[Samba] winbind wbcGetpwnam WBC_ERR_DOMAIN_NOT_FOUND

Linda Walsh samba at tlinx.org
Wed Aug 24 00:14:22 MDT 2011

Shirish Pargaonkar wrote:
> A call to wbcGetpwnam() with BUILTIN\Administrators
> name (string) returns error 7 (WBC_ERR_DOMAIN_NOT_FOUND).
> I tried just Administrators and got the same error.
> Same error with user (string)  Everyone  also.
    I've noticed this problem as well...

In fact, every one of the well-known addresses that I manually added
(and are still listed, and mapped to local groups) are unavailable
for use at any client.    Very sad since I went to the trouble
of creating all the local groups for these that Samba refuses to
return them even though they are defined.

Is this something else that needs a patch?


This is what I see for a net groupmap list (massaged a bit...):
>  show_samba_wellknown_gids   

GID   |UnixGroup              |NTGroup                |Grp_Type  |SID
---   |---------              |-- -------             |--------  |---
513   |Domain Users           |Domain Users           
516   |Domain Controllers     |Domain Controllers     
551   |Backup Operators       |Backup Operators       
547   |Power Users            |Power Users            
517   |Cert Publishers        |Cert Publishers        
552   |Replicators            |Replicators            
544   |Administrators         |Administrators         
514   |Domain Guests          |Domain Guests          
548   |Account Operators      |Account Operators      
518   |Schema Admins          |Schema Admins          
10123 |BUILTIN\ras servers    |RAS Servers            |Local     
512   |Domain Admins          |Domain Admins          
515   |Domain Computers       |Domain Computers       
500   |Domain Administrator   |Domain Administrator   
550   |Print Operators        |Print Operators        
546   |Guests                 |Guests                 
501   |Domain Guest           |Domain Guest           
519   |Enterprise Admins      |Enterprise Admins      

Yet clients only see 'RAS Servers' out of these groups.

Before, when I had 'trusted domains only' turned on, I believe
that caused a problem showing my own groups as well as the
BUILTIN groups, as my domain's name is mixed case,
and samba doesn't play the way Windows does with such...

So (upper+lower case domain) 'Bliss' couldn't talk to
'BLISS or BUILTIN but instead looked for '*' ...which was
very confusing...

Started happening in 3.6 due to change in backend...
continued to happen in 3.5.10, due to mangled DB...
which seems like there are no tools to unmangle.

Like a way to set 'user' <-> 'uid' <-> SID
mappings in samba?

Seems like a basic.   It's there for groups (though they aren't
working either)...

(under what we love about the M5 and Samba probs, even though there's
"no off switch"  they both keep on going...(still resolving my SID->UID,
just no usernames))...which means file serving is still working just can't
do much w/changing permissions on things...).

More information about the samba mailing list