[Samba] Winbind problem: can't convert sids and gids

Rob Moser Rob.Moser at nau.edu
Wed Jun 23 12:24:34 MDT 2010

I have a problem where I can't browse to a samba share from Windows
(Server 2008); instead I get the error:

The group name could not be found

The winbind log contains the message:

could not convert gid 507 to sid

Suspecting a permissions problem, I went and looked at the files and the
group ownership has been set to BUILTIN\guests, which is not what I
want.  So I try to chgrp them to the domain group:

chgrp -R 'dss users' /file
chgrp: invalid group `dss users'

But I know that that is the domain group that I want:

wbinfo -g | grep dss
dss users

wbinfo -n 'dss users'
S-1-5-21-2129867641-1992771036-1243820751-107019 Domain Group (2)

But winbind apparently cannot resolve it to a gid:

wbinfo -Y S-1-5-21-2129867641-1992771036-1243820751-107019
Could not convert sid S-1-5-21-2129867641-1992771036-1243820751-107019
to gid

My nsswitch.conf file does list winbind for users and groups.  My
smb.conf file contains (in part, obviously):

        idmap alloc backend = tdb
        idmap alloc config:range = 10000 - 4000000
        idmap uid = 10000 - 4000000
        idmap gid = 10000 - 4000000

        winbind enum users = no
        winbind enum groups = no
        winbind nested groups = yes
        winbind use default domain = yes

So it is using a default domain (the correct one; I checked) and I'm not
just running out of gids.  My various /var/log/samba/log.* files contain
almost exactly nothing from the time of the transaction.

Any help appreciated,

     - rob.

More information about the samba mailing list