[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)
Rowland Penny
rowlandpenny at googlemail.com
Fri Jun 5 04:13:09 MDT 2015
On 05/06/15 10:44, Jonathan Hunter wrote:
> Hi,
>
> I have now added rfc2307 to my domain - I extended the schema, have
> added UIDs to some (not all yet) of my users and groups, and have my
> smb.conf with this currently:
>
> idmap_ldb:use rfc2307 = yes winbind nss info = rfc2307
>
> winbind use default domain = Yes winbind enum users = Yes winbind
> enum groups = Yes winbind refresh tickets = Yes winbind expand groups
> = 8
>
> #idmap config *:range = 900000-999999
>
> This works just fine on one of my DCs, but the other is proving more
> problematic.
>
> See below for more detail on the process, but the issue is that
> right now, I now have hundreds (thousands) of messages appearing in
> syslog along the lines of: Unable to convert SID (S-1-1-0) at index 5
> in user token to a GID. Conversion was returned as type 0, full
> token:
>
> 'net cache list' confirms: Key: IDMAP/SID2XID/S-1-1-0 Timeout:
> 10:41:35 Value: -1:N
>
> I've uncommented the idmap line above, to no effect.
>
> The same config works just fine on the other DC.
>
> What can I check next?
>
> Thanks,
>
> Jonathan
>
> I can't explain the initial issues I had on this DC, either. After
> adding rfc2307, this DC simply wouldn't resolve the new UIDs I had
> added, despite running "net cache flush". Even when shutting samba
> down, then running "net cache flush", then starting samba back, I
> had a very weird time where running "id <user>" was just fine at
> first, returning the rfc2307-defined UID, but then running the same
> command a few seconds later, it had reverted back to 3000007!
>
> I finally used the following to restart - clearing out the idmap.ldb
> file - and this seemed to work better, but I still have the issue
> above: service samba4 stop;net cache flush;rm
> /usr/local/samba/private/idmap.ldb;service samba4 start
>
Hi, what do you mean 'I extended the schema' ?
How did you extend the schema and with what ?
Rowland
More information about the samba
mailing list