[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)
Jonathan Hunter
jmhunter1 at gmail.com
Fri Jun 5 03:44:47 MDT 2015
Hi,
I have now added rfc2307 to my domain - I extended the schema, have
added UIDs to some (not all yet) of my users and groups, and have my
smb.conf with this currently:
idmap_ldb:use rfc2307 = yes
winbind nss info = rfc2307
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind refresh tickets = Yes
winbind expand groups = 8
#idmap config *:range = 900000-999999
This works just fine on one of my DCs, but the other is proving more
problematic.
See below for more detail on the process, but the issue is that right
now, I now have hundreds (thousands) of messages appearing in syslog
along the lines of:
Unable to convert SID (S-1-1-0) at index 5 in user token to a GID.
Conversion was returned as type 0, full token:
'net cache list' confirms:
Key: IDMAP/SID2XID/S-1-1-0 Timeout: 10:41:35 Value: -1:N
I've uncommented the idmap line above, to no effect.
The same config works just fine on the other DC.
What can I check next?
Thanks,
Jonathan
I can't explain the initial issues I had on this DC, either. After
adding rfc2307, this DC simply wouldn't resolve the new UIDs I had
added, despite running "net cache flush". Even when shutting samba
down, then running "net cache flush", then starting samba back, I had
a very weird time where running "id <user>" was just fine at first,
returning the rfc2307-defined UID, but then running the same command a
few seconds later, it had reverted back to 3000007!
I finally used the following to restart - clearing out the idmap.ldb
file - and this seemed to work better, but I still have the issue
above:
service samba4 stop;net cache flush;rm
/usr/local/samba/private/idmap.ldb;service samba4 start
--
"If we knew what it was we were doing, it would not be called
research, would it?"
- Albert Einstein
More information about the samba
mailing list