[Samba] Samba 3.6.5, idmap configuration and WBC_ERR_DOMAIN_NOT_FOUND

Kevin Elliott kevin_elliott at ci.juneau.ak.us
Tue Jul 10 11:56:44 MDT 2012

Hello all,

I recently upgraded from Samba 3.5.6 (the version contained in Debian Stable) to Samba 3.6.5 (the version from Debian Backports) in an effort to closer track the current development to try and chase some long standing bugs out.

I think I've resolved one problem but introduced another. I'm getting the "WBC_ERR_DOMAIN_NOT_FOUND" when I try to perform a SID to UID lookup much like so:

city-liza-lnx:/var/log/samba# wbinfo -t
checking the trust secret for domain CBJ_NT via RPC calls succeeded
city-liza-lnx:/var/log/samba# wbinfo -n CBJ_NT+kevin_elliott
S-1-5-21-505306839-1977890393-20515302-14949 SID_USER (1)
city-liza-lnx:/var/log/samba# wbinfo -s S-1-5-21-505306839-1977890393-20515302-14949
CBJ_NT+kevin_elliott 1
city-liza-lnx:/var/log/samba# wbinfo -S S-1-5-21-505306839-1977890393-20515302-14949
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-505306839-1977890393-20515302-14949 to uid

This looks like it has all the markings of following bugreport:


Before I follow this upstream can someone sanity check my configs for me? I understand that much has changed between 3.5 and 3.6 regarding the idmaping.

        workgroup = CBJ_NT
        realm = CBJ.LOCAL
        netbios aliases = CITY-LIZA-L90, CITY-LIZA
        server string = External FTP Server
        interfaces =, lo
        bind interfaces only = Yes
        security = ADS
        obey pam restrictions = Yes
        passdb backend = tdbsam
        password server =,
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
        client NTLMv2 auth = Yes
        log level = 10
        log file = /var/log/samba/log.%m
        max log size = 2500
        printcap name = cups
        os level = 5
        local master = No
        domain master = No
        wins server =
        ldap ssl = no
        winbind enum users = Yes
        winbind enum groups = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap config CBJ_NT:backend = rid
        idmap config CBJ_NT:base_rid = 0
        idmap config CBJ_NT:range = 10000-65533
        idmap config LIBRARY:backend = rid
        idmap config LIBRARY:base_rid = 0
        idmap config LIBRARY:range = 65535-79999
        winbind separator = +
        winbind use default domain = Yes

        comment = FTP directory
        path = /var/ftp/pub/
        valid users = "@CBJ_NT+domain users"
        read only = No
        create mask = 0775
        directory mask = 0775
        hide unreadable = Yes

Thank you for your consideration.

Kevin Elliott
Network Specialist
City and Borough of Juneau, MIS
(907) 586 - 0905

More information about the samba mailing list