[Samba] Added RFC2307 --> Unable to convert SID (S-1-1-0)

Jonathan Hunter jmhunter1 at gmail.com
Fri Jun 5 04:36:39 MDT 2015 

Thank you Lous - appreciated.

On 5 June 2015 at 11:00, L.P.H. van Belle <belle at bazuin.nl> wrote:
> really...
>>        winbind expand groups = 8
> This wil make your authentication very slow..

Understood - I had that in from something else. Have commented it out
for now, although I think it's unrelated to this :)

> for your problem, please post your complete smb.conf
> im missing a lot..

See below - ta.

> find these files :
> gencache_notrans.tdb
> gencache.tdb
>
> stop samba, remove these files, start samba.

That didn't make a difference, unfortunately :(

> run : net idmap delete

Is this different from 'net cache flush' (I guess so) - wouldn't this
be cleared out by removing the tdb files though? The 'net idmap
delete' command needs parameters and SIDs etc.. which would you
recommend clearing?

> on both DC's.

That's an interesting point - I had been doing this on the
problematic/faulty DC only. Would clearing any of these on the other
DC have any effect on the problematic one??

smb.conf (sanitised etc):

[global]
        log level = 0
        workgroup = MYDOMAIN
        realm = mydomain.my.tld
        netbios name = MYSERVERNAME
        server role = active directory domain controller
        interfaces = eth0 lo
        bind interfaces only = yes
        server services = -dns
        dsdb:schema update allowed = true

        idmap_ldb:use rfc2307 = yes
        winbind nss info = rfc2307
        winbind use default domain = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind refresh tickets = Yes
        #winbind expand groups = 8

        idmap config *:backend = tdb
        idmap config *:range = 9000000-9099999

        #idmap config MYDOMAIN:range = 10000-99999
        #idmap config MYDOMAIN:backend = ad
        #idmap config MYDOMAIN:schema_mode = rfc2307

        template shell = /bin/bash
        #log file = /usr/local/samba/var/log.%I
        include = /usr/local/samba/etc/smb.conf-%I

        load printers = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/mydomain.my.tld/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[printers]
        path = /var/spool/samba
        printable = yes
        printing = CUPS

[print$]
        path = /usr/local/samba/var/print$
        comment = Printer Drivers
        writeable = yes

[users]
        path = /home
        read only = no

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list