[Samba] Winbind problem: can't convert sids and gids
Rob Moser
Rob.Moser at nau.edu
Wed Jun 23 12:24:34 MDT 2010
I have a problem where I can't browse to a samba share from Windows
(Server 2008); instead I get the error:
The group name could not be found
The winbind log contains the message:
could not convert gid 507 to sid
Suspecting a permissions problem, I went and looked at the files and the
group ownership has been set to BUILTIN\guests, which is not what I
want. So I try to chgrp them to the domain group:
chgrp -R 'dss users' /file
chgrp: invalid group `dss users'
But I know that that is the domain group that I want:
wbinfo -g | grep dss
dss users
wbinfo -n 'dss users'
S-1-5-21-2129867641-1992771036-1243820751-107019 Domain Group (2)
But winbind apparently cannot resolve it to a gid:
wbinfo -Y S-1-5-21-2129867641-1992771036-1243820751-107019
Could not convert sid S-1-5-21-2129867641-1992771036-1243820751-107019
to gid
My nsswitch.conf file does list winbind for users and groups. My
smb.conf file contains (in part, obviously):
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 4000000
idmap uid = 10000 - 4000000
idmap gid = 10000 - 4000000
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
winbind use default domain = yes
So it is using a default domain (the correct one; I checked) and I'm not
just running out of gids. My various /var/log/samba/log.* files contain
almost exactly nothing from the time of the transaction.
Any help appreciated,
- rob.
More information about the samba
mailing list