[Samba] setfacl(1) - Can FreeBSD's ACLs contain groups from NT/AD
domains ? [SOLUTION]
Wilkinson, Alex
alex.wilkinson at dsto.defence.gov.au
Thu Aug 9 12:40:38 GMT 2007
When putting winbindd(8) into debug mode I finally saw the following:
id S-1-5-21-1957994488-1326574676-725345543-35301 is neither ours, a Unix SID, nor builtin
error converting unix gid to sid
The hard part was identifying what part of the puzzle I needed to debug in the
first place! Was it AD? NSS? PAM? Winbind? Samba? ACLs ?
Solution:
Well that was easy when I actually knew the problem. Increase my idmap_rid range.
From:
idmap config dsto:range = 10000-20000
To:
idmap config dsto:range = 10000-500000
All works now!
-aW
IMPORTANT: This email remains the property of the Australian Defence Organisation and is subject to the jurisdiction of section 70 of the CRIMES ACT 1914. If you have received this email in error, you are requested to contact the sender and delete the email.
More information about the samba
mailing list