[Samba] winbind wbcGetpwnam WBC_ERR_DOMAIN_NOT_FOUND

Linda Walsh samba at tlinx.org
Wed Aug 24 00:14:22 MDT 2011 



Shirish Pargaonkar wrote:
> A call to wbcGetpwnam() with BUILTIN\Administrators
> name (string) returns error 7 (WBC_ERR_DOMAIN_NOT_FOUND).
>
> I tried just Administrators and got the same error.
> Same error with user (string)  Everyone  also.
>   
----
    I've noticed this problem as well...

In fact, every one of the well-known addresses that I manually added
(and are still listed, and mapped to local groups) are unavailable
for use at any client.    Very sad since I went to the trouble
of creating all the local groups for these that Samba refuses to
return them even though they are defined.

Is this something else that needs a patch?

*grouse*grumble*mumble*foo*

This is what I see for a net groupmap list (massaged a bit...):
>  show_samba_wellknown_gids   

GID   |UnixGroup              |NTGroup                |Grp_Type  |SID
---   |---------              |-- -------             |--------  |---
513   |Domain Users           |Domain Users           
|Well-known|S-1-5-21-33333-77777-33333-513
516   |Domain Controllers     |Domain Controllers     
|Well-known|S-1-5-21-33333-77777-33333-516
551   |Backup Operators       |Backup Operators       
|Well-known|S-1-5-32-551
547   |Power Users            |Power Users            
|Well-known|S-1-5-32-547
517   |Cert Publishers        |Cert Publishers        
|Well-known|S-1-5-21-33333-77777-33333-517
552   |Replicators            |Replicators            
|Well-known|S-1-5-32-552
544   |Administrators         |Administrators         
|Well-known|S-1-5-32-544
514   |Domain Guests          |Domain Guests          
|Well-known|S-1-5-21-33333-77777-33333-514
548   |Account Operators      |Account Operators      
|Well-known|S-1-5-32-548
518   |Schema Admins          |Schema Admins          
|Well-known|S-1-5-21-33333-77777-33333-518
10123 |BUILTIN\ras servers    |RAS Servers            |Local     
|S-1-5-32-553
512   |Domain Admins          |Domain Admins          
|Well-known|S-1-5-21-33333-77777-33333-512
515   |Domain Computers       |Domain Computers       
|Well-known|S-1-5-21-33333-77777-33333-515
500   |Domain Administrator   |Domain Administrator   
|Well-known|S-1-5-21-33333-77777-33333-500
550   |Print Operators        |Print Operators        
|Well-known|S-1-5-32-550
546   |Guests                 |Guests                 
|Well-known|S-1-5-32-546
501   |Domain Guest           |Domain Guest           
|Well-known|S-1-5-21-33333-77777-33333-501
519   |Enterprise Admins      |Enterprise Admins      
|Well-known|S-1-5-21-33333-77777-33333-519
-------------------------------


Yet clients only see 'RAS Servers' out of these groups.

Before, when I had 'trusted domains only' turned on, I believe
that caused a problem showing my own groups as well as the
BUILTIN groups, as my domain's name is mixed case,
and samba doesn't play the way Windows does with such...

So (upper+lower case domain) 'Bliss' couldn't talk to
'BLISS or BUILTIN but instead looked for '*' ...which was
very confusing...

Started happening in 3.6 due to change in backend...
continued to happen in 3.5.10, due to mangled DB...
which seems like there are no tools to unmangle.

Like a way to set 'user' <-> 'uid' <-> SID
mappings in samba?

Seems like a basic.   It's there for groups (though they aren't
working either)...

(under what we love about the M5 and Samba probs, even though there's
"no off switch"  they both keep on going...(still resolving my SID->UID,
just no usernames))...which means file serving is still working just can't
do much w/changing permissions on things...).

More information about the samba mailing list