[Samba] Unable to locate SID, possible problem with Idmap?

Gerald (Jerry) Carter jerry at samba.org
Fri Jan 19 14:42:24 GMT 2007

Hash: SHA1


> I am running Samba as a PDC with an LDAP backend and all 
> is working good, except now I am trying to set up a Samba
> Domain Member server with shares on it that will be
> authenticated via the PDC, but for some reason
> it is not working. One interesting thing I notice is 
> that when I run pdbedit -Lv on the PDC I get results like this:
>    Unix username:        test
>    NT username:          test
>    Account Flags:        [U          ]
>    User SID:             S-1-5-21-1194936901-2368177035-684874509-3020
>    init_group_from_ldap: Entry found for group: 513
>    ldapsam_getsampwsid: Unable to locate SID
>    [S-1-5-21-1194936901-2368177035-684874509-513] count=0
>    init_group_from_ldap: Entry found for group: 513
>    Primary Group SID:    S-1-5-21-1194936901-2368177035-684874509-513
>    Full Name:            Test Account
>    <snip>
> Notice the line /ldapsam_getsampwsid: Unable to locate SID
> [S-1-5-21-1194936901-2368177035-684874509-513] count=0, /is that a
> problem or is it normal behavior?

It's probably fine if you don't have a mapping for Domain Users.

> I was able to join the Member Server to the domain, but I 
> cannot see the users and groups from LDAP using getent. I
> tried setting it up with NSS and also with Winbind and
> neither seems to work. Any thoughts?

Make sure you updated the schema file and added the new index
as described in the release notes.

cheers, jerry
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the samba mailing list