[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 5 04:00:46 MDT 2015
really...
> winbind expand groups = 8
This wil make your authentication very slow..
for your problem, please post your complete smb.conf
im missing a lot..
Like..
## map id's outside to domain to tdb files.
idmap config * : backend = tdb
idmap config * : range = 2000-9999
## map ids from the domain and (*) the range may not overlap !
idmap config DOMAIN : backend = ad
idmap config DOMAIN : schema_mode = rfc2307
idmap config DOMAIN : range = 10000-3999999
# Use home directory and shell information from AD
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind expand groups = 3
find these files :
gencache_notrans.tdb
gencache.tdb
stop samba, remove these files, start samba.
run : net idmap delete
on both DC's.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: jmhunter1 at gmail.com
>[mailto:samba-bounces at lists.samba.org] Namens Jonathan Hunter
>Verzonden: vrijdag 5 juni 2015 11:45
>Aan: samba
>Onderwerp: [Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)
>
>Hi,
>
>I have now added rfc2307 to my domain - I extended the schema, have
>added UIDs to some (not all yet) of my users and groups, and have my
>smb.conf with this currently:
>
> idmap_ldb:use rfc2307 = yes
> winbind nss info = rfc2307
>
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind refresh tickets = Yes
> winbind expand groups = 8
>
> #idmap config *:range = 900000-999999
>
>This works just fine on one of my DCs, but the other is proving more
>problematic.
>
>See below for more detail on the process, but the issue is that right
>now, I now have hundreds (thousands) of messages appearing in syslog
>along the lines of:
>Unable to convert SID (S-1-1-0) at index 5 in user token to a GID.
>Conversion was returned as type 0, full token:
>
>'net cache list' confirms:
>Key: IDMAP/SID2XID/S-1-1-0 Timeout: 10:41:35 Value: -1:N
>
>I've uncommented the idmap line above, to no effect.
>
>The same config works just fine on the other DC.
>
>What can I check next?
>
>Thanks,
>
>Jonathan
>
>I can't explain the initial issues I had on this DC, either. After
>adding rfc2307, this DC simply wouldn't resolve the new UIDs I had
>added, despite running "net cache flush". Even when shutting samba
>down, then running "net cache flush", then starting samba back, I had
>a very weird time where running "id <user>" was just fine at first,
>returning the rfc2307-defined UID, but then running the same command a
>few seconds later, it had reverted back to 3000007!
>
>I finally used the following to restart - clearing out the idmap.ldb
>file - and this seemed to work better, but I still have the issue
>above:
>service samba4 stop;net cache flush;rm
>/usr/local/samba/private/idmap.ldb;service samba4 start
>
>--
>"If we knew what it was we were doing, it would not be called
>research, would it?"
> - Albert Einstein
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list