[Samba] Samba 4 AD share: Access denied
ryana at reachtechfp.com
Wed Jul 30 08:18:15 MDT 2014
Sorry for the delay. I am in eastern time and have been busy with
another project. I cannot convert that ID to SID. In Windows however,
this shows as "SYSTEM". How do I know? Simple, there are only three
things listed. Those are "Domain Admins", "Administration", and
"SYSTEM". Also, what do you mean by "ntadmins" being local? I have added
no groups to the Linux systems, so if you're asking if it is a local
group on the Linux box, no it is not. I can remove the SYSTEM account
from the share if needed, but it is on all Windows shares as well and
causes no issues.
failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 70028 to sid
On 7/30/2014 6:01 AM, steve wrote:
> On Tue, 2014-07-29 at 19:47 +0100, Rowland Penny wrote:
>> On 29/07/14 18:42, steve wrote:
>>> On Tue, 2014-07-29 at 18:18 +0100, Rowland Penny wrote:
>>>> On 29/07/14 18:01, Ryan Ashley wrote:
>>>>> Yes, I see all domain users and groups, getent works with passwd and
>>>>> with any domain group, and shows things as they should be. Every group
>>>>> has a unique gid.
>>>> OK, then on paper everything is working as it should be, I cannot think
>>>> of anything else to do, anybody else have any input ???
>>>> If nobody else has any input, it may be time to file a bug against samba.
>>> Our money is on the builtin acl which has started appearing in recent
>>> samba versions and explained earlier in this thread. winbind maps this
>>> group to a number in the idmap * range. This number does not coincide
>>> with the hard wired xidNumber in the separate idmap db on the DC.
>>> Otherwise, have one final check on winbind:
>>> If still nothing, go back to 4.1.6 or use sssd.
>> Hi Steve, how about bug 10508 ??
> Hi Rowland,
> Yes, it looks possible.
> Could OP tell us if his ntadmins is local to /etc/group? Also, the what
> wbinfo --uid-to-sid=70028
> give us?
More information about the samba