[Samba] Samba 4 AD share: Access denied

Ryan Ashley ryana at reachtechfp.com
Wed Jul 30 08:18:15 MDT 2014

Sorry for the delay. I am in eastern time and have been busy with 
another project. I cannot convert that ID to SID. In Windows however, 
this shows as "SYSTEM". How do I know? Simple, there are only three 
things listed. Those are "Domain Admins", "Administration", and 
"SYSTEM". Also, what do you mean by "ntadmins" being local? I have added 
no groups to the Linux systems, so if you're asking if it is a local 
group on the Linux box, no it is not. I can remove the SYSTEM account 
from the share if needed, but it is on all Windows shares as well and 
causes no issues.

failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 70028 to sid

On 7/30/2014 6:01 AM, steve wrote:
> On Tue, 2014-07-29 at 19:47 +0100, Rowland Penny wrote:
>> On 29/07/14 18:42, steve wrote:
>>> On Tue, 2014-07-29 at 18:18 +0100, Rowland Penny wrote:
>>>> On 29/07/14 18:01, Ryan Ashley wrote:
>>>>> Yes, I see all domain users and groups, getent works with passwd and
>>>>> with any domain group, and shows things as they should be. Every group
>>>>> has a unique gid.
>>>> OK, then on paper everything is working as it should be, I cannot think
>>>> of anything else to do, anybody else have any input ???
>>>> If nobody else has any input, it may be time to file a bug against samba.
>>> Hi
>>> Our money is on the builtin acl which has started appearing in recent
>>> samba versions and explained earlier in this thread. winbind maps this
>>> group to a number in the idmap * range. This number does not coincide
>>> with the hard wired xidNumber in the separate idmap db on the DC.
>>> Otherwise, have one final check on winbind:
>>> http://linuxcostablanca.blogspot.com.es/2014/06/samba4-winbind-desperation.html
>>> If still nothing, go back to 4.1.6 or use sssd.
>>> HTH,
>>> Steve
>> Hi Steve, how about bug 10508 ??
>> https://bugzilla.samba.org/show_bug.cgi?id=10508
>> Rowland
> Hi Rowland,
> Yes, it looks possible.
> Could OP tell us if his ntadmins is local to /etc/group? Also, the what
> does:
>   wbinfo --uid-to-sid=70028
> give us?
> Steve

More information about the samba mailing list