[Samba] question about sids and ads auth

Jason Gerfen jason.gerfen at scl.utah.edu
Wed Jun 4 15:58:52 GMT 2008

Ok so I have a problem and I am trying to figure something out in 
regards to samba ads authentication, winbindd sid to uid/gid mapping and 
why some domain accounts can map the samba share from linux and windows 
when others cannot.

I have a few domain users that when they try to map a samba share when 
the authentication takes place fine, the uid/gid seems to work, but in 
the log.winbind-idmap I see the following lines:

   idmap_sid_to_gid: sid = [S-1-5-21-2868754479-89028146-2101856903-513]
   sid [S-1-5-21-2868754479-89028146-2101856903-513] not mapped to an 
gid [2,2,2279459400]

But if I do a winbind -n USERNAME I get the following sid

As you can see they do not match up, is the sid listed in the log a 
system account like the netlogon or perhaps the trusted domain account 
sid or something?

I am just going through a process of elimination to figure out why some 
users work and others do not. Any help is appreciated.


More information about the samba mailing list