken after the update. Heres a summary of our

Samba member server joined to a win2k3 domain with the following
smb.conf entries:


## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will
# part of
   workgroup = CIP-POOL
   winbind trusted domains only = yes
   allow trusted domains = no
   winbind use default domain = yes

   security = ADS
   restrict anonymous = 2
   map to guest = Bad Uid

all domain users avaible locally on the samba server with nss_ldap, i.e

"getent passwd christophk" returns

christophk:x:2006:2000:Christoph Klein:/home/Admins/christophk:/bin/bash

resoltion from usernames to sids work too, "wbinfo -n christophk"

S-1-5-21-1475544817-17105652-1213672966-12910 User (1)

But "wbinfo -S S-1-5-21-1475544817-17105652-1213672966-12910" returns

Could not convert sid S-1-5-21-1475544817-17105652-1213672966-12910 to

quite similar to "wbinfo -U2006":

Could not convert uid 2006 to sid

Winbindd versions prior to 3.0.20 were able to map uids and sids out of
the box if the usernames for the unix and the windows account were the
same. Was there any change in here or did i miss something in my setup.
I couldnt find any hint in the release notes. Do i have to use idmap_sfu

Thanks christophk

More information about the samba mailing list