[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)

L.P.H. van Belle belle at bazuin.nl
Fri Jun 5 04:00:46 MDT 2015 

really... 
>        winbind expand groups = 8 
This wil make your authentication very slow.. 

for your problem, please post your complete smb.conf
im missing a lot.. 
Like..  
        ## map id's outside to domain to tdb files.
        idmap config * : backend = tdb
        idmap config * : range = 2000-9999
        ## map ids from the domain and (*) the range may not overlap !
        idmap config DOMAIN : backend = ad
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000-3999999

        # Use home directory and shell information from AD
        winbind nss info = rfc2307

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind expand groups = 3


find these files : 
gencache_notrans.tdb
gencache.tdb

stop samba, remove these files, start samba. 
run : net idmap delete

on both DC's. 

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: jmhunter1 at gmail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Jonathan Hunter
>Verzonden: vrijdag 5 juni 2015 11:45
>Aan: samba
>Onderwerp: [Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)
>
>Hi,
>
>I have now added rfc2307 to my domain - I extended the schema, have
>added UIDs to some (not all yet) of my users and groups, and have my
>smb.conf with this currently:
>
>        idmap_ldb:use rfc2307 = yes
>        winbind nss info = rfc2307
>
>        winbind use default domain = Yes
>        winbind enum users = Yes
>        winbind enum groups = Yes
>        winbind refresh tickets = Yes
>        winbind expand groups = 8
>
>        #idmap config *:range = 900000-999999
>
>This works just fine on one of my DCs, but the other is proving more
>problematic.
>
>See below for more detail on the process, but the issue is that  right
>now, I now have hundreds (thousands) of messages appearing in syslog
>along the lines of:
>Unable to convert SID (S-1-1-0) at index 5 in user token to a GID.
>Conversion was returned as type 0, full token:
>
>'net cache list' confirms:
>Key: IDMAP/SID2XID/S-1-1-0       Timeout: 10:41:35       Value: -1:N
>
>I've uncommented the idmap line above, to no effect.
>
>The same config works just fine on the other DC.
>
>What can I check next?
>
>Thanks,
>
>Jonathan
>
>I can't explain the initial issues I had on this DC, either. After
>adding rfc2307, this DC simply wouldn't resolve the new UIDs I had
>added, despite running "net cache flush". Even when shutting samba
>down, then running "net cache flush", then starting samba back, I had
>a very weird time where running "id <user>" was just fine at first,
>returning the rfc2307-defined UID, but then running the same command a
>few seconds later, it had reverted back to 3000007!
>
>I finally used the following to restart - clearing out the idmap.ldb
>file - and this seemed to work better, but I still have the issue
>above:
>service samba4 stop;net cache flush;rm
>/usr/local/samba/private/idmap.ldb;service samba4 start
>
>-- 
>"If we knew what it was we were doing, it would not be called
>research, would it?"
>      - Albert Einstein
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list