[Samba] SID to UID conversion problem

Ralph Gruber ralphmc at gmx.at
Fri Apr 9 06:35:07 MDT 2010

Hi folks!

I have a problem with SID to UID translation on one of my domainmember servers
since I use a newer version of samba (3.4.0). The PDC is running samba 3.0.28
and uses LDAP.

On the domainmember everything is working as expected (login with domain user,
wbinfo -u, wbinfo -g) but when it comes to convert the SID to UID it fails:

$ wbinfo -S S-1-5-21-2106500839-766785134-2740805053-6093002
Could not convert sid S-1-5-21-2106500839-766785134-2740805053-6093002 to uid

The same smb.conf on other domainmembers, running version 3.0.28, works nicely.
I'm not sure if I maybe missed some package, or configuration for this
translation from SID to uid. But I thought that samba is able to extract the UID
from the SID, doesn't it?

Here is the output of testparm on the domainmember server:
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[Test]"
Loaded services file OK.
Press enter to see a dump of your service definitions

        workgroup = SPEED
        server string = Diva
        security = DOMAIN
        password server =
        log level = 1
        syslog = 8
        log file = /var/log/smb.log.%m
        max log size = 50000
        debug timestamp = No
        debug uid = Yes
        name resolve order = host wins lmhosts
        socket options = TCP_NODELAY SO_SNDBUF=65536 SO_RCVBUF=65536 IPTOS_LOWDELAY
        printcap name = /dev/null
        show add printer wizard = No
        os level = 64
        domain master = No
        dns proxy = No
        wins server =
        ldap admin dn = cn=admin,dc=TUG
        ldap group suffix = ou=Groups
        ldap machine suffix = ou=Computers
        ldap passwd sync = yes
        ldap suffix = dc=TUG
        ldap ssl = no
        ldap user suffix = ou=Users
        panic action = /usr/share/samba/panic-action %d
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind trusted domains only = Yes
        map acl inherit = Yes

        comment = test share
        path = /mnt/data/Test
        read only = No
        inherit acls = Yes

passwd:         files ldap
group:          files ldap
shadow:         files ldap

hosts:          files dns wins
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Thanks for your hits!
Greets, Ralph

More information about the samba mailing list